Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple PUP/hijack infections; not quite clean?


  • This topic is locked This topic is locked
7 replies to this topic

#1 KoichiTohei

KoichiTohei

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 14 March 2015 - 10:13 AM

Hi Folks

 

I'm cleaning a laptop for a friend and have followed various procedures using all the usual tools to get it cleaned.  It's not currently showing any symptoms and all malware/AV/registry scans are coming up clear but I suspect there's stuff lurking waiting to reinfect given half a chance so I'd really appreciate a log diagnosis and fix list from one of you kind people. :)

 

As I don't have my friend's consent to post his user and PC names I have replaced them in the logs and will reverse the process in the fix, I hope that doesn't mess things up.

 

Many thanks

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by <USERNAMEREPLACE> (administrator) on <PCNAMEREPLACE> on 14-03-2015 14:55:49
Running from C:\Users\<USERNAMEREPLACE>\Downloads
Loaded Profiles: <USERNAMEREPLACE> (Available profiles: <USERNAMEREPLACE>)
Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(EgisTec Inc.) C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
(Acer Corp.) C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
() C:\Windows\PLFSetI.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(EgisTec Inc.) C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Vodafone) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe
(Trend Micro Inc.) C:\Users\<USERNAMEREPLACE>\Desktop\PF Cleanup Tools\HijackThis.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7600672 2009-07-06] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-06] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [703008 2009-08-28] (Acer Incorporated)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [156968 2009-01-20] (CyberLink Corp.)
HKLM\...\Run: [BackupManagerTray] => C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [249600 2009-04-01] (NewTech Infosystems, Inc.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [202024 2009-01-20] (CyberLink)
HKLM\...\Run: [EgisTecLiveUpdate] => C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe [199464 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-24] (Google)
HKLM\...\Run: [MobileConnect] => C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [2412032 2009-09-18] (Vodafone)
HKLM\...\Run: [mwlDaemon] => C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [346672 2008-10-27] (EgisTec Inc.)
HKLM\...\Run: [PlayMovie] => C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe [173288 2008-12-26] (Acer Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2009-06-28] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [1194504 2009-08-27] (Dritek System Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-09-21] (Apple Inc.)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [EPSON SX410 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFCE.EXE [199680 2008-10-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3882312 2008-12-02] (Microsoft Corporation)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5503768 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [ToolwizCareFree] => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5274328 2015-03-13] (Toolwiz)
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\MountPoints2: F - F:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\MountPoints2: {ad7f0cac-0b86-11df-942f-001f16ae42f8} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\MountPoints2: {d12f6fd0-0a07-11df-8c7f-806e6f6e6963} - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-28] (Microsoft Corporation)
Startup: C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\EgisTec\MyWinLocker 3\x86\psdprotect.dll (EgisTec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49231;https=127.0.0.1:49231
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM -> {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> {B4ECCEBE-8977-4B9A-AE07-872334D6D6E6} URL = https://uk.search.yahoo.com/search?fr=mcafee&type=B011GB0D19700101&p={SearchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-06-01] (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-06-01] (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02] (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Toolbar: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-12] (Google Inc.)
Toolbar: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-08] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] ()
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 02 C:\Windows\system32\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 03 C:\Windows\system32\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 04 C:\Windows\system32\BDL.dll [319392] (BD Inc.)
Winsock: Catalog9 40 C:\Windows\system32\BDL.dll [319392] (BD Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.4.0 -> C:\Windows\system32\npDeployJava1.dll [2012-06-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-06-01] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-12] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2009-02-23]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426276562&from=face&uid=WDCXWD5000BEVT-22ZAT0_WD-WXB0A59P8578P8578
CHR StartupUrls: Default -> "https://www.google.co.uk/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-13]
CHR Extension: (Google Docs) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-13]
CHR Extension: (Google Drive) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-13]
