Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slowed to a crawl


  • This topic is locked This topic is locked
33 replies to this topic

#1 southchandler

southchandler

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 24 February 2015 - 12:14 AM

My computer used to be very fast but lately it is sloowing to basically unusable. I have to wait minutes to just scroll through a page. Also internet explorer reports all downloads as virus and I tried to install a different window defender and didn't work. Any help to check this out would be great.

 

Also windows security center is turned off and can't be started. Malwarebytes real time protection is turned off and cant be restarted. Mcafee seemed to be ok.

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:06:09 PM, on 2/23/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)

Boot mode: Normal

Running processes:
C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe
C:\Program Files (x86)\Brownie\Brnipmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Home\Downloads\HijackThis (1).exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
C:\Windows\sysWow64\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKCU\..\Run: [Privacy Suite RiskMonitor] "C:\Program Files (x86)\CyberScrub Privacy Suite\Launch.exe" "C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Home\AppData\Local\Google\Desktop\Install\{96e53b37-63d1-697c-43fa-00e76c802aaa}\???\???\???\{96e53b37-63d1-697c-43fa-00e76c802aaa}\GoogleUpdate.exe" >
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Mobile Server Manager.lnk = C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe
O4 - Global Startup: XProtect Recording Server Manager.lnk = C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{B586A3D6-CD19-4EB5-8081-F55F7B1304B9}: NameServer = 68.105.28.16
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Coupon Printer Service (CouponPrinterService) - Unknown owner - C:\Program Files (x86)\Coupons\CouponPrinterService.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Milestone Image Import Service - Unknown owner - C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
O23 - Service: Milestone Image Server - Milestone Systems A/S - C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe
O23 - Service: Milestone Log Check Service - Unknown owner - C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
O23 - Service: Milestone Mobile Service - Milestone Systems A/S - C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe
O23 - Service: Milestone Notification Server - Unknown owner - C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe
O23 - Service: Milestone Recording Server - Milestone Systems A/S - C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe
O23 - Service: Milestone Service Control - Milestone Systems A/S - C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe
O23 - Service: Milestone XProtect Event Server (MilestoneEventServerService) - Milestone Systems A/S - C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe
O23 - Service: McAfee Online Backup (MOBKbackup) - McAfee, Inc. - C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA WMI Provider (NVWMI) - Unknown owner - C:\Windows\system32\nvwmi64.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13530 bytes


Edited by Orange Blossom, 24 February 2015 - 01:16 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


m

#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 24 February 2015 - 04:25 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 27 February 2015 - 05:47 PM

Hi,

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 February 2015 - 08:53 PM

Hi I'm here sorry. Didn't know you replied.



#5 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 28 February 2015 - 09:42 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Home (administrator) on HOME-PC on 28-02-2015 18:58:04
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available profiles: Home & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe
() C:\Program Files (x86)\Milestone\DevicePack\devices\proxysrv\ProxySrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Milestone Systems A/S) C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Milestone Systems A/S) C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brownie\BRNIPMON.exe
(CyberScrub LLC) C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Autodesk, Inc.) C:\Program Files (x86)\AutoCAD 2002\acad.exe
(Milestone Systems A/S) C:\Program Files\Milestone\XProtect Smart Client\Client.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Autodesk, Inc.) C:\Program Files (x86)\AutoCAD 2002\acad.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-21] ()
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [Privacy Suite RiskMonitor] => C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe [2425072 2010-03-29] (CyberScrub LLC)
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Home\AppData\Local\Google\Desktop\Install\{96e53b37-63d1-697c-43fa-00e76c802aaa}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{96e53b37-63d1-697c-43fa-00e76c802aaa}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mobile Server Manager.lnk
ShortcutTarget: Mobile Server Manager.lnk -> C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe (Milestone Systems A/S)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XProtect Recording Server Manager.lnk
ShortcutTarget: XProtect Recording Server Manager.lnk -> C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe (Milestone Systems A/S)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> DefaultScope {AD5D5079-B76C-4FD9-8B2D-503AF155D7EA} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140714&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> {0B31D88A-8670-4E80-95A9-D3086CB26E25} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> {AD5D5079-B76C-4FD9-8B2D-503AF155D7EA} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140714&p={SearchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B586A3D6-CD19-4EB5-8081-F55F7B1304B9}: [NameServer] 68.105.28.16
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-27]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-16]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CHR Extension: (SiteAdvisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-16]
CHR Extension: (Hola Better Internet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-01-16]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-12]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-01-12]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0210501424795352mcinstcleanup; C:\Windows\TEMP\021050~1.EXE [851136 2014-08-08] (McAfee, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [154320 2014-12-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 Milestone Image Import Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [16370056 2014-05-12] ()
R2 Milestone Image Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe [21828472 2014-05-12] (Milestone Systems A/S)
R2 Milestone Log Check Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [1309584 2014-05-12] ()
R2 Milestone Mobile Service; C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe [392560 2014-05-05] (Milestone Systems A/S)
R2 Milestone Notification Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe [16296 2014-05-12] ()
R2 Milestone Recording Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe [22500224 2014-05-12] (Milestone Systems A/S)
R2 Milestone Service Control; C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [24576 2014-05-12] (Milestone Systems A/S) [File not signed]
R2 MilestoneEventServerService; C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe [2507264 2014-05-07] (Milestone Systems A/S) [File not signed]
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MSSQL$VIDEOOSDB; C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1248544 2013-09-21] (NVIDIA Corporation)
S4 SQLAgent$VIDEOOSDB; C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{96e53b37-63d1-697c-43fa-00e76c802aaa}\   \...\???\{96e53b37-63d1-697c-43fa-00e76c802aaa}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R2 SADP_NPF; C:\Windows\SysWOW64\drivers\sadp_npf64.sys [35344 2010-06-26] (CACE Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 18:58 - 2015-02-28 19:01 - 00024364 _____ () C:\Users\Home\Downloads\FRST.txt
2015-02-28 18:57 - 2015-02-28 18:57 - 02092544 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2015-02-28 18:50 - 2015-02-28 18:51 - 00131072 ___HT () C:\Users\Home\Documents\~Outlook.pst.tmp
2015-02-27 15:11 - 2015-02-28 13:34 - 00000580 _____ () C:\Users\Home\Desktop\plot.log
2015-02-26 19:32 - 2015-02-26 19:32 - 00029807 _____ () C:\Users\Home\Desktop\Flat pattern - filler.dxf
2015-02-26 19:32 - 2015-02-26 19:32 - 00029807 _____ () C:\Users\Home\Desktop\Flat pattern - filler.bak
2015-02-26 19:25 - 2015-02-26 19:27 - 00000321 _____ () C:\Users\Home\Documents\plot.log
2015-02-24 09:29 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-23 08:50 - 2015-02-23 22:06 - 00013532 _____ () C:\Users\Home\Downloads\hijackthis.log
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-05 23:09 - 2015-02-05 23:09 - 04147600 _____ ($Co_Name Inc.) C:\Users\Home\Downloads\unifying250.exe
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-02 00:10 - 2015-02-02 00:10 - 00008714 _____ () C:\Users\Home\Documents\Book1.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-28 19:03 - 2014-02-19 00:38 - 2267300864 _____ () C:\Users\Home\Documents\Outlook.pst
2015-02-28 19:03 - 2013-09-20 10:42 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-28 18:58 - 2013-10-11 19:18 - 00000000 ____D () C:\FRST
2015-02-28 18:41 - 2013-09-19 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-28 18:14 - 2014-06-22 01:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0.job
2015-02-28 15:23 - 2014-06-20 21:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 13:28 - 2014-03-29 23:03 - 00000000 ____D () C:\Program Files (x86)\AutoCAD 2002
2015-02-28 08:13 - 2014-10-18 06:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af.job
2015-02-28 06:44 - 2013-09-19 23:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-27 23:48 - 2013-09-20 05:28 - 01730450 _____ () C:\Windows\WindowsUpdate.log
2015-02-27 15:06 - 2013-09-20 20:16 - 00000000 ___HD () C:\Users\Home\Documents\entertainment
2015-02-27 08:09 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-27 08:09 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 19:24 - 2009-07-13 22:13 - 00908934 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-26 19:05 - 2009-07-13 21:51 - 00552774 _____ () C:\Windows\setupact.log
2015-02-24 08:47 - 2013-09-29 09:21 - 00000342 _____ () C:\Windows\Brownie.ini
2015-02-24 07:50 - 2013-10-13 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-24 07:50 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-23 08:25 - 2014-01-27 23:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 08:24 - 2013-09-19 14:50 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-23 08:17 - 2014-07-11 11:03 - 00009053 _____ () C:\Windows\system32\amwrap.log
2015-02-20 15:00 - 2014-04-03 23:57 - 00000000 ____D () C:\Users\Home\Documents\Attachments
2015-02-20 12:26 - 2014-01-16 22:17 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 03:05 - 2014-12-26 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 03:04 - 2014-12-26 14:42 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 03:04 - 2014-12-26 14:42 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-19 03:04 - 2014-12-26 14:42 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 03:04 - 2014-12-26 14:42 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-11 00:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-06 08:08 - 2014-10-18 06:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af
2015-02-06 08:08 - 2014-06-22 01:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0
2015-02-04 23:36 - 2013-09-19 14:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:41 - 2013-09-19 14:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:41 - 2013-09-19 14:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 00:12 - 2010-11-20 20:47 - 00689858 _____ () C:\Windows\PFRO.log
2015-02-02 00:10 - 2014-09-30 07:11 - 00000000 ____D () C:\Users\Home\Documents\weight loss
 
