Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RansomWare Victim


  • This topic is locked This topic is locked
20 replies to this topic

#1 Soulamiss

Soulamiss

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 February 2015 - 01:12 PM

Hi,

I have recently been infected with a ransomware virus that has encrypted all my files. I do not know how to identify what it is calling itself to search for a decryption key. I am seriously in need of help. I do not have backups of anything. This will be something I remedy going forward...so backup suggestions/help would also be appreciated. I am in desperate need of help. Can someone please, please, pleeeeeeeeeeeeeaaaaaaaassssseeeee help me?

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 11 February 2015 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is the infection - CryptoWall and HELP_DECRYPT Ransomware Information Guide
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

Other than paying the ransom if it's not too late there is nothing we can do to restore your files.
I know one thing I would not trust them, your call.

If you want us to clean what has been left over the the infections please run these tools and submit the logs for my review.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 14 February 2015 - 10:28 AM

# AdwCleaner v4.110 - Logfile created 13/02/2015 at 04:50:50
# Updated 05/02/2015 by Xplode
# Database : 2015-02-12.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : I'm Lee - SASSAFRASQUATCH
# Running from : C:\Users\I'm Lee\Desktop\adwcleaner_4.110.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

*************************

AdwCleaner[R0].txt - [3388 bytes] - [11/02/2015 19:56:10]
AdwCleaner[R1].txt - [3368 bytes] - [12/02/2015 16:55:34]
AdwCleaner[R2].txt - [452 bytes] - [12/02/2015 19:24:53]
AdwCleaner[R3].txt - [1003 bytes] - [12/02/2015 20:11:23]
AdwCleaner[S0].txt - [3364 bytes] - [12/02/2015 19:06:35]
AdwCleaner[S1].txt - [932 bytes] - [13/02/2015 04:50:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [990  bytes] ##########



#4 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 14 February 2015 - 10:35 AM

Farbar Service Scanner Version: 17-01-2015
Ran by I'm Lee (administrator) on 14-02-2015 at 09:30:03
Running from "C:\Users\I'm Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BWURRY9C"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#5 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 14 February 2015 - 10:38 AM

I'm not seeing the Addition.txt



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 14 February 2015 - 01:49 PM

I'm not seeing the Addition.txt

That's because you did not download and run the Farbar tool I suggested.

You have executed an other of Farbar's tool the Farbar Service Scanner Version.

#7 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 14 February 2015 - 02:58 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-02-2015
Ran by I'm Lee (administrator) on SASSAFRASQUATCH on 14-02-2015 13:48:45
Running from C:\Users\I'm Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75P6P261
Loaded Profiles: I'm Lee (Available profiles: I'm Lee & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
() C:\Windows\FrameworkUpdate\Update.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Alexander Roshal) C:\Users\I'MLEE~1\AppData\Local\Temp\2780.tmp
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Users\I'MLEE~1\AppData\Local\Temp\48D3.tmp
(Microsoft Corporation) C:\Users\I'MLEE~1\AppData\Local\Temp\4CAA.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Alexander Roshal) C:\Users\I'MLEE~1\AppData\Local\Temp\1CEE.tmp
(Alexander Roshal) C:\Users\I'MLEE~1\AppData\Local\Temp\1C22.tmp
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
() C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\NAPSTAT.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Winlogon\Notify\ninjbdr-x32: C:\Users\I'm Lee\AppData\Local\ninjbdr.dll ()
HKLM\...\Policies\Explorer\Run: [1789926509] => C:\ProgramData\msucyna.exe [149504 2013-08-28] ( ())
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [Spotify Web Helper] => C:\Users\I'm Lee\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-23] (Spotify Ltd)
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [Google Update] => C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-07-14] (Google Inc.)
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [ganteec] => rundll32 "C:\Users\I'm Lee\AppData\Local\ganteec.dll",ganteec <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [gnjbdar] => rundll32 "C:\Users\I'm Lee\AppData\Local\gnjbdar.dll",gnjbdar <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [gunjbdr] => rundll32 "C:\Users\I'm Lee\AppData\Local\gunjbdr.dll",gunjbdr <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [ninjbdr] => rundll32 "C:\Users\I'm Lee\AppData\Local\ninjbdr.dll",ninjbdr <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [KubpIgte] => regsvr32.exe "C:\ProgramData\KubpIgte\HufoYokha.rwp"
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [fcd873a] => C:\fcd873af\fcd873af.exe [246272 2015-02-14] ()
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\RunOnce: [*cd873a] => C:\fcd873af\fcd873af.exe [246272 2015-02-14] ()
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\RunOnce: [*cd873af] => C:\Users\I'm Lee\AppData\Roaming\fcd873af.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer\Run: [1789926509] => C:\Users\I'MLEE~1\AppData\Roaming\msucyna.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fcd873af.exe ()
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstorpay22.com/1dt9N65