CHR Extension: (WOT) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-03-13]
CHR Extension: (YouTube) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-13]
CHR Extension: (Adblock Plus) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-13]
CHR Extension: (TrafficLight) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfnpidifppmenkapgihekkeednfoenal [2015-03-13]
CHR Extension: (Google Search) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-13]
CHR Extension: (Google Sheets) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-13]
CHR Extension: (Downloads) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfchnphgogjhineanplmfkofljiagjfb [2015-03-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-13]
CHR Extension: (Gmail) - C:\Users\<USERNAMEREPLACE>\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-13]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2015-03-12]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [75048 2008-12-18] ()
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [727584 2009-08-28] (Acer Incorporated)
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-08-24] (Google)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2015-03-13] (SurfRight B.V.)
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [660992 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2015-02-19] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
R2 MWLService; C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [306736 2008-10-27] (EgisTec Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [54528 2009-04-01] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [9216 2009-09-18] (Vodafone) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S2 3c133651; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.56\OptProMon.dll",ENT
S2 c61b66f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.11\OptProCrash.dll",ENT
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax86.sys [22056 2015-02-18] (Emsisoft GmbH)
R1 BTOWSFF; C:\Windows\system32\Drivers\BTOWSFF.sys [27648 2015-03-13] (Toolwiz.com)
R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [45952 2015-03-13] (Toolwiz.com)
S3 cleanhlp; C:\EEK\bin\cleanhlp32.sys [50200 2015-02-18] (Emsisoft GmbH)
S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [100736 2009-07-23] (Huawei Technologies Co., Ltd.)
R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [48640 2015-03-13] (Toolwiz.com)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [130424 2009-07-16] (McAfee, Inc.)
R1 MpKsl6e6e98cf; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{38F9BE6B-4A3A-4894-A39B-3A6DA293E8B1}\MpKsl6e6e98cf.sys [39464 2015-03-14] (Microsoft Corporation)
R2 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [19504 2008-10-09] (Egis Incorporated.)
R2 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16432 2008-10-09] (Egis Incorporated.)
R2 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [59952 2008-10-09] (Egis Incorporated.)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [159776 2009-06-24] (Realtek Semiconductor Corp.)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2010-04-19] (Apple, Inc.) [File not signed]
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34576 2007-03-05] (IVT Corporation.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 14:55 - 2015-03-14 14:56 - 00026981 _____ () C:\Users\<USERNAMEREPLACE>\Downloads\FRST.txt
2015-03-14 14:55 - 2015-03-14 14:55 - 00000000 ____D () C:\FRST
2015-03-14 14:54 - 2015-03-14 14:55 - 01135104 _____ (Farbar) C:\Users\<USERNAMEREPLACE>\Downloads\FRST.exe
2015-03-14 13:25 - 2015-03-14 13:25 - 00000000 ____D () C:\Program Files\WOT
2015-03-14 13:11 - 2015-03-14 13:11 - 00000691 _____ () C:\Users\<USERNAMEREPLACE>\Desktop\JRT.txt
2015-03-14 12:45 - 2015-03-14 12:45 - 00072704 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2015-03-14 12:45 - 2015-03-14 12:45 - 00000134 _____ () C:\Windows\system32\eamclean.dat
2015-03-14 10:24 - 2015-03-14 10:24 - 00022610 _____ () C:\Users\<USERNAMEREPLACE>\Documents\cc_20150314_102404.reg
2015-03-14 09:52 - 2015-03-14 09:52 - 00001475 _____ () C:\Users\<USERNAMEREPLACE>\Desktop\iexplore - Shortcut.lnk
2015-03-13 20:28 - 2015-03-13 20:28 - 00613255 _____ (CMI Limited) C:\Users\<USERNAMEREPLACE>\AppData\Local\nsg893F.tmp
2015-03-13 20:21 - 2015-03-14 13:45 - 00001722 _____ () C:\Windows\Tasks\NZWWEJAP.job
2015-03-13 19:59 - 2015-03-13 23:29 - 00008824 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-13 19:58 - 2015-03-12 08:59 - 00319392 _____ (BD Inc.) C:\Windows\system32\BDL.dll
2015-03-13 19:55 - 2015-03-13 23:31 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\80C2CE51-1426276536-DE11-9A37-944D4FB6DA0C
2015-03-13 19:41 - 2015-03-13 23:31 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\80C2CE51-1426275662-DE11-9A37-944D4FB6DA0C
2015-03-13 19:39 - 2015-03-13 23:26 - 00000000 ____D () C:\Program Files\Optimizer Pro 3.56
2015-03-13 19:38 - 2015-03-13 20:27 - 00000000 ____D () C:\ProgramData\{c485f06a-e772-77eb-c485-5f06ae77c1ab}
2015-03-13 18:42 - 2015-03-13 15:49 - 00000835 _____ () C:\Windows\system32\Drivers\etc\hosts.20150313-184233.backup
2015-03-13 18:36 - 2015-03-13 23:31 - 00000950 _____ () C:\Windows\system32\.crusader
2015-03-13 18:29 - 2015-03-13 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-03-13 18:29 - 2015-03-13 18:29 - 00000000 ____D () C:\Program Files\HitmanPro
2015-03-13 18:28 - 2015-03-13 18:36 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-03-13 18:27 - 2015-03-13 18:28 - 10085648 _____ (SurfRight B.V.) C:\Users\<USERNAMEREPLACE>\Downloads\HitmanPro.exe