==================== Files in the root of some directories =======
 
2014-04-12 13:01 - 2014-04-12 16:43 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
ZeroAccess:
C:\Users\Home\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2015-02-23 22:37
 
==================== End Of Log ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Home at 2015-02-28 19:04:02
Running from C:\Users\Home\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64-bit Milestone Mobile Server 2.7a (Version: 1.0.0.0 - Milestone Systems A/S) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AutoCAD 2002 (HKLM-x32\...\{5783F2D7-0101-0409-0000-0060B0CE6BBA}) (Version: 15.0.6.030 - Autodesk)
Autodesk Learning Assistance (HKLM-x32\...\Autodesk Learning Assistance) (Version:  - )
Brother HL-2170W (HKLM-x32\...\{D14849EE-427A-434D-B9D5-2B2D81CF1302}) (Version: 1.00 - Brother)
Camera Window (x32 Version: 4.1.1 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}) (Version: 4.1.1 - Canon)
Canon PhotoRecord (HKLM-x32\...\PhotoRecord) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities File Viewer Utility 1.2 (HKLM-x32\...\InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}) (Version: 1.2.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM-x32\...\InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}) (Version: 2.7.2 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.01.00046 - CISRA)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
CyberScrub® Privacy Suite™ 5.1 (HKLM-x32\...\CyberScrub® Privacy Suite™ 5.1_is1) (Version:  - CyberScrub LLC)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
File Viewer Utility 1.2.2 (x32 Version: 1.2.2 - Canon) Hidden
Forté Agent (HKLM-x32\...\{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}) (Version: 7.20.1218 - Forté Internet Software, Inc.)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MasterSplitter Program (HKLM-x32\...\MasterSplitter) (Version:  - )
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Milestone Mobile Administrator Plug-in 2.7a (x32 Version: 1.0.0.0 - Milestone Systems A/S) Hidden
Milestone XProtect Download Manager v1.1h (x32 Version: 1.1.335.7 - Milestone Systems A/S) Hidden
Milestone XProtect Event Server 3.3a (x32 Version: 3.3.665.1 - Milestone Systems A/S) Hidden
Milestone XProtect Event Server Platform Plugin 3.3a (x32 Version: 3.3.365.1 - Milestone Systems A/S) Hidden
Milestone XProtect Professional Products Device Pack 7.3 (HKLM-x32\...\{A14F55BC-8239-41D7-ADCC-B97F8C1F6BC9}) (Version: 7.3.1541 - Milestone Systems A/S)
Milestone XProtect Smart Client 2014 (64-bit) (Version: 9.0.1.510 - Milestone Systems A/S) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.92 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA WMI 2.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.12.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
PhotoStitch (x32 Version: 3.1.10 - Canon) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RemoteCapture 2.7.2 (x32 Version: 2.7.2 - Canon) Hidden
Resource Package (x32 Version: 8.6.0.0 - Milestone) Hidden
SADP (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 2.00.0000 - company)
Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
SQL Server 2012 Common Files (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XProtect Professional VMS Products 2014 (HKLM\...\{27B421AF-ED9B-4BF3-9339-6860CB024FB9}) (Version: 8.6.1 - Milestone Systems A/S)
XProtect Professional VMS Products 2014 (x32 Version: 8.60.0000 - Milestone) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-02-2015 07:33:43 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06887ED0-9033-4F18-BBF1-7BE2F5FF2331} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {3CE8CBB5-E2B6-413D-8025-D40E31C67576} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {61D880B7-280A-4524-A210-2A03B4E0A5C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {83C3D523-C30D-460A-8192-34639128D17F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {AEA29D2A-E84D-46EA-82AC-41C8AD47A520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {B4B6088E-DF25-4FBF-92CC-3E36ACAE0967} - System32\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {CBA26E69-EFF4-42CA-BADE-122B52102B73} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {D62646BD-C9AB-49F5-B521-60913294816D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E415EE34-2F9C-4CC8-A354-0131E8D6F7C5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E95A56FD-2D34-432D-BA4D-29BADD7CC684} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-13 21:32 - 2013-09-20 23:10 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-23 03:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 00016296 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe
2014-05-12 15:44 - 2014-05-12 15:44 - 16370056 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
2014-05-12 15:13 - 2014-05-12 15:13 - 00901120 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\boost_regex-vc100-mt-1_49.dll
2014-05-12 15:37 - 2014-05-12 15:37 - 00029568 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\MonitorLicense.dll
2014-05-12 15:14 - 2014-05-12 15:14 - 03575808 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\xqilla22.dll
2014-05-12 15:22 - 2014-05-12 15:22 - 00559104 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\sqlite3.dll
2014-05-12 15:37 - 2014-05-12 15:37 - 00017824 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\videoos.recordingserver.license.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 01357312 _____ () C:\Program Files (x86)\Milestone\DevicePack\devices\proxy64\Proxy64.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 01309584 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
2014-05-12 15:17 - 2014-05-12 15:17 - 00014848 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\PerformanceCounter.dll
2014-05-12 15:33 - 2014-05-12 15:33 - 00019968 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServerl.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00958976 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\ProxySrv.exe
2014-05-05 15:52 - 2014-05-05 15:52 - 01483264 _____ () C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.Toolkit.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 00901120 _____ () C:\Program Files\Milestone\Milestone Mobile Server\boost_regex-vc100-mt-1_49.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 03575808 _____ () C:\Program Files\Milestone\Milestone Mobile Server\xqilla22.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 23517696 _____ () C:\Program Files\Milestone\Milestone Mobile Server\AVIExporterClientMW.dll
2014-05-05 15:53 - 2014-05-05 15:53 - 00010752 _____ () C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.Mobile.Windows.Net45.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-09-25 07:09 - 2014-09-23 06:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00073728 _____ () C:\Program Files\Milestone\XProtect Smart Client\VideoOS.UI.Common.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 01208832 _____ () C:\Program Files\Milestone\XProtect Smart Client\VideoOS.Utilities.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 01483264 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\VideoOS.Toolkit.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00901120 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\boost_regex-vc100-mt-1_49.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 03575808 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\xqilla22.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 01833472 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\LogServiceClientMW.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 06028800 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\VideoOS.DatabaseUtility.MediaStorage.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00274432 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\boost_serialization-vc100-mt-1_49.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00050176 _____ () C:\Program Files\Milestone\XProtect Smart Client\ImageViewerDotNet_axinterop.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00043008 _____ () C:\Program Files\Milestone\XProtect Smart Client\plugin\VideoOS.RemoteClient.Plugin.HtmlViewItem\AxInterop.SHDocVw.dll
2014-05-09 12:32 - 2014-05-09 12:32 - 00315392 _____ () C:\Program Files\Milestone\XProtect Smart Client\plugin\VideoOS.RemoteClient.Plugin.Transact\VideoOS.RemoteClient.Plugin.Transact.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00009728 _____ () C:\Program Files\Milestone\XProtect Smart Client\AudioPlayerDotNet_axinterop.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 20989440 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\AudioPlayerDotNet.dll