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {12C09150-9E94-4807-8025-D9D5B212327C} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> {12C09150-9E94-4807-8025-D9D5B212327C} URL = http://www.bing.com/search?q={searchTerms}
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll ()
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013
FF SelectedSearchEngine: search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\I'm Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\I'm Lee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\I'm Lee\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @talk.google.com/O1DPlugin -> C:\Users\I'm Lee\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @tools.google.com/Google Update;version=3 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @tools.google.com/Google Update;version=9 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\I'm Lee\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\I'm Lee\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: DownloadHelper - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-10]
FF Extension: MEGA - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\firefox@mega.co.nz.xpi [2014-01-22]
FF Extension: Greasemonkey - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S4 MozillaMaintenance; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [114800 2015-02-01] (Mozilla Foundation) [File not signed]
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2012-11-19] () [File not signed]
S4 p2csvc; C:\Windows\system32\p2csvc.exe [67072 2008-07-25] (Panasonic Corporation)
S4 p2csvc32; C:\Windows\SysWOW64\p2csvc32.exe [61440 2008-07-25] (Panasonic Corporation)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025920 2015-02-07] (Enigma Software Group USA, LLC.)
S4 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2009-10-30] (Smith Micro Software, Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SystemUpdate; C:\Windows\FrameworkUpdate\Update.exe [92160 2015-02-11] () [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-07] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) [File not signed]
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-12-27] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 p2usb; C:\Windows\System32\DRIVERS\p2usb.sys [30208 2011-05-23] (Panasonic Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2010-02-26] () [File not signed]
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2010-02-26] () [File not signed]
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2010-02-26] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 13:48 - 2015-02-14 13:49 - 00000000 ____D () C:\FRST
2015-02-14 09:30 - 2015-02-14 09:30 - 00001208 _____ () C:\Users\I'm Lee\Desktop\FSS.txt
2015-02-14 08:18 - 2015-02-14 08:18 - 00000000 ___HD () C:\fcd873af
2015-02-13 09:11 - 2015-02-13 09:11 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-02-11 19:54 - 2015-02-14 08:57 - 00000000 ____D () C:\AdwCleaner
2015-02-11 19:52 - 2015-02-11 19:53 - 02112512 _____ () C:\Users\I'm Lee\Desktop\adwcleaner_4.110.exe
2015-02-11 19:01 - 2015-02-11 19:16 - 00002073 _____ () C:\Users\I'm Lee\Desktop\virus.txt
2015-02-11 18:01 - 2015-02-11 18:01 - 00008722 _____ () C:\Users\HELP_DECRYPT.HTML
2015-02-11 18:01 - 2015-02-11 18:01 - 00008722 _____ () C:\HELP_DECRYPT.HTML
2015-02-11 18:01 - 2015-02-11 18:01 - 00000304 _____ () C:\Users\HELP_DECRYPT.URL
2015-02-11 18:01 - 2015-02-11 18:01 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-02-11 17:51 - 2015-02-11 17:51 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\ninjbdr.dll
2015-02-11 17:41 - 2015-02-11 17:41 - 00008722 _____ () C:\Users\Administrator\HELP_DECRYPT.HTML
2015-02-11 17:41 - 2015-02-11 17:41 - 00008722 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-11 17:41 - 2015-02-11 17:41 - 00008722 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-02-11 17:41 - 2015-02-11 17:41 - 00008722 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-02-11 17:41 - 2015-02-11 17:41 - 00000304 _____ () C:\Users\Administrator\HELP_DECRYPT.URL
2015-02-11 17:41 - 2015-02-11 17:41 - 00000304 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-02-11 17:41 - 2015-02-11 17:41 - 00000304 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-02-11 17:41 - 2015-02-11 17:41 - 00000304 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-02-11 17:30 - 2015-02-11 17:30 - 00000000 ____D () C:\Windows\FrameworkUpdate
2015-02-10 23:57 - 2015-02-14 08:19 - 00004304 _____ () C:\Users\I'm Lee\Desktop\HELP_DECRYPT.TXT
2015-02-10 20:22 - 2015-02-10 20:22 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\gunjbdr.dll
2015-02-09 21:16 - 2015-02-11 02:55 - 00000000 ____D () C:\Users\I'm Lee\Desktop\testdisk-7.0-WIP
2015-02-09 21:13 - 2015-02-09 21:15 - 12279693 _____ () C:\Users\I'm Lee\Desktop\testdisk-7.0-WIP.win.zip
2015-02-09 12:54 - 2015-02-09 12:54 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\gnjbdar.dll
2015-02-08 17:58 - 2015-02-09 21:01 - 00001732 _____ () C:\Users\I'm Lee\Desktop\Computer.lnk
2015-02-08 17:58 - 2015-02-09 21:01 - 00000288 _____ () C:\Users\I'm Lee\AppData\Roaming\B9DF32E6.reg
2015-02-08 17:48 - 2015-02-08 19:25 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\ganteec.dll
2015-02-08 17:48 - 2015-02-08 17:49 - 141558032 ____H () C:\Users\I'm Lee\MasterCollection_CS6_LS16.7z.h66
2015-02-08 09:37 - 2015-02-08 09:37 - 00003282 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-02-07 23:19 - 2015-02-08 09:05 - 00001323 _____ () C:\Users\I'm Lee\Desktop\SpyHunter.lnk
2015-02-07 23:19 - 2015-02-07 23:19 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-02-07 23:19 - 2015-02-07 23:19 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Enigma Software Group
2015-02-07 23:19 - 2015-02-07 23:19 - 00000000 ____D () C:\sh4ldr
2015-02-07 23:19 - 2015-02-07 23:19 - 00000000 _____ () C:\autoexec.bat
2015-02-07 23:17 - 2015-02-07 23:17 - 02347384 _____ (ESET) C:\Users\I'm Lee\Desktop\esetsmartinstaller_enu.exe
2015-02-07 23:17 - 2015-02-07 23:17 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-07 23:17 - 2015-02-07 23:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-02-07 23:16 - 2015-02-07 23:17 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\I'm Lee\Desktop\SpyHunter-Installer.exe
2015-02-07 21:12 - 2015-02-07 21:12 - 01416088 _____ (Kaspersky Lab ZAO) C:\Users\I'm Lee\Desktop\rakhnidecryptor.exe
2015-02-07 19:22 - 2015-02-14 08:19 - 00008722 _____ () C:\Users\I'm Lee\Desktop\HELP_DECRYPT.HTML
2015-02-07 19:22 - 2015-02-14 08:19 - 00000304 _____ () C:\Users\I'm Lee\Desktop\HELP_DECRYPT.URL
2015-02-07 11:27 - 2015-02-13 04:55 - 00000498 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-02-07 11:27 - 2015-02-07 13:52 - 00000000 _____ () C:\FileRecovery.log
2015-02-07 11:27 - 2015-02-07 11:27 - 02936816 _____ (ParetoLogic) C:\Users\I'm Lee\Desktop\Pareto_DR_Setup_RW.exe
2015-02-07 11:27 - 2015-02-07 11:27 - 00002928 _____ () C:\Windows\System32\Tasks\ParetoLogic Update Version3 Startup Task
2015-02-07 11:27 - 2015-02-07 11:27 - 00001209 _____ () C:\Users\I'm Lee\Desktop\Data Recovery Pro.lnk
2015-02-07 10:13 - 2014-12-17 13:40 - 00785592 _____ (Kaspersky Lab ZAO) C:\Users\I'm Lee\Desktop\RectorDecryptor (2).exe
2015-02-06 17:41 - 2015-02-11 16:48 - 00000432 ____H () C:\ProgramData\@system3.att
2015-02-06 17:41 - 2015-02-11 16:47 - 00000696 _____ () C:\ProgramData\@system.temp
2015-02-06 17:41 - 2015-02-06 17:41 - 00000480 ____H () C:\Users\I'm Lee\AppData\Roaming\麽鎒駓覜
2015-02-06 17:40 - 2015-02-11 17:52 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\FrameworkUpdate
2015-02-06 17:21 - 2015-02-06 17:21 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\www.shadowexplorer.com
2015-02-06 17:20 - 2015-02-06 17:20 - 00001847 _____ () C:\Users\I'm Lee\Desktop\ShadowExplorer.lnk
2015-02-06 17:20 - 2015-02-06 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-02-06 17:20 - 2015-02-06 17:20 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-02-06 17:19 - 2015-02-06 17:19 - 00969845 _____ (ShadowExplorer.com ) C:\Users\I'm Lee\Desktop\ShadowExplorer-0.9-setup.exe
2015-02-05 18:57 - 2015-02-05 18:57 - 00000485 _____ () C:\Users\I'm Lee\Desktop\New Text Document.txt
2015-02-05 08:13 - 2015-02-11 18:01 - 00008722 _____ () C:\Users\I'm Lee\HELP_DECRYPT.HTML
2015-02-05 08:13 - 2015-02-11 18:01 - 00000304 _____ () C:\Users\I'm Lee\HELP_DECRYPT.URL
2015-02-05 07:02 - 2015-02-05 07:02 - 00008658 _____ () C:\Users\I'm Lee\Downloads\HELP_DECRYPT.HTML
2015-02-05 07:02 - 2015-02-05 07:02 - 00000304 _____ () C:\Users\I'm Lee\Downloads\HELP_DECRYPT.URL
2015-02-05 06:52 - 2015-02-05 06:52 - 00008658 _____ () C:\Users\I'm Lee\Documents\HELP_DECRYPT.HTML
2015-02-05 06:52 - 2015-02-05 06:52 - 00000304 _____ () C:\Users\I'm Lee\Documents\HELP_DECRYPT.URL
2015-02-04 19:37 - 2015-02-04 19:37 - 00008658 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-04 19:37 - 2015-02-04 19:37 - 00008658 _____ () C:\Users\I'm Lee\AppData\HELP_DECRYPT.HTML
2015-02-04 19:37 - 2015-02-04 19:37 - 00000304 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.URL
2015-02-04 19:37 - 2015-02-04 19:37 - 00000304 _____ () C:\Users\I'm Lee\AppData\HELP_DECRYPT.URL
2015-02-04 19:35 - 2015-02-04 19:35 - 00008658 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.HTML
2015-02-04 19:35 - 2015-02-04 19:35 - 00000304 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.URL
2015-02-04 19:31 - 2015-02-04 19:31 - 00008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-04 19:31 - 2015-02-04 19:31 - 00000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2015-02-04 19:29 - 2015-02-04 19:37 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Local Store
2015-02-04 19:22 - 2015-02-11 17:52 - 00000000 ____D () C:\ProgramData\KubpIgte
2015-01-23 17:45 - 2015-02-04 19:37 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Spotify
2015-01-23 17:45 - 2015-02-04 19:35 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Spotify
2015-01-23 17:45 - 2015-01-23 17:45 - 00001812 _____ () C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-14 13:23 - 2012-06-17 07:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-14 13:02 - 2013-07-08 21:53 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\SoulseekQt
2015-02-14 13:00 - 2014-03-27 16:23 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA1cf4a0b37af2ce2.job
2015-02-14 09:29 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-14 09:29 - 2009-07-13 22:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-14 08:23 - 2014-09-25 00:09 - 00786944 ___SH () C:\Users\I'm Lee\Desktop\Thumbs.db
2015-02-14 02:02 - 2010-01-27 16:01 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Adobe
2015-02-14 02:00 - 2013-07-14 00:26 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core.job
2015-02-13 09:02 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-13 04:54 - 2013-11-10 01:00 - 00137064 _____ () C:\Windows\setupact.log
2015-02-13 04:54 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-12 19:56 - 2014-12-28 17:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-02-12 19:09 - 2011-04-23 16:50 - 00070796 _____ () C:\lxda.log
2015-02-11 19:31 - 2013-11-10 21:20 - 00331024 _____ () C:\Windows\PFRO.log
2015-02-11 18:01 - 2010-01-22 20:49 - 00000000 ____D () C:\Users\I'm Lee
2015-02-11 17:41 - 2014-12-28 14:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2015-02-11 17:41 - 2014-12-28 14:42 - 00000000 ____D () C:\Users\Administrator
2015-02-11 17:39 - 2013-07-19 17:42 - 00000000 ___RD () C:\Sandbox
2015-02-11 17:37 - 2012-07-01 13:57 - 00000000 ____D () C:\Qoobox
2015-02-11 17:37 - 2010-05-03 14:48 - 00000000 ____D () C:\lexmark
2015-02-11 17:36 - 2010-01-14 02:49 - 00000000 ____D () C:\dell
2015-02-10 20:46 - 2009-07-13 23:10 - 01570232 _____ () C:\Windows\WindowsUpdate.log
2015-02-09 04:54 - 2009-07-13 23:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-08 20:41 - 2010-01-23 02:09 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\vlc
2015-02-07 22:47 - 2014-12-28 11:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-07 22:34 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-02-07 21:43 - 2013-05-24 19:22 - 00000000 ____D () C:\Users\I'm Lee\Desktop\New folder
2015-02-06 17:52 - 2014-07-25 02:00 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Hagie
2015-02-05 19:21 - 2010-01-14 01:22 - 00000000 ____D () C:\ProgramData\Adobe
2015-02-05 18:30 - 2013-05-03 13:40 - 00000000 ____D () C:\Users\I'm Lee\Documents\Image-Line
2015-02-05 18:30 - 2012-09-08 20:39 - 00000000 ____D () C:\Users\I'm Lee\Documents\Amazon MP3
2015-02-05 18:30 - 2010-03-06 15:50 - 00000000 ____D () C:\Users\I'm Lee\Documents\EA Games
2015-02-05 08:13 - 2014-12-27 22:32 - 00000000 ____D () C:\VIPRERESCUE
2015-02-05 08:11 - 2010-01-26 16:23 - 00000000 ____D () C:\Users\I'm Lee\Scripts
2015-02-05 07:02 - 2014-09-18 08:36 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Duck Tales Disk I 720p DVDRip AC3 Hindi x264-SnowDoN
2015-02-05 07:00 - 2014-09-18 08:39 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Chip n' Dale Rescue Rangers Season 1
2015-02-05 06:56 - 2014-09-18 08:33 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Alvin And The Chipmunks
2015-02-05 06:42 - 2013-09-28 14:16 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Talent
2015-02-05 06:42 - 2013-03-25 17:45 - 00000000 ____D () C:\Users\I'm Lee\Desktop\The Magic of Making Up
2015-02-05 06:28 - 2013-11-22 12:11 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Skits
2015-02-05 06:28 - 2011-03-21 14:04 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Projects
2015-02-05 01:55 - 2014-03-27 16:23 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA1cf4a0b37af2ce2
2015-02-05 01:55 - 2013-07-14 00:26 - 00003494 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core
2015-02-04 19:57 - 2013-11-17 23:21 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Linda
2015-02-04 19:56 - 2014-10-13 18:23 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Ebay Items
2015-02-04 19:56 - 2012-07-14 09:51 - 00000000 ____D () C:\Users\I'm Lee\CS6 Master Collection
2015-02-04 19:37 - 2014-08-15 03:23 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\PopcornTime
2015-02-04 19:37 - 2014-07-13 06:13 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\thriXXX
2015-02-04 19:37 - 2013-05-14 21:36 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Skype
2015-02-04 19:37 - 2013-05-03 13:40 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Image-Line
2015-02-04 19:37 - 2013-05-03 13:40 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\FlowStone
2015-02-04 19:37 - 2013-04-19 09:17 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Winamp
2015-02-04 19:37 - 2012-07-06 10:04 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-02-04 19:37 - 2011-09-08 15:39 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\NCH Software
2015-02-04 19:37 - 2011-08-23 09:10 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\PCDr
2015-02-04 19:37 - 2010-05-24 15:23 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\NavNet Solutions
2015-02-04 19:37 - 2010-05-18 16:45 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\uTorrent
2015-02-04 19:37 - 2010-03-29 14:44 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Facebook
2015-02-04 19:37 - 2010-02-28 11:29 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Azureus
2015-02-04 19:37 - 2010-01-23 22:08 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Roxio
2015-02-04 19:37 - 2010-01-23 00:00 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Mozilla
2015-02-04 19:37 - 2010-01-22 20:52 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Dell
2015-02-04 19:36 - 2013-03-03 18:19 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
2015-02-04 19:36 - 2010-01-29 19:26 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Apple Computer
2015-02-04 19:36 - 2010-01-22 20:54 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Adobe
2015-02-04 19:35 - 2014-10-02 22:21 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Skype
2015-02-04 19:35 - 2010-11-13 09:08 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Smith Micro
2015-02-04 19:35 - 2010-01-23 00:00 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Mozilla
2015-02-04 19:35 - 2010-01-22 20:52 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\VirtualStore
2015-02-04 19:34 - 2010-01-30 13:01 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Microsoft Games
2015-02-04 19:33 - 2013-06-12 17:46 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Facebook
2015-02-04 19:33 - 2012-11-15 14:17 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Google
2015-02-04 19:33 - 2012-01-29 02:48 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Freenet
2015-02-04 19:33 - 2011-11-09 18:34 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Akamai
2015-02-04 19:33 - 2010-01-29 19:26 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Apple Computer
2015-02-04 19:31 - 2013-03-11 18:19 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdServices
2015-02-04 19:31 - 2013-03-04 10:56 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-02-04 19:26 - 2010-01-14 01:36 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-04 19:23 - 2013-06-03 20:38 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-04 19:23 - 2010-02-28 11:29 - 00000000 ____D () C:\ProgramData\Azureus
2015-02-02 18:23 - 2012-05-13 15:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-02 14:59 - 2010-02-04 17:03 - 11837284 _____ () C:\Users\I'm Lee\Documents\Playlist Ultimo.m3u
2015-02-02 13:27 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-02-01 14:48 - 2013-11-05 14:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-15 03:05 - 2013-11-20 15:36 - 00854930 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-15 03:05 - 2009-07-13 23:13 - 00854930 _____ () C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories =======