2015-03-13 16:11 - 2015-03-13 16:11 - 00048640 _____ (Toolwiz.com) C:\Windows\system32\Drivers\KSafeDISK.sys
2015-03-13 16:11 - 2015-03-13 16:11 - 00045952 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSVF.sys
2015-03-13 16:11 - 2015-03-13 16:11 - 00027648 _____ (Toolwiz.com) C:\Windows\system32\Drivers\BTOWSFF.sys
2015-03-13 16:11 - 2015-03-13 16:11 - 00000000 ___HD () C:\TOOLWIZ
2015-03-13 16:10 - 2015-03-13 16:14 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\ToolwizCareFree
2015-03-13 16:10 - 2015-03-13 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree
2015-03-13 16:10 - 2015-03-13 16:10 - 00000276 _____ () C:\Windows\Tasks\ToolwizCareFree.job
2015-03-13 16:10 - 2015-03-13 16:10 - 00000000 ____D () C:\Program Files\ToolwizCareFree
2015-03-13 15:56 - 2015-03-14 10:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-13 15:56 - 2015-03-14 09:51 - 00002294 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-13 15:02 - 2015-03-14 10:57 - 00000000 ____D () C:\EEK
2015-03-13 13:29 - 2015-03-13 13:29 - 00005080 _____ () C:\Users\<USERNAMEREPLACE>\Documents\cc_20150313_132926.reg
2015-03-13 13:29 - 2015-03-13 13:29 - 00000428 _____ () C:\Users\<USERNAMEREPLACE>\Documents\cc_20150313_132946.reg
2015-03-13 13:28 - 2015-03-13 13:29 - 00325574 _____ () C:\Users\<USERNAMEREPLACE>\Documents\cc_20150313_132841.reg
2015-03-13 13:06 - 2015-03-14 14:26 - 00000000 ____D () C:\AdwCleaner
2015-03-13 09:35 - 2015-03-13 09:36 - 00000000 ____D () C:\Program Files\My theme for Google
2015-03-13 09:29 - 2015-03-13 09:29 - 00002139 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-03-13 09:29 - 2015-03-13 09:29 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-03-13 09:29 - 2015-03-13 09:29 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-03-13 09:29 - 2015-03-13 09:29 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-03-13 09:29 - 2015-03-13 09:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-03-13 09:28 - 2015-03-14 14:42 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\Desktop\PF Cleanup Tools
2015-03-13 09:28 - 2015-03-13 18:43 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-13 09:28 - 2015-03-13 09:31 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-03-13 09:28 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-03-13 09:27 - 2015-03-13 09:27 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\<USERNAMEREPLACE>\Downloads\spybot-2.4.exe
2015-03-13 08:46 - 2015-03-13 08:46 - 00000000 ____D () C:\CCE_Quarantine
2015-03-13 08:26 - 2015-03-13 08:26 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\Downloads\cce_2.5.242177.201_x32
2015-03-13 08:22 - 2015-03-13 08:22 - 01182190 _____ () C:\Users\<USERNAMEREPLACE>\Downloads\7z938.exe
2015-03-13 08:22 - 2015-03-13 08:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-13 08:22 - 2015-03-13 08:22 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-13 08:18 - 2015-03-13 08:19 - 23732069 _____ () C:\Users\<USERNAMEREPLACE>\Downloads\cce_2.5.242177.201_x32.zip
2015-03-13 03:07 - 2015-01-08 23:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-13 01:58 - 2015-03-13 09:37 - 00000000 ____D () C:\Program Files\Themes for Facebook
2015-03-13 00:08 - 2015-03-13 00:09 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\Downloads\JkDefrag-3.36
2015-03-13 00:05 - 2015-03-13 00:05 - 00478618 _____ () C:\Users\<USERNAMEREPLACE>\Downloads\JkDefrag-3.36.zip
2015-03-12 23:38 - 2015-03-12 23:38 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05d1da308c730.job
2015-03-12 22:39 - 2015-03-12 22:39 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-12 22:39 - 2015-03-12 22:39 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-12 22:38 - 2015-03-12 22:39 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-12 22:30 - 2015-03-12 22:30 - 00003304 ____N () C:\bootsqm.dat
2015-03-12 22:12 - 2015-02-03 03:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-12 22:11 - 2015-02-26 03:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-12 22:11 - 2015-02-24 02:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-12 22:11 - 2015-02-21 00:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-12 22:11 - 2015-02-21 00:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-12 22:11 - 2015-02-21 00:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-12 22:11 - 2015-02-21 00:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-12 22:11 - 2015-02-20 23:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-12 22:11 - 2015-02-20 02:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-12 22:11 - 2015-02-20 02:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-12 22:11 - 2015-02-20 02:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-12 22:11 - 2015-02-20 02:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-12 22:11 - 2015-02-20 02:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-12 22:11 - 2015-02-20 02:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-12 22:11 - 2015-02-20 02:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-12 22:11 - 2015-02-20 02:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-12 22:11 - 2015-02-20 02:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-12 22:11 - 2015-02-20 01:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-12 22:11 - 2015-02-20 01:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-12 22:11 - 2015-02-20 01:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-12 22:11 - 2015-02-20 01:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-12 22:11 - 2015-02-20 01:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-12 22:11 - 2015-02-20 01:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-12 22:11 - 2015-02-20 01:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-12 22:11 - 2015-02-20 01:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-12 22:11 - 2015-02-20 01:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-12 22:11 - 2015-02-20 01:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-12 22:11 - 2015-02-20 01:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-12 22:11 - 2015-02-20 01:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-12 22:11 - 2015-02-20 01:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-12 22:11 - 2015-02-20 00:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-12 22:11 - 2015-02-20 00:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-12 22:11 - 2015-02-13 05:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-12 22:11 - 2015-01-17 02:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-12 22:09 - 2015-03-06 05:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-12 22:09 - 2015-03-06 05:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-12 22:09 - 2015-03-06 05:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-12 22:09 - 2015-03-06 05:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-12 22:09 - 2015-03-06 05:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-12 22:09 - 2015-03-06 05:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-12 22:09 - 2015-03-06 05:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-12 22:09 - 2015-03-06 05:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-12 22:09 - 2015-03-06 05:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-12 22:09 - 2015-02-03 03:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-12 22:08 - 2015-02-20 04:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-12 22:08 - 2015-02-20 04:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-12 22:08 - 2015-02-20 04:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-12 22:08 - 2015-02-20 04:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-12 22:08 - 2015-02-20 03:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-12 22:08 - 2015-02-04 02:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-12 22:08 - 2015-02-03 03:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-12 22:08 - 2015-02-03 03:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-12 22:08 - 2015-02-03 03:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-12 22:08 - 2015-02-03 03:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-12 22:08 - 2015-02-03 03:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-12 22:08 - 2015-02-03 03:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-12 22:08 - 2015-02-03 03:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-12 22:08 - 2015-02-03 03:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-12 22:08 - 2015-02-03 03:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-12 22:08 - 2015-02-03 03:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-12 22:08 - 2015-02-03 03:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-12 22:08 - 2015-02-03 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-12 22:08 - 2015-02-03 03:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-12 22:08 - 2015-02-03 03:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-12 22:08 - 2015-02-03 02:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-12 22:08 - 2015-01-30 23:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-12 22:08 - 2014-10-31 22:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-12 22:08 - 2014-06-28 00:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-12 22:08 - 2014-06-28 00:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-12 21:52 - 2015-03-13 21:44 - 00000000 ____D () C:\Program Files\960 Grid System Overlay Unofficial
2015-03-12 21:47 - 2015-03-03 13:16 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-03-12 21:45 - 2015-03-14 09:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 21:30 - 2015-03-12 21:30 - 11530032 _____ (Microsoft Corporation) C:\Users\<USERNAMEREPLACE>\Downloads\mseinstall.exe
2015-03-12 21:20 - 2015-03-12 21:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-12 21:19 - 2015-03-12 21:20 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-12 21:18 - 2015-03-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-12 21:17 - 2015-03-12 21:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-12 21:17 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 21:17 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-12 21:17 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 21:16 - 2015-03-12 21:16 - 05325696 _____ (Piriform Ltd) C:\Users\<USERNAMEREPLACE>\Downloads\ccsetup503.exe
2015-03-12 21:14 - 2015-03-12 21:15 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\<USERNAMEREPLACE>\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-12 16:19 - 2015-03-12 18:02 - 00000000 ____D () C:\DrWeb Quarantine
2015-03-09 21:30 - 2015-03-09 21:30 - 00005487 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP
2015-02-22 19:58 - 2015-03-12 23:02 - 00000000 ____D () C:\Program Files\Proxxy
2015-02-22 19:52 - 2015-02-22 19:52 - 00100352 _____ () C:\Users\<USERNAMEREPLACE>\Documents\womens group.pub
2015-02-22 19:33 - 2015-01-09 02:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-22 19:33 - 2015-01-09 02:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-22 19:33 - 2015-01-09 02:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-22 19:30 - 2015-03-12 23:17 - 00000020 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\appdataFr3.bin