2014-05-09 12:32 - 2014-05-09 12:32 - 00960000 _____ () C:\Program Files\Milestone\XProtect Smart Client\MIPPlugins\VideoOS.EventServer.AlarmPlugin\VideoOS.EventServer.AlarmPlugin.Shared.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00083968 _____ () C:\Program Files\Milestone\XProtect Smart Client\VideoOS.SCH.Clients.Generic.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00029696 _____ () C:\Program Files\Milestone\XProtect Smart Client\VideoOS.SCH.Base.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 19256832 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\VideoOS.MM025Utility.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00052224 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\MM025.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 00118272 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\VideoOS.DatabaseUtility.Common.dll
2014-05-09 12:31 - 2014-05-09 12:31 - 23550464 _____ () C:\Program Files\Milestone\XProtect Smart Client\bin\ImageViewerDotNet.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\LogServiceClientMW.dll
2014-05-12 15:09 - 2014-05-12 15:09 - 00728576 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\boost_regex-vc100-mt-1_49.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\Pipeline\AddIns\EmailPlugin\LogServiceClientMW.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\Pipeline\AddIns\SmsPlugin\LogServiceClientMW.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 16084480 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.DeviceWrapper.dll
2014-05-12 15:08 - 2014-05-12 15:08 - 02870272 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\xqilla22.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 01849248 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.Administrator.Tools.NET.dll
2014-05-12 15:09 - 2014-05-12 15:09 - 00240640 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\boost_serialization-vc100-mt-1_49.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 01894400 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\AutomaticDiscovery.dll
2012-07-31 09:07 - 2012-07-31 09:07 - 00238080 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\DecodeManaged.dll
2013-10-21 12:14 - 2013-10-21 12:14 - 01401344 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\LogServiceClientMW.dll
2013-10-21 12:14 - 2013-10-21 12:14 - 00728576 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\boost_regex-vc100-mt-1_49.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00728576 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\boost_regex-vc100-mt-1_49.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00024576 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\CRuntimeOptions_7.2.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00012800 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\CRuntimeOptions_10.0.dll
2014-05-01 14:31 - 2014-05-01 14:31 - 00008704 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\VS2003Helper.dll
2014-04-28 15:59 - 2014-04-28 15:59 - 02870272 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\xqilla22.dll
2014-09-25 07:09 - 2014-09-23 04:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-09-25 07:08 - 2014-11-21 05:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-10-19 03:41 - 2014-12-22 23:20 - 01754296 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\tmpod.dll
2014-09-25 07:08 - 2014-11-18 07:26 - 01032360 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\ADDINS\UmOutlookAddin.dll
2014-09-25 07:09 - 2014-09-23 04:43 - 08897696 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2001-04-23 00:42 - 2001-04-23 00:42 - 00159805 _____ () C:\Program Files (x86)\AutoCAD 2002\acui15.dll
2001-04-23 00:29 - 2001-04-23 00:29 - 00237629 _____ () C:\Program Files (x86)\AutoCAD 2002\adui15.dll
2001-04-23 00:53 - 2001-04-23 00:53 - 00639029 _____ () C:\Program Files (x86)\AutoCAD 2002\acdim.arx
2001-04-23 00:53 - 2001-04-23 00:53 - 00077887 _____ () C:\Program Files (x86)\AutoCAD 2002\AcDimRes.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 01777664 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtCore4.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01224192 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGCore.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00290816 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGUtils.DLL
2013-10-07 12:24 - 2013-10-07 12:24 - 00631808 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGMath.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01393664 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00751104 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 03105280 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00059392 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00519168 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
2013-10-07 12:52 - 2013-10-07 12:52 - 17652224 _____ () C:\Program Files (x86)\Google\Google Earth\client\googleearth_free.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00726016 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGExportCommon.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 01050624 _____ () C:\Program Files (x86)\Google\Google Earth\client\IGOpt.dll
2013-10-07 12:32 - 2013-10-07 12:32 - 00015872 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemyext.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 07877632 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtWebKit4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 06174208 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtGui4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00518656 _____ () C:\Program Files (x86)\Google\Google Earth\client\QtNetwork4.dll
2013-10-07 12:28 - 2013-10-07 12:28 - 00086528 _____ () C:\Program Files (x86)\Google\Google Earth\client\ge_expat.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00018944 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qgif4.dll
2013-10-07 12:21 - 2013-10-07 12:21 - 00158208 _____ () C:\Program Files (x86)\Google\Google Earth\client\imageformats\qjpeg4.dll
2013-10-07 12:24 - 2013-10-07 12:24 - 00145408 _____ () C:\Program Files (x86)\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-03-21 04:17 - 2014-07-13 05:41 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-09-25 07:08 - 2014-11-21 05:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.16
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1202364088-1563372544-2181994608-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1202364088-1563372544-2181994608-501 - Limited - Disabled)
Home (S-1-5-21-1202364088-1563372544-2181994608-1000 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1202364088-1563372544-2181994608-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/27/2015 10:49:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 14514
 
Start Time: 01d0531a2dcd0021
 
Termination Time: 151
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/27/2015 10:48:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1123c
 
Start Time: 01d052b7a2b0b918
 
Termination Time: 453
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/27/2015 03:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: acad.exe, version: 21.0.6.30, time stamp: 0x3ae3de35
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0xc0000005
Fault offset: 0x00006a7d
Faulting process id: 0x13aa0
Faulting application start time: 0xacad.exe0
Faulting application path: acad.exe1
Faulting module path: acad.exe2
Report Id: acad.exe3
 
Error: (02/27/2015 01:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d840
 
Start Time: 01d052cc936820cc
 
Termination Time: 200
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (02/27/2015 11:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: MSHTML.dll, version: 11.0.9600.17420, time stamp: 0x545ae63c
Exception code: 0xc0000005
Fault offset: 0x000b2fb7
Faulting process id: 0xd340
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/26/2015 07:04:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17420, time stamp: 0x545ad233
Faulting module name: nvd3dum.dll, version: 9.18.13.2092, time stamp: 0x523d24e8
Exception code: 0xc0000005
Fault offset: 0x0066da6a
Faulting process id: 0x84f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
 
Error: (02/25/2015 09:07:54 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (02/24/2015 07:52:45 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4b0722af-3daa-440d-9a49-1a25f4925043}
 
Error: (02/24/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2015 10:41:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (02/26/2015 00:39:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (02/26/2015 00:39:44 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.
 