2015-02-08 17:58 - 2015-02-09 21:01 - 0000288 _____ () C:\Users\I'm Lee\AppData\Roaming\B9DF32E6.reg
2013-04-11 17:49 - 2013-04-11 17:49 - 0369024 _____ (Microsoft Corporation) C:\Users\I'm Lee\AppData\Roaming\BtvStack.dll
2012-11-17 17:03 - 2012-11-17 17:03 - 0000384 _____ () C:\Users\I'm Lee\AppData\Roaming\fp.txt
2015-02-04 19:37 - 2015-02-04 19:37 - 0008658 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-04 19:37 - 2015-02-04 19:37 - 0045887 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-04 19:37 - 2015-02-04 19:37 - 0000304 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.URL
2015-02-08 17:58 - 2015-02-09 21:01 - 0009728 _____ () C:\Users\I'm Lee\AppData\Roaming\mcp.ico
2010-01-24 18:11 - 2010-01-24 18:11 - 0012358 _____ () C:\Users\I'm Lee\AppData\Roaming\PFP100JCM.{PB
2010-01-24 18:11 - 2010-01-24 18:11 - 0061678 _____ () C:\Users\I'm Lee\AppData\Roaming\PFP100JPR.{PB
2015-02-06 17:41 - 2015-02-06 17:41 - 0000480 ____H () C:\Users\I'm Lee\AppData\Roaming\麽鎒駓覜
2011-12-04 16:44 - 2011-12-04 17:09 - 0010864 ____S () C:\Users\I'm Lee\AppData\Local\0d16ps5l74g467
2011-12-17 14:25 - 2011-12-17 15:25 - 0011096 ____S () C:\Users\I'm Lee\AppData\Local\313055a4m715j113g838v8avg1e3
2011-04-07 12:00 - 2011-04-07 15:01 - 0011494 ____S () C:\Users\I'm Lee\AppData\Local\325cq8r6ceko405fg
2010-10-22 14:44 - 2013-10-31 18:51 - 0007680 _____ () C:\Users\I'm Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-08 17:48 - 2015-02-08 19:25 - 0023552 _____ () C:\Users\I'm Lee\AppData\Local\ganteec.dll
2015-02-09 12:54 - 2015-02-09 12:54 - 0023552 _____ () C:\Users\I'm Lee\AppData\Local\gnjbdar.dll
2015-02-10 20:22 - 2015-02-10 20:22 - 0023552 _____ () C:\Users\I'm Lee\AppData\Local\gunjbdr.dll
2015-02-04 19:35 - 2015-02-04 19:35 - 0008658 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.HTML
2015-02-04 19:35 - 2015-02-04 19:35 - 0045887 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.PNG
2015-02-04 19:35 - 2015-02-04 19:35 - 0000304 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.URL
2015-02-11 17:51 - 2015-02-11 17:51 - 0023552 _____ () C:\Users\I'm Lee\AppData\Local\ninjbdr.dll
2010-02-02 14:14 - 2010-02-02 14:14 - 0002120 _____ () C:\Users\I'm Lee\AppData\Local\rx_audio.Cache
2010-02-02 14:14 - 2010-02-02 14:14 - 0000000 _____ () C:\Users\I'm Lee\AppData\Local\rx_image32.Cache
2011-12-04 16:44 - 2011-12-04 17:09 - 0010864 ____S () C:\ProgramData\0d16ps5l74g467
2011-04-07 12:00 - 2011-04-07 15:01 - 0011494 ____S () C:\ProgramData\325cq8r6ceko405fg
2015-02-06 17:41 - 2015-02-11 16:47 - 0000696 _____ () C:\ProgramData\@system.temp
2015-02-06 17:41 - 2015-02-11 16:48 - 0000432 ____H () C:\ProgramData\@system3.att
2015-02-04 19:31 - 2015-02-04 19:31 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-04 19:31 - 2015-02-04 19:31 - 0045887 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-04 19:31 - 2015-02-04 19:31 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL
2013-10-09 19:17 - 2013-08-28 19:50 - 0149504 ___SH () C:\ProgramData\msucyna.exe

Files to move or delete:
====================
C:\ProgramData\msucyna.exe
C:\Users\I'm Lee\gotomypc_635.exe
C:\Users\I'm Lee\MasterCollection_CS6_LS16.exe

Some content of TEMP:
====================
C:\Users\I'm Lee\AppData\Local\Temp\2STW.dll
C:\Users\I'm Lee\AppData\Local\Temp\aptcpu.exe
C:\Users\I'm Lee\AppData\Local\Temp\BJci.dll
C:\Users\I'm Lee\AppData\Local\Temp\cfEt.dll
C:\Users\I'm Lee\AppData\Local\Temp\dtVC.dll
C:\Users\I'm Lee\AppData\Local\Temp\eBGY.dll
C:\Users\I'm Lee\AppData\Local\Temp\EsgInstallerx64Stub.exe
C:\Users\I'm Lee\AppData\Local\Temp\naLG.dll
C:\Users\I'm Lee\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\I'm Lee\AppData\Local\Temp\VrtC.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-03 18:46