2015-02-22 19:26 - 2015-02-22 19:26 - 00000000 ____D () C:\ProgramData\646362220a194369943d559fdbbd8718
2015-02-22 19:24 - 2015-02-22 19:24 - 00000000 ____D () C:\ProgramData\9a9677e51cdd4a19be7cb6e6ee87e509
2015-02-17 15:26 - 2015-02-17 15:26 - 01217184 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-16 23:20 - 2015-03-12 23:02 - 00000000 ____D () C:\Program Files\savEraBox
2015-02-16 23:20 - 2015-03-12 23:02 - 00000000 ____D () C:\Program Files\Minecraft 2
2015-02-16 23:20 - 2015-02-16 23:20 - 00000000 ____D () C:\ProgramData\ohdkaaafkcllpacbcglahifmcaoghcgb
2015-02-16 23:13 - 2015-02-04 02:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-16 23:13 - 2015-02-04 02:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-16 23:13 - 2015-02-04 02:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-16 23:13 - 2015-02-04 02:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-16 23:13 - 2015-02-04 02:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-16 23:13 - 2015-02-04 02:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-16 23:13 - 2015-02-04 02:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-16 23:13 - 2015-01-27 23:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-16 23:13 - 2014-11-26 03:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-16 23:13 - 2014-10-04 01:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-16 23:13 - 2014-10-04 01:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-16 23:10 - 2014-12-08 02:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-16 23:07 - 2015-02-16 23:07 - 00817152 _____ () C:\Users\<USERNAMEREPLACE>\Documents\Phoebe9yrs.pub
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-14 14:55 - 2010-01-25 23:53 - 01815596 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 14:41 - 2010-02-03 19:33 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-14 14:12 - 2013-12-21 21:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 13:54 - 2010-01-25 23:20 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 13:54 - 2010-01-25 23:20 - 00019664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 13:47 - 2009-12-17 21:04 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\Tracing
2015-03-14 13:45 - 2010-02-03 19:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-14 13:45 - 2009-07-14 04:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 10:48 - 2012-06-17 22:12 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Skype
2015-03-14 10:30 - 2009-07-14 04:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-14 10:30 - 2009-02-23 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer GameZone
2015-03-14 10:30 - 2009-02-23 17:38 - 00000000 ____D () C:\Program Files\Acer GameZone
2015-03-14 09:55 - 2010-12-28 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
2015-03-13 21:44 - 2009-07-14 04:52 - 00000000 ____D () C:\Windows\twain_32
2015-03-13 20:28 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\schemas
2015-03-13 18:42 - 2006-11-02 10:23 - 00450782 ____R () C:\Windows\system32\Drivers\etc\hosts.20150314-132858.backup
2015-03-13 15:56 - 2009-11-28 20:11 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\Google
2015-03-13 15:56 - 2009-11-28 20:10 - 00000000 ____D () C:\Program Files\Google
2015-03-13 15:36 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-13 15:10 - 2006-11-02 10:23 - 00522710 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-03-13 13:02 - 2009-07-14 04:56 - 00000000 ____D () C:\Windows\DigitalLocker
2015-03-13 13:01 - 2014-12-15 19:21 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\com
2015-03-13 09:35 - 2014-12-13 00:12 - 00000000 ____D () C:\ProgramData\6162484630447960813
2015-03-13 03:40 - 2009-07-14 04:33 - 00419576 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-13 03:22 - 2009-02-23 17:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-13 03:21 - 2006-11-02 10:23 - 00000342 _____ () C:\Windows\win.ini
2015-03-13 03:20 - 2013-10-31 01:18 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-13 03:08 - 2010-04-02 12:06 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-12 23:56 - 2009-02-23 17:34 - 00059363 _____ () C:\Windows\system32\Config.MPF
2015-03-12 23:56 - 2009-02-23 17:25 - 00000000 ____D () C:\Program Files\McAfee
2015-03-12 23:51 - 2009-02-23 17:25 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-12 23:33 - 2009-02-21 00:35 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-03-12 23:28 - 2014-11-30 17:28 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-12 23:02 - 2014-12-22 17:24 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\29631
2015-03-12 22:34 - 2009-02-23 17:26 - 00000000 ____D () C:\Program Files\Common Files\McAfee
2015-03-12 22:24 - 2014-12-14 14:49 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-12 22:24 - 2014-06-26 13:37 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-12 22:24 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\tracing
2015-03-12 22:04 - 2009-07-14 02:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-12 21:39 - 2010-01-26 07:17 - 00000000 ____D () C:\Windows\Panther
2015-03-12 21:38 - 2012-01-12 17:11 - 00000000 ____D () C:\Windows\Minidump
2015-03-12 21:17 - 2010-01-26 00:03 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 18:01 - 2015-01-22 20:10 - 00000000 ____D () C:\Users\<USERNAMEREPLACE>\AppData\Local\ebbfc6a9-ef49-4f1a-8649-1be442fe7e86
2015-03-12 16:48 - 2014-12-15 19:18 - 00000000 ____D () C:\ProgramData\rrIjWqZfgu
2015-03-11 17:06 - 2009-11-28 21:18 - 00000000 ____D () C:\Program Files\ABBYY FineReader 6.0 Sprint
2015-03-11 17:06 - 2009-06-28 21:19 - 00000000 ____D () C:\Program Files\Acer
 