Error: (02/24/2015 09:31:20 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (02/24/2015 09:29:20 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (02/24/2015 08:47:18 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (02/24/2015 08:47:18 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (02/24/2015 07:54:42 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (02/24/2015 07:50:41 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (02/24/2015 07:50:41 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (02/24/2015 07:50:31 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
 
Microsoft Office Sessions:
=========================
Error: (02/27/2015 10:49:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174201451401d0531a2dcd0021151C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/27/2015 10:48:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174201123c01d052b7a2b0b918453C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/27/2015 03:05:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: acad.exe21.0.6.303ae3de35KERNELBASE.dll6.1.7601.1840953159a86c000000500006a7d13aa001d052d96e94fe96C:\Program Files (x86)\AutoCAD 2002\acad.exeC:\Windows\syswow64\KERNELBASE.dllbcf952a9-becc-11e4-a59c-bc5ff468c8a1
 
Error: (02/27/2015 01:51:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17420d84001d052cc936820cc200C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Error: (02/27/2015 11:02:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad233MSHTML.dll11.0.9600.17420545ae63cc0000005000b2fb7d34001d0522ae581cbe9C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\MSHTML.dlld958984b-beaa-11e4-a59c-bc5ff468c8a1
 
Error: (02/26/2015 07:04:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.17420545ad233nvd3dum.dll9.18.13.2092523d24e8c00000050066da6a84f001d0519656a7e6d8C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\nvd3dum.dll5b582dff-bdc0-11e4-a59c-bc5ff468c8a1
 
Error: (02/25/2015 09:07:54 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
 
Error: (02/24/2015 07:52:45 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4b0722af-3daa-440d-9a49-1a25f4925043}
 
Error: (02/24/2015 07:52:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/23/2015 10:41:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 65%
Total physical RAM: 16277.01 MB
Available physical RAM: 5626.54 MB
Total Pagefile: 32552.2 MB
Available Pagefile: 22272.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.58 GB) (Free:29.95 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:149.05 GB) (Free:11.66 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:37.04 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:3725.9 GB) (Free:55.21 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 12E1C987)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C1E2C5B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 313C3E08)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: DEBF3DD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 01 March 2015 - 05:47 AM

Hi,

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).

Step 1

esetza1.png

Please download Sirefef-Cleaner (by ESET) and save it to your Desktop.

  • Right-click on esetza1a.PNG and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • If security notifications appear, click Continue or Run.
  • The message "Win32/Sirefef.EV found in your system" will be displayed If an infection is found. Press Y on your keyboard to remove the infection.
  • Once the tool has run, you will be prompted to restore system services after you restart your computer. Press Y on your keyboard to restore system services and restart your computer.

esetza3.png

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 03 March 2015 - 11:15 PM

 

Is there some account tracker on there?



#8 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 04 March 2015 - 02:25 AM

[2015.03.04 00:19:33.751] - 
[2015.03.04 00:19:33.751] -     ....................................
[2015.03.04 00:19:33.751] -   ..::::::::::::::::::....................
[2015.03.04 00:19:33.751] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Sirefef
[2015.03.04 00:19:33.751] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.1.0.19
[2015.03.04 00:19:33.751] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: May 14 2014
[2015.03.04 00:19:33.751] -  .::EE:::::::::::::SS:.EE..........TT......
[2015.03.04 00:19:33.767] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2015.03.04 00:19:33.767] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2015.03.04 00:19:33.767] -     ....................................
[2015.03.04 00:19:33.767] - 
[2015.03.04 00:19:33.767] - --------------------------------------------------------------------------------
[2015.03.04 00:19:33.767] - 
[2015.03.04 00:19:33.767] - INFO: OS: 6.1.7601 SP1
[2015.03.04 00:19:33.767] - INFO: Product Type: Workstation
[2015.03.04 00:19:33.767] - INFO: WoW64: True
[2015.03.04 00:19:33.767] - INFO: Machine guid: EFE864D9-16D8-42B9-9AA7-B61BA768C034 
[2015.03.04 00:19:33.767] - 
[2015.03.04 00:19:33.767] - INFO: EULA Accepted
[2015.03.04 00:19:33.767] - --------------------------------------------------------------------------------
[2015.03.04 00:19:33.767] - INFO: Scanning for system infection...
[2015.03.04 00:19:33.767] - --------------------------------------------------------------------------------
[2015.03.04 00:19:33.767] - 
[2015.03.04 00:19:33.767] - 
[2015.03.04 00:19:33.767] - INFO: Current Shell HKLM [explorer.exe].
[2015.03.04 00:19:33.767] - INFO: Current SubSystems [%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16].
[2015.03.04 00:19:33.783] - 
[2015.03.04 00:19:33.798] - INFO: Sirefef's activity detected in:
[2015.03.04 00:19:33.798] - INFO: [\Registry\User\S-1-5-21-1202364088-1563372544-2181994608-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[2015.03.04 00:19:33.798] - INFO: Value name - Google Update ‮❤
[2015.03.04 00:19:33.798] - INFO: Value data - "C:\USERS\HOME\APPDATA\LOCAL\GOOGLE\DESKTOP\INSTALL\{96E53B37-63D1-697C-43FA-00E76C802AAA}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{96E53B37-63D1-697C-43FA-00E76C802AAA}\GOOGLEUPDATE.EXE" > 
[2015.03.04 00:19:33.798] - 
[2015.03.04 00:19:33.798] - INFO: Win64/Sirefef found
[2015.03.04 00:19:39.383] - 
[2015.03.04 00:19:39.383] - INFO: Win64/Sirefef was successfully removed from your system.
[2015.03.04 00:19:39.383] - --------------------------------------------------------------------------------
[2015.03.04 00:19:39.383] - INFO: Logging finished successfully...
[2015.03.04 00:19:39.383] - --------------------------------------------------------------------------------


#9 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 04 March 2015 - 06:13 AM