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-02-2015
Ran by I'm Lee at 2015-02-14 13:51:03
Running from C:\Users\I'm Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\75P6P261
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 2.7.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Data Recovery Pro (HKLM-x32\...\{B1C2398C-6FAB-46D1-806C-5942F0829994}) (Version: 2.1.0.0 - ParetoLogic, Inc.)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EA Download Manager (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.4 - Electronic Arts, Inc.)
EA Download Manager UI (HKLM-x32\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.4 - Electronic Arts)
EA Download Manager UI (x32 Version: 6.0.4 - Electronic Arts) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Plug-In (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HMA! Pro VPN 2.7.1.7 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.7.1.7 - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0379.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Mail PassView (HKLM-x32\...\NirSoft Mail PassView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Panasonic P2 Drivers (HKLM\...\{6F0C8DA5-8F81-4330-90FD-CC94022BDCD7}) (Version: 2.17.0000 - )
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.12.04) (Version: 12.01.03 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.12.04 - ConeXware, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SoulseekQt (HKLM-x32\...\SoulseekQt) (Version:  - )
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.18.9.4384 - Enigma Software Group, LLC)
STK03N (HKLM-x32\...\{E83CD823-C522-4B71-B10A-E1088B3BD261}) (Version: 0.00.4 - Syntek)
StuffIt 2010 (HKLM\...\{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}) (Version: 14.0.0 - Smith Micro)
Systweak Advanced Windows Cleaner (Shareware Release) (HKLM-x32\...\Advanced Windows Cleaner (Shareware Release)_is1) (Version: 1.00.1 - © Systweak)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}) (Version:  - Electronic Arts)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office 2002 (HKLM-x32\...\WordPerfect Office 2002) (Version:  - )
WordPerfect Office 2002 (x32 Version: 10 - Corel) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-07 23:19 - 2015-02-07 23:19 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F652A27-CCC4-400A-A673-F3675ED61D42} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-12] (Facebook Inc.)
Task: {1057C27E-CAE0-4EF2-B1B2-41C7EDAE064D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core => C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {16EB7768-C245-4E1D-83E1-33CCDF6EDF10} - System32\Tasks\{4D669B8B-DA97-49A7-8601-8893F8240479} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {16FBC9C0-7268-45F3-B728-D0EE6E837DFD} - System32\Tasks\{66E0F5F1-0E6A-40FC-94A5-9B2DF9A99B27} => pcalua.exe -a C:\Users\I'MLEE~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Users\I'm Lee\AppData\Roaming"
Task: {1B00ABD6-CB6B-41B5-9343-C3575B1220C6} - System32\Tasks\{323B3CA9-0878-47CF-A9AF-3DA97ECC674A} => pcalua.exe -a "C:\Program Files (x86)\PowerArchiver\_PAsetup.exe" -d "C:\Program Files (x86)\PowerArchiver" -c /paassociate
Task: {2D3F5542-82E6-4701-BAD5-A6F489171E77} - System32\Tasks\{9F828C28-AFF1-42AF-B478-1EF7E1F3B51B} => pcalua.exe -a "C:\Program Files\FlashOffliner v1.0\1. Install FlashOffliner\FlashOffliner_v1.0.exe" -d "C:\Program Files\FlashOffliner v1.0\1. Install FlashOffliner"
Task: {43AC59BC-C230-4633-ACD9-C114F3BC57DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {47A43D9C-2076-455F-AFF6-7599EDA1894F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-12] (Facebook Inc.)
Task: {55C6083C-0297-4F2A-A396-F3A65BBA4841} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2015-02-07] (Enigma Software Group USA, LLC.)
Task: {7EDFC8E1-8338-43D0-A723-3CDEF28A6D4C} - System32\Tasks\{56C2CDFF-A7E8-4D46-B11C-2F8EF01EC563} => pcalua.exe -a "F:\Program Files\CDex_150\uninstall.exe" -d "F:\Program Files\CDex_150"
Task: {832D7103-F9B5-48DC-BE11-FCD8936D0B64} - System32\Tasks\{0A823AD7-67C3-4550-B14D-0CE2CE443565} => pcalua.exe -a "C:\Users\I'm Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9WD2C0U\setup.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {98AF0D27-FFE1-40FF-B40C-659C7FB54F18} - System32\Tasks\AdobeAAMUpdater-1.0-Sassafrasquatch-I'm Lee => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A708D289-B53E-457D-9141-2785B700E5C5} - System32\Tasks\{389BC286-1D34-4853-8016-0E04EB1088F2} => pcalua.exe -a "C:\Users\I'm Lee\Desktop\mailpv_setup.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {B145AC70-C952-4F8C-A468-42121357B88F} - System32\Tasks\{FAE36069-C2C8-451F-8102-96BD6CF5C736} => pcalua.exe -a "C:\Users\I'm Lee\Desktop\slsk157NS13e.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {B195FD63-AEBC-471A-A1A0-88B7F3107C0E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {BF7F992F-50FE-4BA4-9BEA-07B08455191F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {D494ADA5-7BFF-48CE-9BE1-EFE26101A18F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA1cf4a0b37af2ce2 => C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2013-07-14] (Google Inc.)
Task: {E460C062-CCC7-4623-BE29-A40F6EEB1438} - System32\Tasks\{19EF5447-DB3A-41AA-9698-9976D4F3CF9D} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\EP99\CSBin\PackageInstaller.exe" -d "C:\Users\I'm Lee\Documents\EA Games\The Sims™ 2 Double Deluxe\Downloads" -c "C:\Users\I'm Lee\Documents\EA Games\The Sims™ 2 Double Deluxe\Downloads\Upscale Modern.Sims2Pack"
Task: {ED42CE75-4DC1-4EBF-AA81-4F317E26C6A9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FDAF7C44-D423-4CCE-8239-5B64D57841F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core.job => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA.job => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core.job => C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA1cf4a0b37af2ce2.job => C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-02-11 17:30 - 2015-02-11 19:50 - 00092160 _____ () C:\Windows\FrameworkUpdate\Update.exe
2014-10-15 07:44 - 2014-10-15 07:44 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll
2013-07-08 12:19 - 2013-07-08 12:19 - 36528601 _____ () C:\Program Files (x86)\SoulseekQt\SoulseekQt.exe
2015-02-08 17:48 - 2015-02-08 19:25 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\ganteec.dll
2015-02-09 12:54 - 2015-02-09 12:54 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\gnjbdar.dll
2015-02-10 20:22 - 2015-02-10 20:22 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\gunjbdr.dll
2015-02-11 17:51 - 2015-02-11 17:51 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\ninjbdr.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-12 23:38 - 2012-09-12 23:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-10-11 13:06 - 2014-10-11 13:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-12 23:39 - 2012-09-12 23:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-02-04 19:37 - 2015-02-04 19:37 - 38714368 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\libcef.dll
2015-02-04 19:37 - 2015-02-04 19:37 - 00873472 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\ffmpegsumo.dll
2015-02-04 19:37 - 2015-02-04 19:37 - 16840880 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\NPSWF32.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 00237352 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-17 12:18 - 2013-04-17 12:18 - 00544817 _____ () C:\Program Files (x86)\SoulseekQt\libgcc_s_dw2-1.dll
2013-04-17 12:19 - 2013-04-17 12:19 - 00989805 _____ () C:\Program Files (x86)\SoulseekQt\libstdc++-6.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00417280 _____ () C:\Program Files (x86)\Winamp\nsutil.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00078848 _____ () C:\Program Files (x86)\Winamp\nde.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00023552 _____ () C:\Program Files (x86)\Winamp\System\albumart.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00174080 _____ () C:\Program Files (x86)\Winamp\System\auth.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\bmp.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00064512 _____ () C:\Program Files (x86)\Winamp\zlib.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00044544 _____ () C:\Program Files (x86)\Winamp\System\devices.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00016896 _____ () C:\Program Files (x86)\Winamp\System\dlmgr.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00014336 _____ () C:\Program Files (x86)\Winamp\System\filereader.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00019456 _____ () C:\Program Files (x86)\Winamp\System\gif.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00016384 _____ () C:\Program Files (x86)\Winamp\System\gracenote.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00623616 _____ () C:\Program Files (x86)\Winamp\System\jnetlib.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00154624 _____ () C:\Program Files (x86)\Winamp\System\jpeg.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00084480 _____ () C:\Program Files (x86)\Winamp\System\playlist.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00087552 _____ () C:\Program Files (x86)\Winamp\System\png.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00013824 _____ () C:\Program Files (x86)\Winamp\System\primo.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00021504 _____ () C:\Program Files (x86)\Winamp\System\tagz.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00035328 _____ () C:\Program Files (x86)\Winamp\System\timer.w5s
2012-06-28 09:42 - 2013-04-19 09:18 - 00091136 _____ () C:\Program Files (x86)\Winamp\System\xml.w5s
2012-06-28 09:42 - 2013-04-19 09:17 - 00068608 _____ () C:\Program Files (x86)\Winamp\Plugins\in_avi.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00102400 _____ () C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00072192 _____ () C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00061440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00043008 _____ () C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00007168 _____ () C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00109568 _____ () C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00049152 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mkv.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00164864 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00290816 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00052736 _____ () C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00075264 _____ () C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00023552 _____ () C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00253440 _____ () C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00016896 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00253440 _____ () C:\Program Files (x86)\Winamp\libsndfile.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00313344 _____ () C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00022528 _____ () C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00018432 _____ () C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 01737728 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00083968 _____ () C:\Program Files (x86)\Winamp\tataki.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00340992 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
2012-06-28 09:42 - 2013-04-19 09:17 - 00028160 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
2011-11-10 16:10 - 2013-04-19 09:17 - 00185344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00318976 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00294912 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00084480 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00124928 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00249856 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_devices.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00201728 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00240640 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00060928 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_android.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00170496 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00020480 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00118272 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00053760 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00113664 _____ () C:\Program Files (x86)\Winamp\Plugins\pmp_wifi.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00052224 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00028672 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00083456 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00033792 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
2012-06-28 09:42 - 2013-04-19 09:18 - 00032256 _____ () C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00057344 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
2012-06-28 09:42 - 2013-04-19 09:17 - 00025600 _____ () C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\I'm Lee\Local Settings:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Application Data:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temp:Ufgv67svm3nB1LfKJ7fdMKw
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:LXitVkSCafjKwPhs7Dcj0vrfwF
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:YFvpUAfy3Wj46HzFmtToFVaCnlEW

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-565956605-2893480571-1785055309-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: p2csvc => 2
MSCONFIG\Services: p2csvc32 => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: Stuffit Archive Name Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^P2 Card Manager.lnk => C:\Windows\pss\P2 Card Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK03N PNP Monitor.lnk => C:\Windows\pss\STK03N PNP Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\I'm Lee\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Facebook Update => "C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Spotify => "C:\Users\I'm Lee\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\I'm Lee\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\I'm Lee\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-565956605-2893480571-1785055309-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-565956605-2893480571-1785055309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565956605-2893480571-1785055309-1003 - Limited - Enabled)
I'm Lee (S-1-5-21-565956605-2893480571-1785055309-1000 - Administrator - Enabled) => C:\Users\I'm Lee

==================== Faulty Device Manager Devices =============

Name: Digital Media Renderer
Description: Digital Media Renderer
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2015 01:53:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:52:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:52:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:51:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:51:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:51:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:51:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:50:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:50:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

Error: (02/14/2015 01:50:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.

System errors:
=============
Error: (02/14/2015 08:22:08 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (02/14/2015 08:04:25 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/14/2015 05:01:35 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 11:11:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 06:03:38 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 03:56:55 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 08:51:39 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 07:49:18 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (02/13/2015 05:01:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Search service hung on starting.

Error: (02/13/2015 04:59:47 AM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006

Microsoft Office Sessions:
=========================
Error: (02/14/2015 01:53:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:52:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:52:09 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:51:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:51:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:51:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:51:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:50:50 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:50:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

Error: (02/14/2015 01:50:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Access is denied.