==================== Files in the root of some directories =======
 
2014-05-12 06:50 - 2014-05-12 06:50 - 6103040 _____ () C:\Program Files\GUTD539.tmp
2015-02-22 19:30 - 2015-03-12 23:17 - 0000020 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\appdataFr3.bin
2015-03-09 21:30 - 2015-03-09 21:30 - 0005487 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP
2014-12-15 09:22 - 2015-02-09 21:39 - 0000130 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\WB.CFG
2009-11-28 20:22 - 2012-04-15 19:38 - 0003040 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\wklnhst.dat
2010-05-05 15:50 - 2014-11-16 19:01 - 0009728 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-22 17:39 - 2014-12-22 17:39 - 0000001 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Local\DSI.DAT
2014-12-22 17:39 - 2014-12-22 17:39 - 0022528 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Local\dsisetup31094272.exe
2011-03-20 20:24 - 2011-03-20 20:24 - 3002471 _____ (MyWebSearch.com) C:\Users\<USERNAMEREPLACE>\AppData\Local\mwsautSp.exe
2015-03-13 20:28 - 2015-03-13 20:28 - 0613255 _____ (CMI Limited) C:\Users\<USERNAMEREPLACE>\AppData\Local\nsg893F.tmp
2011-11-10 07:51 - 2011-11-10 07:51 - 0000000 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Local\{88478C1D-08EC-48E9-83CA-C16244731FA7}
2010-01-26 00:03 - 2010-01-26 00:03 - 0000000 _____ () C:\ProgramData\DeviceManager.xml.RC4
2010-08-10 14:12 - 2010-08-10 14:48 - 0000682 _____ () C:\ProgramData\hpzinstall.log
 