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#10 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 04 March 2015 - 10:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Home (administrator) on HOME-PC on 04-03-2015 08:42:45
Running from C:\Users\Home\Downloads
Loaded Profiles: Home (Available profiles: Home & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Milestone Systems A/S) C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe
() C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Milestone Systems A/S) C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe
() C:\Program Files (x86)\Milestone\DevicePack\devices\proxysrv\ProxySrv.exe
(CyberScrub LLC) C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe
(Milestone Systems A/S) C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Home\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-09-21] ()
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [Privacy Suite RiskMonitor] => C:\Program Files (x86)\CyberScrub Privacy Suite\CSRiskMon.exe [2425072 2010-03-29] (CyberScrub LLC)
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [Google Update**.d<*>] => "C:\Users\Home\AppData\Local\Google\Desktop\Install\{96e53b37-63d1-697c-43fa-00e76c802aaa}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{96e53b37-63d1-697c-43fa-00e76c802aaa}\GoogleUpdate.exe" > <===== ATTENTION (Value Name with invalid characters)
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-31] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mobile Server Manager.lnk
ShortcutTarget: Mobile Server Manager.lnk -> C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe (Milestone Systems A/S)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\XProtect Recording Server Manager.lnk
ShortcutTarget: XProtect Recording Server Manager.lnk -> C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe (Milestone Systems A/S)
ShellIconOverlayIdentifiers: [MOBK] -> {3c3f3c1a-9153-7c05-f938-622e7003894d} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK2] -> {e6ea1d7d-144e-b977-98c4-84c53c1a69d0} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK3] -> {b4caf489-1eec-c617-49ad-8d7088598c06} => C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> DefaultScope {00C6D714-896E-450D-9222-928B10680DC9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140714&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> {00C6D714-896E-450D-9222-928B10680DC9} URL = https://search.yahoo.com/search?fr=mcafee&type=B011US550D20140714&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> {0B31D88A-8670-4E80-95A9-D3086CB26E25} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-1202364088-1563372544-2181994608-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcDcToday.ocx
DPF: HKLM-x32 {AE563720-B4F5-11D4-A415-00108302FDFD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstBanr.ocx
DPF: HKLM-x32 {C6637286-300D-11D4-AE0A-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/InstFred.ocx
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files%20(x86)/AutoCAD%202002/AcPreview.ocx
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{B586A3D6-CD19-4EB5-8081-F55F7B1304B9}: [NameServer] 68.105.28.16
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-01-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-01-27]
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-16]
CHR Extension: (Google Drive) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
CHR Extension: (YouTube) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
CHR Extension: (Google Search) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
CHR Extension: (SiteAdvisor) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-01-16]
CHR Extension: (Hola Better Internet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-01-16]
CHR Extension: (Google Wallet) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Gmail) - C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
R2 Milestone Image Import Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [16370056 2014-05-12] ()
R2 Milestone Image Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe [21828472 2014-05-12] (Milestone Systems A/S)
R2 Milestone Log Check Service; C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [1309584 2014-05-12] ()
R2 Milestone Mobile Service; C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe [392560 2014-05-05] (Milestone Systems A/S)
R2 Milestone Notification Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe [16296 2014-05-12] ()
R2 Milestone Recording Server; C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe [22500224 2014-05-12] (Milestone Systems A/S)
R2 Milestone Service Control; C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [24576 2014-05-12] (Milestone Systems A/S) [File not signed]
R2 MilestoneEventServerService; C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe [2507264 2014-05-07] (Milestone Systems A/S) [File not signed]
R2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
R2 MSSQL$VIDEOOSDB; C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe [194240 2014-05-15] (Microsoft Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [1248544 2013-09-21] (NVIDIA Corporation)
S4 SQLAgent$VIDEOOSDB; C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\SQLAGENT.EXE [613056 2014-05-15] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation) [File not signed]
S2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-04] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
R1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () <==== ATTENTION (zero size file/folder)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [337088 2014-05-15] (Microsoft Corporation)
R2 SADP_NPF; C:\Windows\SysWOW64\drivers\sadp_npf64.sys [35344 2010-06-26] (CACE Technologies, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-04 08:41 - 2015-03-04 08:41 - 02092544 _____ (Farbar) C:\Users\Home\Downloads\FRST64 (1).exe
2015-03-04 00:21 - 2015-03-04 00:22 - 00006164 _____ () C:\Users\Home\Desktop\ESETSirefefCleaner.exe_20150304.002155.304.log
2015-03-04 00:19 - 2015-03-04 00:19 - 00006164 _____ () C:\Users\Home\Desktop\ESETSirefefCleaner.exe_20150304.001933.6264.log
2015-03-04 00:19 - 2015-03-04 00:17 - 00368992 _____ (ESET) C:\Users\Home\Desktop\ESETSirefefCleaner.exe
2015-03-04 00:01 - 2015-03-04 00:01 - 00131072 ___HT () C:\Users\Home\Documents\~Outlook.pst.tmp
2015-03-03 23:45 - 2015-03-03 23:45 - 00000000 _____ () C:\Users\Home\AppData\Local\{BB8538ED-1EC7-4FBE-AD74-CDAF44C5E27D}
2015-03-03 23:42 - 2015-03-03 23:42 - 00716480 _____ () C:\Users\Home\Downloads\ESETSirefefCleaner.exe_20150303.234201.4668.log
2015-03-03 23:42 - 2015-03-03 23:42 - 00000000 ____D () C:\Users\Home\AppData\Local\Tem
2015-03-03 23:41 - 2015-03-03 23:41 - 00368992 _____ (ESET) C:\Users\Home\Downloads\ESETSirefefCleaner.exe
2015-02-28 21:25 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2015-02-28 19:04 - 2015-02-28 19:29 - 00040914 _____ () C:\Users\Home\Downloads\Addition.txt
2015-02-28 18:58 - 2015-03-04 08:43 - 00023468 _____ () C:\Users\Home\Downloads\FRST.txt
2015-02-28 18:57 - 2015-02-28 18:57 - 02092544 _____ (Farbar) C:\Users\Home\Downloads\FRST64.exe
2015-02-27 15:11 - 2015-02-28 13:34 - 00000580 _____ () C:\Users\Home\Desktop\plot.log
2015-02-26 19:32 - 2015-02-26 19:32 - 00029807 _____ () C:\Users\Home\Desktop\Flat pattern - filler.dxf
2015-02-26 19:32 - 2015-02-26 19:32 - 00029807 _____ () C:\Users\Home\Desktop\Flat pattern - filler.bak
2015-02-26 19:25 - 2015-02-26 19:27 - 00000321 _____ () C:\Users\Home\Documents\plot.log
2015-02-23 08:50 - 2015-02-23 22:06 - 00013532 _____ () C:\Users\Home\Downloads\hijackthis.log
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2015-02-19 03:04 - 2015-02-19 03:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-05 23:09 - 2015-02-05 23:09 - 04147600 _____ ($Co_Name Inc.) C:\Users\Home\Downloads\unifying250.exe
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\ProgramData\LogiShrd
2015-02-05 23:09 - 2015-02-05 23:09 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2015-02-02 00:10 - 2015-02-02 00:10 - 00008714 _____ () C:\Users\Home\Documents\Book1.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-04 08:42 - 2013-10-11 19:18 - 00000000 ____D () C:\FRST
2015-03-04 08:41 - 2013-09-19 14:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 08:13 - 2014-10-18 06:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af.job
2015-03-04 08:13 - 2014-06-22 01:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0.job
2015-03-04 06:44 - 2013-09-19 23:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-04 05:29 - 2014-06-20 21:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-04 00:25 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 00:25 - 2009-07-13 21:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 00:22 - 2009-07-13 22:13 - 00925838 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 00:21 - 2013-09-20 05:28 - 01753420 _____ () C:\Windows\WindowsUpdate.log
2015-03-04 00:19 - 2013-09-20 10:42 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-04 00:18 - 2013-10-13 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-04 00:18 - 2013-09-29 09:21 - 00000310 _____ () C:\Windows\Brownie.ini
2015-03-04 00:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-04 00:18 - 2009-07-13 21:51 - 00553110 _____ () C:\Windows\setupact.log
2015-03-04 00:05 - 2014-02-19 00:38 - 2267300864 _____ () C:\Users\Home\Documents\Outlook.pst
2015-03-03 23:52 - 2014-07-11 11:03 - 00009635 _____ () C:\Windows\system32\amwrap.log
2015-03-03 23:43 - 2010-11-20 20:47 - 00701218 _____ () C:\Windows\PFRO.log
2015-02-28 21:18 - 2013-09-19 15:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-28 21:16 - 2014-03-29 23:03 - 00000000 ____D () C:\Program Files (x86)\AutoCAD 2002
2015-02-28 21:15 - 2013-09-20 20:16 - 00000000 ___HD () C:\Users\Home\Documents\entertainment
2015-02-23 08:25 - 2014-01-27 23:14 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-02-23 08:24 - 2013-09-19 14:50 - 00000000 ____D () C:\ProgramData\McAfee
2015-02-20 15:00 - 2014-04-03 23:57 - 00000000 ____D () C:\Users\Home\Documents\Attachments
2015-02-20 12:26 - 2014-01-16 22:17 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-19 03:05 - 2014-12-26 14:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-19 03:04 - 2014-12-26 14:42 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 03:04 - 2014-12-26 14:42 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-19 03:04 - 2014-12-26 14:42 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 03:04 - 2014-12-26 14:42 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-11 00:31 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-06 08:08 - 2014-10-18 06:39 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af
2015-02-06 08:08 - 2014-06-22 01:32 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0
2015-02-04 23:36 - 2013-09-19 14:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:41 - 2013-09-19 14:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-04 22:41 - 2013-09-19 14:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-02 00:10 - 2014-09-30 07:11 - 00000000 ____D () C:\Users\Home\Documents\weight loss
 