CodeIntegrity Errors:
===================================
  Date: 2013-05-04 17:37:32.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-04 17:37:32.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-04 17:37:32.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-19 20:02:11.865
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:02:11.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:00:13.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:00:12.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 78%
Total physical RAM: 8182.99 MB
Available physical RAM: 1770.92 MB
Total Pagefile: 16364.16 MB
Available Pagefile: 7893.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:587.01 GB) (Free:65.14 GB) NTFS
Drive d: (Sims2DoubleDeluxe) (CDROM) (Total:5.55 GB) (Free:0 GB) UDF
Drive e: (Grace Potter & T) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
Drive f: (Seagate120) (Fixed) (Total:111.75 GB) (Free:14.58 GB) NTFS
Drive g: (MY BOOK) (Fixed) (Total:465.65 GB) (Free:42.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C73027D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 5C74AE42)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=0C)

==================== End Of Log ============================



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 15 February 2015 - 09:30 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [ganteec] => rundll32 "C:\Users\I'm Lee\AppData\Local\ganteec.dll",ganteec <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [gnjbdar] => rundll32 "C:\Users\I'm Lee\AppData\Local\gnjbdar.dll",gnjbdar <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [gunjbdr] => rundll32 "C:\Users\I'm Lee\AppData\Local\gunjbdr.dll",gunjbdr <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [ninjbdr] => rundll32 "C:\Users\I'm Lee\AppData\Local\ninjbdr.dll",ninjbdr <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.HTML ()
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.PNG ()
Startup: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.TXT ()
InternetURL: C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HELP_DECRYPT.URL -> hxxp://paytoc4gtpn5czl2.optionstorpay22.com/1dt9N65
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
Toolbar: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
R2 SystemUpdate; C:\Windows\FrameworkUpdate\Update.exe [92160 2015-02-11] () [File not signed]
S2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
AlternateDataStreams: C:\Users\I'm Lee\Local Settings:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Application Data:YTmNNEGm4n5lIyf22U26o
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temp:Ufgv67svm3nB1LfKJ7fdMKw
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:LXitVkSCafjKwPhs7Dcj0vrfwF
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:YFvpUAfy3Wj46HzFmtToFVaCnlEW

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download Powelikscleaner (by ESET) and save IT TO YOUR DESKTOP.
  • DOUBLE-CLICK THE 3.PNG
  • READ THE TERMS OF THE END-USER LICENSE AGREEMENT AND CLICK AGREE IF YOU AGREE TO THEM.
  • THE TOOL WILL RUN AUTOMATICALLY. IF THE CLEANER FINDS A POWELIKS INFECTION, PRESS THE Y KEY ON YOUR KEYBOARD TO REMOVE IT.
  • IF POWELIKS WAS DETECTED "WIN32/POWELIKS WAS SUCCESSFULLY REMOVED FROM YOUR SYSTEM" WILL BE DISPLAYED. PRESS ANY KEY TO EXIT THE TOOL AND REBOOT YOUR PC.
  • THE TOOL WILL PRODUCE A LOG IN THE SAME DIRECTORY THE TOOL WAS RUN FROM.
  • PLEASE COPY AND PASTE THE LOG IN YOUR NEXT REPLY.
How is the computer running now?

Edited by nasdaq, 15 February 2015 - 09:32 AM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 20 February 2015 - 08:46 AM

Are you still with me?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 26 February 2015 - 09:11 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 09 March 2015 - 07:46 AM

This topic has been re-opened at the request of the person who originally posted.

#12 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 March 2015 - 07:09 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by I'm Lee (administrator) on SASSAFRASQUATCH on 11-03-2015 20:13:51
Running from C:\Users\I'm Lee\Downloads
Loaded Profiles: I'm Lee (Available profiles: I'm Lee & Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [.tluafed** <*>] => C:\Users\I'm Lee\Application Data\{00007B05-1C74-23A1-DB59-0B672BC30319}.exe [ 11-03-2015 20:13:51] () <===== ATTENTION (Value Name with invalid characters)
HKLM-x32\...\Run: [FlashPlayerUpdate] => C:\Users\I'm Lee\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe [143360 2015-02-26] ()
Winlogon\Notify\ikdrabh-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ikdrabh.dll ()
Winlogon\Notify\nvmtfga-x32: C:\Users\I'm Lee\AppData\Local\nvmtfga.dll ()
Winlogon\Notify\pckunie-x32: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\pckunie.dll ()
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-20\...\Run: [KubpIgte] => regsvr32.exe "C:\ProgramData\KubpIgte\HufoYokha.rwp"
HKU\S-1-5-20\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-20\...\Run: [fcd873a] => C:\fcd873af\fcd873af.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [KubpIgte] => regsvr32.exe "C:\ProgramData\KubpIgte\HufoYokha.rwp"
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [dfrgtend] => C:\Windows\system32\convpsr.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [nvmtfga] => rundll32 "C:\Users\I'm Lee\AppData\Local\nvmtfga.dll",nvmtfga <===== ATTENTION
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [Devieown] => C:\Windows\system32\convuota.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Run: [Devitray] => C:\Windows\system32\convntui.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe [540848 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer\Run: [1789926509] => C:\Users\I'MLEE~1\AppData\Roaming\msucyna.exe
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Bubbles.scr [899584 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [pckunie] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\pckunie.dll",pckunie <===== ATTENTION
HKU\S-1-5-18\...\Run: [KubpIgte] => regsvr32.exe "C:\ProgramData\KubpIgte\HufoYokha.rwp"
HKU\S-1-5-18\...\Run: [ikdrabh] => rundll32 "C:\Windows\system32\config\systemprofile\AppData\Local\ikdrabh.dll",ikdrabh <===== ATTENTION
HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_246_ActiveX.exe [855216 2014-12-09] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-565956605-2893480571-1785055309-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {55A1C616-7856-41CC-90AC-79B77D0808C1} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {55A1C616-7856-41CC-90AC-79B77D0808C1} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-20 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-20 -> {D18AC708-1B27-4DA6-BF4B-4095D0B32C9A} URL =
SearchScopes: HKU\S-1-5-21-565956605-2893480571-1785055309-1000 -> {55A1C616-7856-41CC-90AC-79B77D0808C1} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-14] (Sun Microsystems, Inc.)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\McAfee\MSK\mskapbho.dll [2010-11-25] ()
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-12-18] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-11-10] (Sun Microsystems, Inc.)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-12-18] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-12-18] (Adobe Systems Incorporated)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-04-25] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-04-25] (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{005730B4-9EA1-4074-A5AF-9926E47D8F9D}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{5D798D7A-2842-42F5-9690-EE7C02A7FCE1}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{A1AD9B20-F9B2-429A-8F98-6F3C242F104C}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{B9043A83-41BB-4C35-AE2C-9C08648EE55B}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{f2991b88-ac5a-488c-b142-25bead2a3e1b}: [NameServer] 8.8.8.8,8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013
FF SelectedSearchEngine: search
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll [2014-12-09] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll [2014-12-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-04-25] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-12-18] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\I'm Lee\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [2010-03-06] ( )
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\I'm Lee\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-565956605-2893480571-1785055309-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll [2012-08-28] (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011-11-10] (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Extension: DownloadHelper - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-10]
FF Extension: MEGA - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\firefox@mega.co.nz.xpi [2014-01-22]
FF Extension: Greasemonkey - C:\Users\I'm Lee\AppData\Roaming\Mozilla\Firefox\Profiles\a8k73vg9.default-1356017796013\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-05-04]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-08-02]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2010-08-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 OpenVPNService; C:\Program Files (x86)\HMA! Pro VPN\bin\openvpnserv.exe [36352 2012-11-19] () [File not signed]
S4 p2csvc; C:\Windows\system32\p2csvc.exe [67072 2008-07-25] (Panasonic Corporation)
S4 p2csvc32; C:\Windows\SysWOW64\p2csvc32.exe [61440 2008-07-25] (Panasonic Corporation)
S4 Stuffit Archive Name Service; C:\Program Files (x86)\Smith Micro\StuffIt 2010\ArcNameService.exe [1916248 2009-10-30] (Smith Micro Software, Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-02-18] ()
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 p2usb; C:\Windows\System32\DRIVERS\p2usb.sys [30208 2011-05-23] (Panasonic Corporation)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
S3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2010-02-26] () [File not signed]
S2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2010-02-26] () [File not signed]
S2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2010-02-26] () [File not signed]
S0 prdccjnb; System32\drivers\whooprir.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 20:13 - 2015-03-11 20:14 - 00021678 _____ () C:\Users\I'm Lee\Downloads\FRST.txt
2015-03-11 20:13 - 2015-03-11 20:13 - 00000000 ____D () C:\Users\I'm Lee\Downloads\FRST-OlderVersion
2015-03-02 20:55 - 2015-03-02 20:55 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Always and Forever
2015-03-01 16:32 - 2015-03-01 16:32 - 00245886 _____ () C:\Users\I'm Lee\Desktop\ESETPoweliksCleaner.exe_20150301.153249.6316.log
2015-03-01 16:32 - 2015-03-01 16:32 - 00000022 _____ () C:\Users\I'm Lee\Desktop\ESETPoweliksCleaner.exe_20150301.153249.6316.zip
2015-03-01 16:26 - 2015-03-01 16:27 - 00491128 _____ () C:\Users\I'm Lee\Desktop\ESETPoweliksCleaner.exe_20150301.152645.23788.log
2015-03-01 16:26 - 2015-03-01 16:26 - 00000022 _____ () C:\Users\I'm Lee\Desktop\ESETPoweliksCleaner.exe_20150301.152645.23788.zip
2015-03-01 16:22 - 2015-03-01 16:26 - 00220872 _____ (ESET) C:\Users\I'm Lee\Desktop\ESETPoweliksCleaner.exe
2015-03-01 09:17 - 2015-03-01 09:16 - 00352768 _____ () C:\Windows\SysWOW64\convntui.exe
2015-03-01 09:02 - 2015-03-11 20:13 - 02095616 _____ (Farbar) C:\Users\I'm Lee\Downloads\FRST64.exe
2015-03-01 08:49 - 2015-03-01 08:49 - 00371200 _____ () C:\Windows\SysWOW64\convuota.exe
2015-03-01 08:49 - 2015-03-01 08:49 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\nvmtfga.dll
2015-02-28 13:22 - 2015-03-01 23:25 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Ziyli
2015-02-28 13:22 - 2015-03-01 22:36 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Sohebo
2015-02-28 13:22 - 2015-02-28 13:22 - 00371200 _____ () C:\Windows\SysWOW64\convpsr.exe
2015-02-26 20:40 - 2015-02-26 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 20:04 - 2015-02-25 20:06 - 129799604 _____ () C:\Users\I'm Lee\Desktop\Always_and_Forever.zip
2015-02-25 16:22 - 2015-02-25 16:22 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{C3488C1E-9B7D-4013-A8C9-12B7AA7F309B}
2015-02-25 04:21 - 2015-02-25 04:21 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{5FCC126C-7A2B-44F9-86EE-A6E1682E302A}
2015-02-24 19:58 - 2015-02-24 19:58 - 00000000 _____ () C:\Windows\SysWOW64\SBRC.dat
2015-02-24 19:44 - 2015-02-24 19:51 - 200187904 _____ () C:\Users\I'm Lee\Desktop\VIPRERescue37856.exe
2015-02-24 17:18 - 2015-02-24 17:18 - 00006656 __RSH () C:\Users\I'm Lee\AppData\Roaming\{00007B05-1C74-23A1-DB59-0B672BC30319}.exe
2015-02-23 16:49 - 2015-02-23 16:49 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
2015-02-22 15:00 - 2015-02-22 15:00 - 00000018 _____ () C:\repair_starting.dat
2015-02-22 14:59 - 2015-02-22 14:59 - 00000000 ____D () C:\RegBackup
2015-02-22 14:58 - 2015-02-22 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-22 14:58 - 2015-02-22 14:58 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-22 00:43 - 2015-02-22 00:43 - 02126848 _____ () C:\Users\I'm Lee\Desktop\adwcleaner_4.111.exe
2015-02-20 17:42 - 2015-02-20 17:42 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{65C4FCC8-92F7-437F-9C64-65FEA59C946B}
2015-02-19 22:57 - 2015-02-19 22:57 - 00000000 __SHD () C:\found.001
2015-02-18 12:26 - 2015-02-18 12:26 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{D9A801D3-CE2D-4EB6-A5E2-4F378EE575F5}
2015-02-18 00:25 - 2015-02-18 00:25 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{DF2CEED1-C54E-41BD-8E56-DE1673535C95}
2015-02-17 20:50 - 2015-02-17 20:50 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 18:52 - 2015-02-18 21:51 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-16 22:33 - 2015-02-16 22:33 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\{30F35F32-8E9F-47EA-BCEA-FD81DD1593EE}
2015-02-14 14:48 - 2015-03-11 20:13 - 00000000 ____D () C:\FRST
2015-02-14 10:30 - 2015-02-14 10:30 - 00001208 _____ () C:\Users\I'm Lee\Desktop\FSS.txt
2015-02-11 20:54 - 2015-02-28 13:36 - 00000000 ____D () C:\AdwCleaner
2015-02-11 19:01 - 2015-02-11 19:01 - 00008722 _____ () C:\HELP_DECRYPT.HTML
2015-02-11 19:01 - 2015-02-11 19:01 - 00000304 _____ () C:\HELP_DECRYPT.URL
2015-02-11 18:41 - 2015-02-11 18:41 - 00008722 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-11 18:41 - 2015-02-11 18:41 - 00008722 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-02-11 18:41 - 2015-02-11 18:41 - 00008722 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-02-11 18:41 - 2015-02-11 18:41 - 00000304 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-02-11 18:41 - 2015-02-11 18:41 - 00000304 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-02-11 18:41 - 2015-02-11 18:41 - 00000304 _____ () C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-02-11 18:30 - 2015-02-21 03:22 - 00000000 ____D () C:\Windows\FrameworkUpdate