Some content of TEMP:
====================
C:\Users\<USERNAMEREPLACE>\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wjzr1.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-15 19:56
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by <USERNAMEREPLACE> at 2015-03-14 14:57:04
Running from C:\Users\<USERNAMEREPLACE>\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
7-Zip 9.38 beta (HKLM\...\7-Zip) (Version:  - )
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.5.6121 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.5.6121 - CyberLink Corp.) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 1.0.0.53 - NewTech Infosystems)
Acer Crystal Eye webcam Ver:1.1.74.216 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.74.216 - Chicony Electronics Co.,Ltd.)
Acer ePower Management (HKLM\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 4.05.3003 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.0.0.0226 - Acer)
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{69567CE7-08A6-F984-3BA1-9AE068EC7AAF}) (Version: 3.0.715.0 - ATI Technologies, Inc.)
B209a-m (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Backup Manager Basic (Version: 1.0.0.53 - NewTech Infosystems) Hidden
Barbie Beach Vacation (HKLM\...\Barbie™ Beach Vacation™) (Version:  - )
Bluesoleil3.2.2.8 Release 070421 (HKLM\...\{8E9D738A-2C30-4574-90FE-E6B4F6065D48}) (Version: 3.2.2.8 Release 070421 - IVT Corporation)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{9AF0B106-56F1-461B-A270-95BC1682E282}) (Version: 11.34.01 - Broadcom Corporation)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
ccc-core-static (Version: 2009.0318.2141.37097 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Dropbox (HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
DVDFab 9.1.8.5 (24/01/2015) (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
Epson Stylus SX210_SX410_TX210_TX410 Manual (HKLM\...\Epson Stylus SX210_SX410_TX210_TX410 User’s Guide) (Version:  - )
EPSON SX410 Series Printer Uninstall (HKLM\...\EPSON SX410 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6227.252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: 7.80.2.53 - Conexant Systems)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{9FEF1A18-8F26-4F49-A5A4-956C12210624}) (Version: 13.0 - HP)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (Version: 130.0.303.000 - Hewlett-Packard) Hidden
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java™ 7 Update 4 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
Junk Mail filter update (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Launch Manager (HKLM\...\LManager) (Version: 3.0.03 - Acer Inc.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Money Plus (HKLM\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works (HKLM\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}) (Version: 3.1.4.0 - Apple Inc.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (HKLM\...\{68301905-2DEA-41CE-A4D4-E8B443B099BA}) (Version: 3.1.36.0 - EgisTec)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Neverwinter Nights (HKLM\...\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}) (Version:  - )
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.616 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.616 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6509 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6509 - NewTech Infosystems) Hidden
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Orion (HKLM\...\{5B63A470-9334-44D1-AF61-6CE2DB565AE9}) (Version: 2.5.0 - Convesoft)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PS_AIO_06_B209a-m_SW_Min (Version: 130.0.373.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5888 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 6.0.6000.20121 - Realtek Semiconductor Corp.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Toolwiz Care (HKLM\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)
Upgrade Kit (HKLM\...\{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}) (Version: 1.00.3002 - Acer Inc.)
Vodafone Mobile Connect Lite (HKLM\...\{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}) (Version: 9.4.4.17702 - Vodafone)
WarrantyExtension (Version: 1.00.0000 - Hewlett-Packard) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Mobile Device Center (HKLM\...\{904CCF62-818D-4675-BC76-D37EB399F917}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\System32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2075791736-2066105264-2045362467-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
13-03-2015 03:00:51 Windows Update
13-03-2015 18:34:54 Checkpoint by HitmanPro
13-03-2015 18:36:14 Checkpoint by HitmanPro
13-03-2015 23:24:40 Checkpoint by HitmanPro
13-03-2015 23:30:47 Checkpoint by HitmanPro
14-03-2015 09:57:34 Configured PowerCinema
14-03-2015 13:25:10 Installed WOT for Internet Explorer
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2015-03-14 13:28 - 00450782 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {192CABC9-E62C-4EC7-9719-FC44AD416A3B} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5_user No Task File <==== ATTENTION
Task: {1C6689D1-D4D8-45DB-B020-BDF0EA7AAEC1} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-1 No Task File <==== ATTENTION
Task: {2310E55D-442C-4C3D-AB6F-6DF26A055E81} - System32\Tasks\NZWWEJAP => C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