==================== Files in the root of some directories =======
 
2015-03-03 23:45 - 2015-03-03 23:45 - 0000000 _____ () C:\Users\Home\AppData\Local\{BB8538ED-1EC7-4FBE-AD74-CDAF44C5E27D}
2014-04-12 13:01 - 2014-04-12 16:43 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
ZeroAccess:
C:\Users\Home\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some content of TEMP:
====================
C:\Users\Home\AppData\Local\Temp\ESETSirefefCleaner.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-23 22:37
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Home at 2015-03-04 08:43:21
Running from C:\Users\Home\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64-bit Milestone Mobile Server 2.7a (Version: 1.0.0.0 - Milestone Systems A/S) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AnswerWorks Runtime (HKLM-x32\...\AnswerWorks) (Version:  - )
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AutoCAD 2002 (HKLM-x32\...\{5783F2D7-0101-0409-0000-0060B0CE6BBA}) (Version: 15.0.6.030 - Autodesk)
Autodesk Learning Assistance (HKLM-x32\...\Autodesk Learning Assistance) (Version:  - )
Brother HL-2170W (HKLM-x32\...\{D14849EE-427A-434D-B9D5-2B2D81CF1302}) (Version: 1.00 - Brother)
Camera Window (x32 Version: 4.1.1 - Canon) Hidden
Canon Camera Window for ZoomBrowser EX (HKLM-x32\...\InstallShield_{5ADA9741-0570-4096-B5FE-1D55E57537D4}) (Version: 4.1.1 - Canon)
Canon PhotoRecord (HKLM-x32\...\PhotoRecord) (Version:  - )
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.10.2.21 - Canon Inc.)
Canon Utilities File Viewer Utility 1.2 (HKLM-x32\...\InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}) (Version: 1.2.2 - Canon)
Canon Utilities PhotoStitch 3.1 (HKLM-x32\...\InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}) (Version: 3.1.10 - Canon)
Canon Utilities RemoteCapture 2.7 (HKLM-x32\...\InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}) (Version: 2.7.2 - Canon)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}) (Version: 04.01.00046 - CISRA)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)
CyberScrub® Privacy Suite™ 5.1 (HKLM-x32\...\CyberScrub® Privacy Suite™ 5.1_is1) (Version:  - CyberScrub LLC)
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
File Viewer Utility 1.2.2 (x32 Version: 1.2.2 - Canon) Hidden
Forté Agent (HKLM-x32\...\{DA5ECEAB-28C6-4306-9FBB-811DEF6DD780}) (Version: 7.20.1218 - Forté Internet Software, Inc.)
Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 5.20 - Philipp Winterberg)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MasterSplitter Program (HKLM-x32\...\MasterSplitter) (Version:  - )
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft VSS Writer for SQL Server 2012 (HKLM\...\{3E0DD83F-BE4C-4478-86A0-AD0D79D1353E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Milestone Mobile Administrator Plug-in 2.7a (x32 Version: 1.0.0.0 - Milestone Systems A/S) Hidden
Milestone XProtect Download Manager v1.1h (x32 Version: 1.1.335.7 - Milestone Systems A/S) Hidden
Milestone XProtect Event Server 3.3a (x32 Version: 3.3.665.1 - Milestone Systems A/S) Hidden
Milestone XProtect Event Server Platform Plugin 3.3a (x32 Version: 3.3.365.1 - Milestone Systems A/S) Hidden
Milestone XProtect Professional Products Device Pack 7.3 (HKLM-x32\...\{A14F55BC-8239-41D7-ADCC-B97F8C1F6BC9}) (Version: 7.3.1541 - Milestone Systems A/S)
Milestone XProtect Smart Client 2014 (64-bit) (Version: 9.0.1.510 - Milestone Systems A/S) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.92 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.92 - NVIDIA Corporation)
NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
NVIDIA WMI 2.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.12.0 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
PhotoStitch (x32 Version: 3.1.10 - Canon) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
RemoteCapture 2.7.2 (x32 Version: 2.7.2 - Canon) Hidden
Resource Package (x32 Version: 8.6.0.0 - Milestone) Hidden
SADP (HKLM-x32\...\{7D9B79C2-B1B2-433B-844F-F4299B86F26E}) (Version: 2.00.0000 - company)
Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
SQL Server 2012 Common Files (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Services (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Database Engine Shared (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server Browser for SQL Server 2012 (HKLM-x32\...\{4B9E6EB0-0EED-4E74-9479-F982C3254F71}) (Version: 11.2.5058.0 - Microsoft Corporation)
Sql Server Customer Experience Improvement Program (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
XProtect Professional VMS Products 2014 (HKLM\...\{27B421AF-ED9B-4BF3-9339-6860CB024FB9}) (Version: 8.6.1 - Milestone Systems A/S)
XProtect Professional VMS Products 2014 (x32 Version: 8.60.0000 - Milestone) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
26-02-2015 07:33:43 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {06887ED0-9033-4F18-BBF1-7BE2F5FF2331} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {39ED2BF7-F445-4CC8-B6E7-3EFBCE8FE77B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {3CE8CBB5-E2B6-413D-8025-D40E31C67576} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {46ADDDAB-FC68-4C52-9238-3255AA6E16BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {71838B0C-B1F1-434C-8B96-9D82B256369D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-01-06] (Microsoft Corporation)
Task: {AEA29D2A-E84D-46EA-82AC-41C8AD47A520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {B4B6088E-DF25-4FBF-92CC-3E36ACAE0967} - System32\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {CBA26E69-EFF4-42CA-BADE-122B52102B73} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-19] (Google Inc.)
Task: {DA1FEC53-9C23-4EFA-9BCB-C53D75420117} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {E415EE34-2F9C-4CC8-A354-0131E8D6F7C5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {E95A56FD-2D34-432D-BA4D-29BADD7CC684} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-10-13 21:32 - 2013-09-20 23:10 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-23 03:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 00016296 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe
2014-05-12 15:44 - 2014-05-12 15:44 - 16370056 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe
2014-09-25 07:09 - 2014-12-23 12:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-29 23:02 - 2014-01-29 23:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-05-12 15:13 - 2014-05-12 15:13 - 00901120 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\boost_regex-vc100-mt-1_49.dll
2014-05-12 15:37 - 2014-05-12 15:37 - 00029568 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\MonitorLicense.dll
2014-05-12 15:14 - 2014-05-12 15:14 - 03575808 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\xqilla22.dll
2014-05-12 15:22 - 2014-05-12 15:22 - 00559104 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\sqlite3.dll
2014-05-12 15:37 - 2014-05-12 15:37 - 00017824 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\videoos.recordingserver.license.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 01357312 _____ () C:\Program Files (x86)\Milestone\DevicePack\devices\proxy64\Proxy64.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 01309584 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe
2014-05-12 15:17 - 2014-05-12 15:17 - 00014848 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\PerformanceCounter.dll
2014-05-12 15:33 - 2014-05-12 15:33 - 00019968 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServerl.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00958976 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\ProxySrv.exe
2014-05-05 15:52 - 2014-05-05 15:52 - 01483264 _____ () C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.Toolkit.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 00901120 _____ () C:\Program Files\Milestone\Milestone Mobile Server\boost_regex-vc100-mt-1_49.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 03575808 _____ () C:\Program Files\Milestone\Milestone Mobile Server\xqilla22.dll
2014-05-05 15:52 - 2014-05-05 15:52 - 23517696 _____ () C:\Program Files\Milestone\Milestone Mobile Server\AVIExporterClientMW.dll
2014-05-05 15:53 - 2014-05-05 15:53 - 00010752 _____ () C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.Mobile.Windows.Net45.dll
2010-04-13 20:11 - 2010-04-13 20:11 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\LogServiceClientMW.dll
2014-05-12 15:09 - 2014-05-12 15:09 - 00728576 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\boost_regex-vc100-mt-1_49.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\Pipeline\AddIns\EmailPlugin\LogServiceClientMW.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 01401344 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\Pipeline\AddIns\SmsPlugin\LogServiceClientMW.dll
2014-05-12 15:40 - 2014-05-12 15:40 - 16084480 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.DeviceWrapper.dll
2014-05-12 15:08 - 2014-05-12 15:08 - 02870272 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\xqilla22.dll
2014-05-12 15:44 - 2014-05-12 15:44 - 01849248 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.Administrator.Tools.NET.dll
2014-05-12 15:09 - 2014-05-12 15:09 - 00240640 _____ () C:\Program Files (x86)\Milestone\Milestone Surveillance\boost_serialization-vc100-mt-1_49.dll
2014-05-01 14:29 - 2014-05-01 14:29 - 01894400 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\AutomaticDiscovery.dll
2012-07-31 09:07 - 2012-07-31 09:07 - 00238080 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\DecodeManaged.dll
2013-10-21 12:14 - 2013-10-21 12:14 - 01401344 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\LogServiceClientMW.dll
2013-10-21 12:14 - 2013-10-21 12:14 - 00728576 _____ () C:\Program Files (x86)\Milestone\XProtect Event Server\boost_regex-vc100-mt-1_49.dll
2014-09-25 07:09 - 2014-12-23 11:08 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00728576 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\boost_regex-vc100-mt-1_49.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00024576 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\CRuntimeOptions_7.2.dll
2014-05-01 14:32 - 2014-05-01 14:32 - 00012800 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\proxysrv\CRuntimeOptions_10.0.dll
2014-05-01 14:31 - 2014-05-01 14:31 - 00008704 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\VS2003Helper.dll
2014-04-28 15:59 - 2014-04-28 15:59 - 02870272 _____ () C:\Program Files (x86)\Milestone\DevicePack\Devices\xqilla22.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libglesv2.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\libegl.dll
2015-02-20 12:26 - 2015-02-17 15:44 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll
2014-09-25 07:08 - 2014-11-21 05:32 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B4AF47A7
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1202364088-1563372544-2181994608-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.16
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1202364088-1563372544-2181994608-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-1202364088-1563372544-2181994608-501 - Limited - Disabled)
Home (S-1-5-21-1202364088-1563372544-2181994608-1000 - Administrator - Enabled) => C:\Users\Home
HomeGroupUser$ (S-1-5-21-1202364088-1563372544-2181994608-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/04/2015 00:20:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53d3f592-21b8-4234-b329-f81359ecb3dc}
 