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 19:23 - 2012-06-17 08:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 17:38 - 2010-01-27 17:01 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Adobe
2015-03-10 20:49 - 2011-04-23 17:50 - 00075088 _____ () C:\lxda.log
2015-03-10 18:11 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:11 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-10 18:10 - 2009-07-14 00:13 - 00862808 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 18:04 - 2015-02-07 12:27 - 00000498 _____ () C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job
2015-03-10 18:03 - 2013-11-10 22:20 - 00400464 _____ () C:\Windows\PFRO.log
2015-03-10 18:03 - 2013-11-10 02:00 - 00138912 _____ () C:\Windows\setupact.log
2015-03-10 18:03 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 21:31 - 2014-12-27 23:32 - 00000000 ____D () C:\VIPRERESCUE
2015-03-08 20:02 - 2013-07-08 22:53 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\SoulseekQt
2015-03-08 19:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-02 21:22 - 2010-01-23 03:09 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\vlc
2015-03-02 19:09 - 2014-12-28 18:41 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-01 23:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-03-01 21:14 - 2014-12-28 12:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-01 16:37 - 2014-10-13 19:23 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Ebay Items
2015-03-01 16:37 - 2012-07-14 10:51 - 00000000 ____D () C:\Users\I'm Lee\CS6 Master Collection
2015-03-01 16:36 - 2014-09-18 09:39 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Chip n' Dale Rescue Rangers Season 1
2015-03-01 16:36 - 2014-09-18 09:36 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Duck Tales Disk I 720p DVDRip AC3 Hindi x264-SnowDoN
2015-03-01 16:36 - 2014-09-18 09:33 - 00000000 ____D () C:\Users\I'm Lee\Downloads\Alvin And The Chipmunks
2015-03-01 16:36 - 2013-11-22 13:11 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Skits
2015-03-01 16:36 - 2013-05-03 14:40 - 00000000 ____D () C:\Users\I'm Lee\Documents\Image-Line
2015-03-01 16:36 - 2013-03-25 18:45 - 00000000 ____D () C:\Users\I'm Lee\Desktop\The Magic of Making Up
2015-03-01 16:36 - 2012-09-08 21:39 - 00000000 ____D () C:\Users\I'm Lee\Documents\Amazon MP3
2015-03-01 16:36 - 2011-03-21 15:04 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Projects
2015-03-01 16:36 - 2010-03-06 16:50 - 00000000 ____D () C:\Users\I'm Lee\Documents\EA Games
2015-03-01 16:35 - 2014-12-28 15:42 - 00000000 ____D () C:\Users\Administrator
2015-03-01 16:35 - 2010-01-26 17:23 - 00000000 ____D () C:\Users\I'm Lee\Scripts
2015-03-01 16:35 - 2010-01-22 21:49 - 00000000 ____D () C:\Users\I'm Lee
2015-03-01 16:33 - 2010-01-26 17:24 - 00060416 ___SH () C:\Users\I'm Lee\Thumbs.db
2015-03-01 11:04 - 2014-09-25 01:09 - 00794112 ___SH () C:\Users\I'm Lee\Desktop\Thumbs.db
2015-02-28 13:46 - 2012-05-13 16:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 20:35 - 2014-12-27 21:34 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\LogMeIn Rescue Applet
2015-02-26 20:12 - 2010-08-21 00:04 - 00028672 ___SH () C:\Users\I'm Lee\Documents\Thumbs.db
2015-02-23 00:09 - 2014-10-02 23:20 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-02-22 19:58 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\IME
2015-02-22 13:24 - 2009-07-14 00:10 - 01571355 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 22:22 - 2014-12-28 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-20 22:40 - 2013-11-20 17:32 - 00000000 ____D () C:\Users\DefaultAppPool
2015-02-18 22:01 - 2012-11-15 15:17 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Google
2015-02-18 21:02 - 2010-01-23 01:00 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\Mozilla
2015-02-17 20:50 - 2014-12-28 12:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-16 22:34 - 2011-02-03 22:34 - 00000000 ____D () C:\Users\I'm Lee\AppData\Local\Windows Live Writer
2015-02-16 21:17 - 2014-12-27 22:43 - 00000000 ____D () C:\Windows\pss
2015-02-16 19:04 - 2013-11-18 00:21 - 00000000 ____D () C:\Users\I'm Lee\Desktop\Linda
2015-02-16 19:01 - 2013-05-24 20:22 - 00000000 ____D () C:\Users\I'm Lee\Desktop\New folder
2015-02-14 18:51 - 2010-01-14 02:36 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-14 18:50 - 2013-06-03 21:38 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-14 18:49 - 2010-02-28 12:29 - 00000000 ____D () C:\ProgramData\Azureus
2015-02-11 18:52 - 2015-02-06 18:40 - 00000000 ____D () C:\Users\I'm Lee\AppData\Roaming\FrameworkUpdate
2015-02-11 18:52 - 2015-02-04 20:22 - 00000000 ____D () C:\ProgramData\KubpIgte
2015-02-11 18:41 - 2014-12-28 15:49 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2015-02-11 18:39 - 2013-07-19 18:42 - 00000000 ___RD () C:\Sandbox
2015-02-11 18:37 - 2012-07-01 14:57 - 00000000 ____D () C:\Qoobox
2015-02-11 18:37 - 2010-05-03 15:48 - 00000000 ____D () C:\lexmark
2015-02-11 18:36 - 2010-01-14 03:49 - 00000000 ____D () C:\dell
2015-02-11 17:48 - 2015-02-06 18:41 - 00000432 ____H () C:\ProgramData\@system3.att
2015-02-11 17:47 - 2015-02-06 18:41 - 00000696 _____ () C:\ProgramData\@system.temp
2015-02-09 22:01 - 2015-02-08 18:58 - 00001732 _____ () C:\Users\I'm Lee\Desktop\Computer.lnk
2015-02-09 22:01 - 2015-02-08 18:58 - 00000288 _____ () C:\Users\I'm Lee\AppData\Roaming\B9DF32E6.reg
2015-02-09 05:54 - 2009-07-14 00:08 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-02-08 18:58 - 2015-02-09 22:01 - 0000288 _____ () C:\Users\I'm Lee\AppData\Roaming\B9DF32E6.reg
2014-09-05 20:05 - 2014-09-05 20:05 - 0267424 _____ (Microsoft Corporation) C:\Users\I'm Lee\AppData\Roaming\BtvStack.dll
2012-11-17 18:03 - 2012-11-17 18:03 - 0000384 _____ () C:\Users\I'm Lee\AppData\Roaming\fp.txt
2015-02-04 20:37 - 2015-02-04 20:37 - 0008658 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.HTML
2015-02-04 20:37 - 2015-02-04 20:37 - 0045887 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.PNG
2015-02-04 20:37 - 2015-02-04 20:37 - 0000304 _____ () C:\Users\I'm Lee\AppData\Roaming\HELP_DECRYPT.URL
2015-02-08 18:58 - 2015-02-09 22:01 - 0009728 _____ () C:\Users\I'm Lee\AppData\Roaming\mcp.ico
2010-01-24 19:11 - 2010-01-24 19:11 - 0012358 _____ () C:\Users\I'm Lee\AppData\Roaming\PFP100JCM.{PB
2010-01-24 19:11 - 2010-01-24 19:11 - 0061678 _____ () C:\Users\I'm Lee\AppData\Roaming\PFP100JPR.{PB
2015-02-24 17:18 - 2015-02-24 17:18 - 0006656 __RSH () C:\Users\I'm Lee\AppData\Roaming\{00007B05-1C74-23A1-DB59-0B672BC30319}.exe
2015-02-06 18:41 - 2015-02-06 18:41 - 0000480 ____H () C:\Users\I'm Lee\AppData\Roaming\麽鎒駓覜
2011-12-04 17:44 - 2011-12-04 18:09 - 0010864 ____S () C:\Users\I'm Lee\AppData\Local\0d16ps5l74g467
2011-12-17 15:25 - 2011-12-17 16:25 - 0011096 ____S () C:\Users\I'm Lee\AppData\Local\313055a4m715j113g838v8avg1e3
2011-04-07 13:00 - 2011-04-07 16:01 - 0011494 ____S () C:\Users\I'm Lee\AppData\Local\325cq8r6ceko405fg
2010-10-22 15:44 - 2013-10-31 19:51 - 0007680 _____ () C:\Users\I'm Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-04 20:35 - 2015-02-04 20:35 - 0008658 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.HTML
2015-02-04 20:35 - 2015-02-04 20:35 - 0045887 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.PNG
2015-02-04 20:35 - 2015-02-04 20:35 - 0000304 _____ () C:\Users\I'm Lee\AppData\Local\HELP_DECRYPT.URL
2015-03-01 08:49 - 2015-03-01 08:49 - 0023552 _____ () C:\Users\I'm Lee\AppData\Local\nvmtfga.dll
2010-02-02 15:14 - 2010-02-02 15:14 - 0002120 _____ () C:\Users\I'm Lee\AppData\Local\rx_audio.Cache
2010-02-02 15:14 - 2010-02-02 15:14 - 0000000 _____ () C:\Users\I'm Lee\AppData\Local\rx_image32.Cache
2011-12-04 17:44 - 2011-12-04 18:09 - 0010864 ____S () C:\ProgramData\0d16ps5l74g467
2011-04-07 13:00 - 2011-04-07 16:01 - 0011494 ____S () C:\ProgramData\325cq8r6ceko405fg
2015-02-06 18:41 - 2015-02-11 17:47 - 0000696 _____ () C:\ProgramData\@system.temp
2015-02-06 18:41 - 2015-02-11 17:48 - 0000432 ____H () C:\ProgramData\@system3.att
2015-02-04 20:31 - 2015-02-04 20:31 - 0008658 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-02-04 20:31 - 2015-02-04 20:31 - 0045887 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-02-04 20:31 - 2015-02-04 20:31 - 0000304 _____ () C:\ProgramData\HELP_DECRYPT.URL