Error: (03/04/2015 00:20:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 00:09:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ec9a6c59-3ced-424a-86fb-47c80cdd0f98}
 
Error: (03/04/2015 00:09:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:58:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 13360. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (03/03/2015 11:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 40.0.2214.115 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 141c
 
Start Time: 01d05648027b7e83
 
Termination Time: 60000
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: af2e2cfa-c23b-11e4-b8f5-bc5ff468c8a1
 
Error: (03/03/2015 11:55:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a803851f-9cda-43bd-9abc-0bc1e6d623f3}
 
Error: (03/03/2015 11:54:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:47:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4bfd6e41-c0c1-4893-8cdd-a9777c69b23a}
 
Error: (03/03/2015 11:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (03/04/2015 00:18:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/04/2015 00:07:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/03/2015 11:52:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/03/2015 11:44:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Milestone Notification Server service hung on starting.
 
Error: (03/03/2015 11:43:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Coupon Printer Service service failed to start due to the following error: 
%%2
 
Error: (03/02/2015 04:14:36 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.
 
Error: (03/02/2015 04:11:18 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (03/02/2015 04:11:18 AM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (03/02/2015 04:11:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: 
%%-2147024891
 
Error: (03/02/2015 04:11:02 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
 
Microsoft Office Sessions:
=========================
Error: (03/04/2015 00:20:56 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {53d3f592-21b8-4234-b329-f81359ecb3dc}
 
Error: (03/04/2015 00:20:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/04/2015 00:09:38 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ec9a6c59-3ced-424a-86fb-47c80cdd0f98}
 
Error: (03/04/2015 00:09:08 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:58:40 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: 1336016303400002E3400002F340000B8010000
 
Error: (03/03/2015 11:58:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe40.0.2214.115141c01d05648027b7e8360000C:\Program Files (x86)\Google\Chrome\Application\chrome.exeaf2e2cfa-c23b-11e4-b8f5-bc5ff468c8a1
 
Error: (03/03/2015 11:55:01 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {a803851f-9cda-43bd-9abc-0bc1e6d623f3}
 
Error: (03/03/2015 11:54:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/03/2015 11:47:02 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {4bfd6e41-c0c1-4893-8cdd-a9777c69b23a}
 
Error: (03/03/2015 11:45:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 16277.01 MB
Available physical RAM: 12671.4 MB
Total Pagefile: 32552.2 MB
Available Pagefile: 28418.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:167.58 GB) (Free:30.54 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:149.05 GB) (Free:11.66 GB) NTFS
Drive f: () (Fixed) (Total:931.51 GB) (Free:0.98 GB) NTFS
Drive g: (New Volume) (Fixed) (Total:3725.9 GB) (Free:69.36 GB) NTFS
Drive h: (USB20FD) (Removable) (Total:15.12 GB) (Free:9.65 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 12E1C987)
Partition 1: (Not Active) - (Size=149 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C1E2C5B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 313C3E08)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 167.7 GB) (Disk ID: DEBF3DD6)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=167.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (MBR Code: Windows XP) (Size: 15.1 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=15.1 GB) - (Type=0C)
 
==================== End Of Log ============================


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 04 March 2015 - 11:56 AM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 04 March 2015 - 02:57 PM

I'll run it tonight after work.



#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 04 March 2015 - 02:59 PM

OK... :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#14 southchandler

southchandler
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:08:56 AM

Posted 05 March 2015 - 12:58 AM

Scary application. First mcafee said trojan and then I saw my computer said another computer connected to my network. Hopefully this software is clean.