Files to move or delete:
====================
C:\Users\I'm Lee\Application Data\{00007B05-1C74-23A1-DB59-0B672BC30319}.exe
C:\Users\I'm Lee\gotomypc_635.exe
C:\Users\I'm Lee\MasterCollection_CS6_LS16.exe

Some content of TEMP:
====================
C:\Users\I'm Lee\AppData\Local\Temp\install_flashplayer16x32_mssa_aaa_aih.exe
C:\Users\I'm Lee\AppData\Local\Temp\install_flashplayer16x32_mssd_aaa_aih.exe
C:\Users\I'm Lee\AppData\Local\Temp\Quarantine.exe
C:\Users\I'm Lee\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\I'm Lee\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-03-10 18:34

==================== End Of Log ============================



#13 Soulamiss

Soulamiss
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 12 March 2015 - 07:31 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by I'm Lee at 2015-03-11 20:15:07
Running from C:\Users\I'm Lee\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Disabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.9 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.1 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Support Advisor (HKLM-x32\...\AdobeSupportAdvisor.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.6.1.20120504 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 2.7.0 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.07 - Piriform)
Complete Care Consumer Service Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
EA Download Manager (HKLM-x32\...\EA Download Manager) (Version: 6.0.4.4 - Electronic Arts, Inc.)
EA Download Manager UI (HKLM-x32\...\com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1) (Version: 6.0.4.4 - Electronic Arts)
EA Download Manager UI (x32 Version: 6.0.4 - Electronic Arts) Hidden
EMC 10 Content (x32 Version: 1.0.035 - Roxo, Inc.) Hidden
EMCGadgets64 (Version: 1.0.302 - Sonic) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facebook Plug-In (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Facebook Plug-In) (Version:  - Facebook, Inc.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version:  - )
GoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version:  - )
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HMA! Pro VPN 2.7.1.7 (HKLM-x32\...\HMA! Pro VPN) (Version: 2.7.1.7 - )
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
IL Shared Libraries (HKLM-x32\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java™ 6 Update 14 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Java™ 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.300 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 640 Series (HKLM\...\Lexmark 640 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 12.8.992 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
MSN Toolbar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 4.0.0379.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NirSoft Mail PassView (HKLM-x32\...\NirSoft Mail PassView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Panasonic P2 Drivers (HKLM\...\{6F0C8DA5-8F81-4330-90FD-CC94022BDCD7}) (Version: 2.17.0000 - )
PatchBeam (HKLM-x32\...\PatchBeam) (Version: 1.10 - ConeXware, Inc.)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowerArchiver 2011 (HKLM-x32\...\PowerArchiver 2011 12.12.04) (Version: 12.01.03 - ConeXware, Inc.)
PowerArchiver 2011 (x32 Version: 12.12.04 - ConeXware, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 3.0.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.2 - VS Revo Group, Ltd.)
Rosetta Stone Language Training (HKLM-x32\...\{00384623-4937-4D7D-BDD9-23513D1C50AB}) (Version: 5.0.13.0 - Rosetta Stone, Ltd)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Roxio Easy CD and DVD Burning (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio File Backup (Version: 1.3.0 - Roxio) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Spotify (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
STK03N (HKLM-x32\...\{E83CD823-C522-4B71-B10A-E1088B3BD261}) (Version: 0.00.4 - Syntek)
StuffIt 2010 (HKLM\...\{26A7FC57-FC21-4CA9-85BD-4324B3294D8B}) (Version: 14.0.0 - Smith Micro)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The Sims™ 2 Double Deluxe (HKLM-x32\...\{C22E50B4-B9D0-4a07-B1F3-12362514FEA7}) (Version:  - Electronic Arts)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.1 - Tweaking.com)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
VLC media player 1.0.2 (HKLM-x32\...\VLC media player) (Version: 1.0.2 - VideoLAN Team)
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 5.1.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-565956605-2893480571-1785055309-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WordPerfect Office 2002 (HKLM-x32\...\WordPerfect Office 2002) (Version:  - )
WordPerfect Office 2002 (x32 Version: 10 - Corel) Hidden
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\apphelp.dll No File
CustomCLSID: HKU\S-1-5-21-565956605-2893480571-1785055309-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\I'm Lee\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================

10-03-2015 18:41:09 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-02-08 00:19 - 2015-02-23 16:49 - 00001503 _RASH C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
162.247.13.79 www.google-analytics.com.
162.247.13.79 google-analytics.com.
162.247.13.79 connect.facebook.net.
146.0.75.12 www.google-analytics.com.
146.0.75.12 google-analytics.com.
146.0.75.12 connect.facebook.net.
107.181.187.40 www.google-analytics.com.
107.181.187.40 google-analytics.com.
107.181.187.40 connect.facebook.net.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F652A27-CCC4-400A-A673-F3675ED61D42} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-12] (Facebook Inc.)
Task: {16EB7768-C245-4E1D-83E1-33CCDF6EDF10} - System32\Tasks\{4D669B8B-DA97-49A7-8601-8893F8240479} => pcalua.exe -a D:\SETUP.EXE -d D:\
Task: {16FBC9C0-7268-45F3-B728-D0EE6E837DFD} - System32\Tasks\{66E0F5F1-0E6A-40FC-94A5-9B2DF9A99B27} => pcalua.exe -a C:\Users\I'MLEE~1\AppData\Local\Temp\InstallFlashPlayer.exe -d "C:\Users\I'm Lee\AppData\Roaming"
Task: {1B00ABD6-CB6B-41B5-9343-C3575B1220C6} - System32\Tasks\{323B3CA9-0878-47CF-A9AF-3DA97ECC674A} => pcalua.exe -a "C:\Program Files (x86)\PowerArchiver\_PAsetup.exe" -d "C:\Program Files (x86)\PowerArchiver" -c /paassociate
Task: {2D3F5542-82E6-4701-BAD5-A6F489171E77} - System32\Tasks\{9F828C28-AFF1-42AF-B478-1EF7E1F3B51B} => pcalua.exe -a "C:\Program Files\FlashOffliner v1.0\1. Install FlashOffliner\FlashOffliner_v1.0.exe" -d "C:\Program Files\FlashOffliner v1.0\1. Install FlashOffliner"
Task: {43AC59BC-C230-4633-ACD9-C114F3BC57DB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {47A43D9C-2076-455F-AFF6-7599EDA1894F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-12] (Facebook Inc.)
Task: {7EDFC8E1-8338-43D0-A723-3CDEF28A6D4C} - System32\Tasks\{56C2CDFF-A7E8-4D46-B11C-2F8EF01EC563} => pcalua.exe -a "F:\Program Files\CDex_150\uninstall.exe" -d "F:\Program Files\CDex_150"
Task: {832D7103-F9B5-48DC-BE11-FCD8936D0B64} - System32\Tasks\{0A823AD7-67C3-4550-B14D-0CE2CE443565} => pcalua.exe -a "C:\Users\I'm Lee\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D9WD2C0U\setup.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {98AF0D27-FFE1-40FF-B40C-659C7FB54F18} - System32\Tasks\AdobeAAMUpdater-1.0-Sassafrasquatch-I'm Lee => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A708D289-B53E-457D-9141-2785B700E5C5} - System32\Tasks\{389BC286-1D34-4853-8016-0E04EB1088F2} => pcalua.exe -a "C:\Users\I'm Lee\Desktop\mailpv_setup.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {B145AC70-C952-4F8C-A468-42121357B88F} - System32\Tasks\{FAE36069-C2C8-451F-8102-96BD6CF5C736} => pcalua.exe -a "C:\Users\I'm Lee\Desktop\slsk157NS13e.exe" -d "C:\Users\I'm Lee\Desktop"
Task: {B195FD63-AEBC-471A-A1A0-88B7F3107C0E} - System32\Tasks\ParetoLogic Update Version3 Startup Task => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe
Task: {BF7F992F-50FE-4BA4-9BEA-07B08455191F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {E460C062-CCC7-4623-BE29-A40F6EEB1438} - System32\Tasks\{19EF5447-DB3A-41AA-9698-9976D4F3CF9D} => pcalua.exe -a "C:\Program Files (x86)\EA GAMES\The Sims 2 Double Deluxe\EP99\CSBin\PackageInstaller.exe" -d "C:\Users\I'm Lee\Documents\EA Games\The Sims™ 2 Double Deluxe\Downloads" -c "C:\Users\I'm Lee\Documents\EA Games\The Sims™ 2 Double Deluxe\Downloads\Upscale Modern.Sims2Pack"
Task: {ED42CE75-4DC1-4EBF-AA81-4F317E26C6A9} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FDAF7C44-D423-4CCE-8239-5B64D57841F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000Core.job => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565956605-2893480571-1785055309-1000UA.job => C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\ParetoLogic Update Version3 Startup Task.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe

==================== Loaded Modules (whitelisted) ==============

2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-03-01 08:49 - 2015-03-01 08:49 - 00023552 _____ () C:\Users\I'm Lee\AppData\Local\nvmtfga.dll
2015-02-04 20:37 - 2015-02-04 20:37 - 38714368 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\libcef.dll
2015-02-04 20:37 - 2015-02-04 20:37 - 00873472 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\ffmpegsumo.dll
2015-02-04 20:37 - 2015-02-04 20:37 - 16840880 _____ () C:\Users\I'm Lee\AppData\Roaming\Local Store\NPSWF32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:LXitVkSCafjKwPhs7Dcj0vrfwF
AlternateDataStreams: C:\Users\I'm Lee\AppData\Local\Temporary Internet Files:YFvpUAfy3Wj46HzFmtToFVaCnlEW

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-565956605-2893480571-1785055309-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\I'm Lee\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McAPExe => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSK80Service => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: p2csvc => 2
MSCONFIG\Services: p2csvc32 => 2
MSCONFIG\Services: RosettaStoneDaemon => 2
MSCONFIG\Services: RoxMediaDB10 => 3
MSCONFIG\Services: sesvc => 2
MSCONFIG\Services: SftService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SpyHunter 4 Service => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: Stuffit Archive Name Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: SystemUpdate => 2
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^P2 Card Manager.lnk => C:\Windows\pss\P2 Card Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^STK03N PNP Monitor.lnk => C:\Windows\pss\STK03N PNP Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fcd873af.exe => C:\Windows\pss\fcd873af.exe.Startup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.HTML => C:\Windows\pss\HELP_DECRYPT.HTML.Startup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.PNG => C:\Windows\pss\HELP_DECRYPT.PNG.Startup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.TXT => C:\Windows\pss\HELP_DECRYPT.TXT.Startup
MSCONFIG\startupfolder: C:^Users^I'm Lee^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^HELP_DECRYPT.URL => C:\Windows\pss\HELP_DECRYPT.URL.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\I'm Lee\AppData\Local\Akamai\netsession_win.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BluetoothS => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
MSCONFIG\startupreg: Facebook Update => "C:\Users\I'm Lee\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: fcd873a => C:\fcd873af\fcd873af.exe
MSCONFIG\startupreg: ganteec => rundll32 "C:\Users\I'm Lee\AppData\Local\ganteec.dll",ganteec
MSCONFIG\startupreg: gnjbdar => rundll32 "C:\Users\I'm Lee\AppData\Local\gnjbdar.dll",gnjbdar
MSCONFIG\startupreg: Google Update => "C:\Users\I'm Lee\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: gunjbdr => rundll32 "C:\Users\I'm Lee\AppData\Local\gunjbdr.dll",gunjbdr
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: ISUSPM Startup => c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KubpIgte => regsvr32.exe "C:\ProgramData\KubpIgte\HufoYokha.rwp"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: mcui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: ninjbdr => rundll32 "C:\Users\I'm Lee\AppData\Local\ninjbdr.dll",ninjbdr
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
MSCONFIG\startupreg: Spotify => "C:\Users\I'm Lee\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\I'm Lee\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Svc2dll => C:\Users\I'm Lee\AppData\Local\svcxdcl32.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: uTorrent => "C:\Users\I'm Lee\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-565956605-2893480571-1785055309-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-565956605-2893480571-1785055309-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-565956605-2893480571-1785055309-1003 - Limited - Enabled)
I'm Lee (S-1-5-21-565956605-2893480571-1785055309-1000 - Administrator - Enabled) => C:\Users\I'm Lee

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 06:04:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 0.0.0.0, time stamp: 0x54ef4d13
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (03/01/2015 11:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 0.0.0.0, time stamp: 0x54ef4d13
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (03/01/2015 04:30:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00358628
Faulting process id: 0xd34
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (03/01/2015 04:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 0.0.0.0, time stamp: 0x54ef4d13
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (03/01/2015 11:04:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x006ab120
Faulting process id: 0xd0c
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (03/01/2015 11:04:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerUpdateService.exe, version: 0.0.0.0, time stamp: 0x54ef4d13
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xe0434f4d
Fault offset: 0x0000c42d
Faulting process id: 0x%9
Faulting application start time: 0xFlashPlayerUpdateService.exe0
Faulting application path: FlashPlayerUpdateService.exe1
Faulting module path: FlashPlayerUpdateService.exe2
Report Id: FlashPlayerUpdateService.exe3

Error: (03/01/2015 08:50:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 9D5B.tmp, version: 2.5.10.6, time stamp: 0x54f31048
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0000cdb0
Faulting process id: 0x53f8
Faulting application start time: 0x9D5B.tmp0
Faulting application path: 9D5B.tmp1
Faulting module path: 9D5B.tmp2
Report Id: 9D5B.tmp3

Error: (03/01/2015 08:49:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 4422.tmp, version: 2.5.10.6, time stamp: 0x54f31048
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x0000cdb0
Faulting process id: 0x32e4
Faulting application start time: 0x4422.tmp0
Faulting application path: 4422.tmp1
Faulting module path: 4422.tmp2
Report Id: 4422.tmp3

Error: (02/28/2015 04:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: msiexec.exe, version: 5.0.7601.17514, time stamp: 0x4ce792c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0081ab40
Faulting process id: 0x8a4
Faulting application start time: 0xmsiexec.exe0
Faulting application path: msiexec.exe1
Faulting module path: msiexec.exe2
Report Id: msiexec.exe3

Error: (02/28/2015 04:50:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (03/11/2015 07:20:11 PM) (Source: sbp2port) (EventID: 20) (User: )
Description: A transport driver received a frame which violated the protocol.

Error: (03/11/2015 06:41:39 PM) (Source: sbp2port) (EventID: 20) (User: )
Description: A transport driver received a frame which violated the protocol.

Error: (03/10/2015 06:04:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
prdccjnb
RxFilter

Error: (03/10/2015 06:04:06 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started.

Error: (03/10/2015 06:04:06 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Unibrain 1394 SBM Driver service depends on the UB1394 Miniport group and no member of this group started.

Error: (03/10/2015 06:04:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Unibrain 1394 OHCI Driver service failed to start due to the following error:
%%193

Error: (03/10/2015 06:04:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error:
%%1058

Error: (03/03/2015 10:47:10 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/01/2015 11:26:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
prdccjnb
RxFilter

Error: (03/01/2015 11:26:19 PM) (Source: Service Control Manager) (EventID: 7002) (User: )
Description: The Unibrain 1394 FireAPI Driver service depends on the UB1394 Miniport group and no member of this group started.

Microsoft Office Sessions:
=========================
Error: (03/10/2015 06:04:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerUpdateService.exe0.0.0.054ef4d13KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d

Error: (03/01/2015 11:26:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerUpdateService.exe0.0.0.054ef4d13KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d

Error: (03/01/2015 04:30:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce792c4unknown0.0.0.000000000c000000500358628d3401d05466db844850C:\Windows\SysWOW64\msiexec.exeunknown25c6ff9d-c05a-11e4-a4f3-a4badb025a3e

Error: (03/01/2015 04:29:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerUpdateService.exe0.0.0.054ef4d13KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d

Error: (03/01/2015 11:04:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce792c4unknown0.0.0.000000000c0000005006ab120d0c01d0543962284ab2C:\Windows\SysWOW64\msiexec.exeunknownb076b71c-c02c-11e4-a78f-a4badb025a3e

Error: (03/01/2015 11:04:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashPlayerUpdateService.exe0.0.0.054ef4d13KERNELBASE.dll6.1.7601.1840953159a86e0434f4d0000c42d

Error: (03/01/2015 08:50:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 9D5B.tmp2.5.10.654f31048KERNELBASE.dll6.1.7601.1840953159a86c00000050000cdb053f801d054269b4b1c80C:\Users\I'MLEE~1\AppData\Local\Temp\9D5B.tmpC:\Windows\syswow64\KERNELBASE.dlld9f2f468-c019-11e4-b08e-a4badb025a3e

Error: (03/01/2015 08:49:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 4422.tmp2.5.10.654f31048KERNELBASE.dll6.1.7601.1840953159a86c00000050000cdb032e401d054266ce88a0fC:\Users\I'MLEE~1\AppData\Local\Temp\4422.tmpC:\Windows\syswow64\KERNELBASE.dllbba4e2be-c019-11e4-b08e-a4badb025a3e

Error: (02/28/2015 04:52:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: msiexec.exe5.0.7601.175144ce792c4unknown0.0.0.000000000c00000050081ab408a401d053a04d8c8b5bC:\Windows\SysWOW64\msiexec.exeunknown1ec8b940-bf94-11e4-ad7c-a4badb025a3e

Error: (02/28/2015 04:50:08 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

CodeIntegrity Errors:
===================================
  Date: 2013-05-04 17:37:32.766
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-04 17:37:32.763
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-04 17:37:32.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-01-23 07:54:53.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

  Date: 2012-12-19 20:02:11.865
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:02:11.444
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:00:13.041
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-19 20:00:12.714
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz
Percentage of memory in use: 31%
Total physical RAM: 8182.99 MB
Available physical RAM: 5641.53 MB
Total Pagefile: 16364.16 MB
Available Pagefile: 13173.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:587.01 GB) (Free:100.24 GB) NTFS
Drive d: (Sims2DoubleDeluxe) (CDROM) (Total:5.55 GB) (Free:0 GB) UDF
Drive f: (Seagate120) (Fixed) (Total:111.75 GB) (Free:14.57 GB) NTFS
Drive h: () (Removable) (Total:14.83 GB) (Free:13.77 GB) FAT32
Drive j: () (Removable) (Total:7.45 GB) (Free:4.05 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: C73027D1)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=9.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=587 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 9DC96E9E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 7.5 GB) (Disk ID: 61CC6079)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=0B)

========================================================
Disk: 4 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 13 March 2015 - 07:56 AM

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please run the Farbar tool one more time and submit a fresh FRST log for my review.

Let me know what problem persists.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:15 AM

Posted 19 March 2015 - 07:19 AM

Are you still with me?

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users