 

ComboFix 15-03-01.01 - Home 03/04/2015  22:49:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16277.11627 [GMT -7:00]
Running from: C:\Users\Home\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
FW: McAfee Firewall *Enabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\acad.err
C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files\acadstk.dmp
C:\Windows\msdownld.tmp
C:\Windows\PFRO.log
 
 
(((((((((((((((((((((((((   Files Created from 2015-02-05 to 2015-03-05  )))))))))))))))))))))))))))))))
 
 
2015-03-05 05:54:06 . 2015-03-05 05:54:06 -------- d-----w- C:\Users\Default\AppData\Local\temp
2015-03-05 05:54:06 . 2015-03-05 05:54:06 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2015-03-04 06:42:13 . 2015-03-04 06:42:13 -------- d-----w- C:\Users\Home\AppData\Local\Tem
2015-03-01 04:25:21 . 2013-09-23 20:49:22 197704 ----a-w- C:\Windows\system32\drivers\HipShieldK.sys
2015-02-19 10:04:48 . 2015-02-19 10:04:48 -------- d-----w- C:\Users\Default\AppData\Roaming\Garmin
2015-02-06 06:09:37 . 2015-02-06 06:09:43 -------- d-----w- C:\ProgramData\LogiShrd
2015-02-06 06:09:33 . 2015-02-06 06:09:33 -------- d-----w- C:\Program Files\Common Files\LogiShrd
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2015-03-04 22:24:33 . 2014-06-21 04:10:42 129752 ----a-w- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2015-02-05 05:41:47 . 2013-09-19 21:36:54 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 05:41:47 . 2013-09-19 21:36:54 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-01-14 04:03:43 . 2013-09-19 22:03:31 627912 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 04:03:48 1729744 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 04:03:48 1729744 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 04:03:48 1729744 ----a-w- C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Privacy Suite RiskMonitor"="C:\Program Files (x86)\CyberScrub Privacy Suite\Launch.exe" [2008-07-29 18:37:24 45192]
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 17:30:28 688984]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsWnd"="C:\Program Files (x86)\Brownie\BrstsW64.exe" [2009-08-19 21:41:26 3695928]
"mcpltui_exe"="C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" [2014-09-17 20:48:48 643064]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-12-31 17:30:28 688984]
 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Mobile Server Manager.lnk - C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.TrayController.exe [2014-5-5 713064]
XProtect Recording Server Manager.lnk - C:\Program Files (x86)\Milestone\Milestone Surveillance\RecordingServerManager.exe [2014-5-12 199056]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\system32\drivers\HipShieldK.sys;C:\Windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\system32\IEEtwCollector.exe;C:\Windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;C:\Windows\system32\DRIVERS\mfencrk.sys;C:\Windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 MWAC;MWAC;C:\Windows\system32\drivers\;C:\Windows\SYSNATIVE\drivers\ [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 RsFx0201;RsFx0201 Driver;C:\Windows\system32\DRIVERS\RsFx0201.sys;C:\Windows\SYSNATIVE\DRIVERS\RsFx0201.sys [x]
R4 SQLAgent$VIDEOOSDB;SQL Server Agent (VIDEOOSDB);C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\SQLAGENT.EXE;C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\SQLAGENT.EXE [x]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys;C:\Windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 MOBKFilter;MOBKFilter;C:\Windows\system32\DRIVERS\MOBK.sys;C:\Windows\SYSNATIVE\DRIVERS\MOBK.sys [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 mbamchameleon;mbamchameleon;C:\Windows\system32\drivers\mbamchameleon.sys;C:\Windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe;C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [x]
S2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe;C:\Program Files\McAfee\MSC\McAPExe.exe [x]
S2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe;C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe;C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe;C:\Windows\SYSNATIVE\mfevtps.exe [x]
S2 Milestone Image Import Service;Milestone Image Import Service;C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\ImageImportService.exe [x]
S2 Milestone Image Server;Milestone Image Server;C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\ImageServer.exe [x]
S2 Milestone Log Check Service;Milestone Log Check Service;C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\ELFFLogCheckerService.exe [x]
S2 Milestone Mobile Service;Milestone Mobile Service;C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe;C:\Program Files\Milestone\Milestone Mobile Server\VideoOS.MobileServer.Service.exe [x]
S2 Milestone Notification Server;Milestone Notification Server;C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.NotificationServer.Service.exe [x]
S2 Milestone Recording Server;Milestone Recording Server;C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\x64\RecordingServer.exe [x]
S2 Milestone Service Control;Milestone Service Control;C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe;C:\Program Files (x86)\Milestone\Milestone Surveillance\VideoOS.ServiceControl.Service.exe [x]
S2 MilestoneEventServerService;Milestone XProtect Event Server;C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe;C:\Program Files (x86)\Milestone\XProtect Event Server\VideoOS.Event.Server.exe [x]
S2 MOBKbackup;McAfee Online Backup;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe;C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [x]
S2 MSSQL$VIDEOOSDB;SQL Server (VIDEOOSDB);C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe;C:\Program Files\Microsoft SQL Server\MSSQL11.VIDEOOSDB\MSSQL\Binn\sqlservr.exe [x]
S2 NVWMI;NVIDIA WMI Provider;C:\Windows\system32\nvwmi64.exe;C:\Windows\SYSNATIVE\nvwmi64.exe [x]
S2 SADP_NPF;Sadp Driver (SADP_NPF);C:\Windows\SysWOW64\drivers\sadp_npf64.sys;C:\Windows\SysWOW64\drivers\sadp_npf64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys;C:\Windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\system32\DRIVERS\ISCTD64.sys;C:\Windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\MBAMSwissArmy.sys;C:\Windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\system32\drivers\mwac.sys;C:\Windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys;C:\Windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\system32\DRIVERS\mfencbdc.sys;C:\Windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
 
 
--- Other Services/Drivers In Memory ---
 
*NewlyCreated* - MBAMSWISSARMY
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-02-20 19:19:52 1084744 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2015-03-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-19 21:36:54 . 2015-02-05 05:41:49]
 
2015-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 06:20:04 . 2013-09-20 06:20:04]
 
2015-03-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cfead8e1a5c6af.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 06:20:04 . 2013-09-20 06:20:04]
 
2015-03-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf8df487528ae0.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 06:20:04 . 2013-09-20 06:20:04]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-01-14 07:20:24 2334928 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-01-14 07:20:24 2334928 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-01-14 07:20:24 2334928 ----a-w- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 03:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 03:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 03:11:20 3816248 ----a-w- C:\Program Files (x86)\McAfee Online Backup\MOBKshell.dll
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="C:\Program Files\NVIDIA Corporation\nview\nwiz.exe" [2013-09-21 08:41:46 2747680]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2014-01-30 06:02:42 171992]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2014-01-30 06:02:14 399832]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2014-01-30 06:02:38 442328]
 
------- Supplementary Scan -------
 
uLocal Page = C:\Windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = C:\Windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{B586A3D6-CD19-4EB5-8081-F55F7B1304B9}: NameServer = 68.105.28.16
 
 
------- File Associations -------
 
.scr=AutoCADScriptFile
 
- - - - ORPHANS REMOVED - - - -
 
AddRemove-Coupon Printer for Windows5.0.1.2 - C:\Program Files (x86)\Coupons\uninstall.exe


#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:56 PM

Posted 05 March 2015 - 12:46 PM

Combofix is clean!

Step 1

Download mbar.PNGMalwarebytes Anti-Rootkit to your Desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
mbar.gif



Step 2

Please download fss.pngFarbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users