Task: {25C1C454-E171-4F25-B169-88D6A1E92E19} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {286CF40C-E2C4-46C3-8269-F1A9CF98791A} - \77b26065-03f7-4e7f-94c1-f52429115a22-2 No Task File <==== ATTENTION
Task: {2E01C62A-EA6D-400C-BFE8-823B4C5AFA01} - System32\Tasks\3123d36a-79fa-4202-90f3-59267d763160 => C:\Program Files\CinemaHd For Pro 2.4cV15.12\3123d36a-79fa-4202-90f3-59267d763160.exe <==== ATTENTION
Task: {330814DB-58E7-4A8A-A411-C2E839B4CCF4} - \77b26065-03f7-4e7f-94c1-f52429115a22-5 No Task File <==== ATTENTION
Task: {36C8D7B3-44B3-41B3-B2B8-89A75FC65BDC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5 No Task File <==== ATTENTION
Task: {3B2DE06C-CD32-41B9-9975-143B5D38AD62} - \77b26065-03f7-4e7f-94c1-f52429115a22-3 No Task File <==== ATTENTION
Task: {3E0B2B8D-0800-4D08-8563-7C74A3EF4352} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-7 No Task File <==== ATTENTION
Task: {4FFC40A3-73F3-4D3C-900E-61EF9D98993F} - System32\Tasks\YWDIRMDPS => C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe [2015-02-21] ()
Task: {5464ADF4-87D8-48BC-B9C6-AC55402B0286} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-3 No Task File <==== ATTENTION
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {5828A4D0-8B86-4750-8BD2-22D13ADD77A5} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-6 No Task File <==== ATTENTION
Task: {588F093B-8A69-4627-A7CC-7CFC8C6E06C8} - System32\Tasks\{FE35587E-73E8-484B-9200-2615F16FB492} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -c /z-uninstall
Task: {595C395F-67A3-40BD-A0AE-A788B4CA15AA} - \77b26065-03f7-4e7f-94c1-f52429115a22-7 No Task File <==== ATTENTION
Task: {5D6B0421-BFBE-407F-BDA7-A342FA60C096} - \77b26065-03f7-4e7f-94c1-f52429115a22-5_user No Task File <==== ATTENTION
Task: {6F5D5D1F-8495-48ED-8690-ED2CB6EA2694} - System32\Tasks\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2 => C:\Program Files\Media+PlayerVidEd2.0\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2.exe <==== ATTENTION
Task: {83B0DB5E-3E1B-4FEE-A064-8A06B78ABCC3} - \77b26065-03f7-4e7f-94c1-f52429115a22-11 No Task File <==== ATTENTION
Task: {84AD4CDE-D194-4059-B0AC-B887496DB2C9} - System32\Tasks\Regwork => C:\Program Files\RegWork\RegWork.exe
Task: {97C7D69B-4A7E-43D0-B3C2-9DEC9E804AD1} - \77b26065-03f7-4e7f-94c1-f52429115a22-4 No Task File <==== ATTENTION
Task: {98A22D2D-F1FF-49CD-BE7B-4B0A44661EC6} - System32\Tasks\RunTool => C:\Users\<USERNAMEREPLACE>\AppData\Local\ebbfc6a9-ef49-4f1a-8649-1be442fe7e86\sysad.exe
Task: {A3A4337A-7B81-4A1C-9BA5-1B7485E36C43} - \77b26065-03f7-4e7f-94c1-f52429115a22-6 No Task File <==== ATTENTION
Task: {A9C36C63-9F15-44F0-A39A-7614CB46158C} - System32\Tasks\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f => C:\Program Files\CinemaHd For Pro 2.4cV15.12\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f.exe <==== ATTENTION
Task: {B164B23A-94FA-4409-A2FC-7F3D37346BB8} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-11 No Task File <==== ATTENTION
Task: {B3B9D484-5C99-4EB7-B221-2638488C8587} - \77b26065-03f7-4e7f-94c1-f52429115a22-10_user No Task File <==== ATTENTION
Task: {B4492C5B-FF04-4728-87FB-B0981EA78BDF} - \77b26065-03f7-4e7f-94c1-f52429115a22-1 No Task File <==== ATTENTION
Task: {BEAF7F53-86B4-49F8-95DF-DB3318C5AB06} - \upfs7235 No Task File <==== ATTENTION
Task: {C2FF6CAA-BF3D-4EFD-A7B8-3345AED03FFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {C6E06C79-ED07-4B70-8BE5-D862C1A4BD6F} - System32\Tasks\99d233d3-3fd4-4a57-9fd3-432a0aa357d8 => C:\Program Files\Media+PlayerVidEd2.0\99d233d3-3fd4-4a57-9fd3-432a0aa357d8.exe <==== ATTENTION
Task: {DBF143DA-D925-41FD-9449-000079DD1A55} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-4 No Task File <==== ATTENTION
Task: {E25C86D2-D9B7-422C-A563-434B1C79BD73} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EE1EB32B-070C-4F37-AE70-3F09BBABB6CF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-02] (Google Inc.)
Task: {F07B7667-9B4F-4D81-8698-95CA4CA8B7AC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-10_user No Task File <==== ATTENTION
Task: {F7FC411B-7663-4173-BB87-C5325ACE4874} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: {FA73228A-8EDE-472C-84F8-D7B8982818B9} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-2 No Task File <==== ATTENTION
Task: {FFC1FB44-0E81-4B12-B61D-3694594A496C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d05d1da308c730.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\NZWWEJAP.job => C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe-shed C:\Program Files\RegWork\RegWork.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\ToolwizCareFree.job => C:\Program Files\ToolwizCareFree\ToolwizCares.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-02-02 16:33 - 2009-02-02 16:33 - 00460199 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-01-20 23:41 - 2009-01-20 23:41 - 00872448 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2009-01-20 23:41 - 2009-01-20 23:41 - 00007680 _____ () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\system32\msjetoledb40.dll
2009-06-28 21:19 - 2009-06-28 21:19 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-13 13:23 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Mobile Device Support\libxml2.dll
2009-06-28 21:41 - 2008-12-18 12:51 - 00075048 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-02-23 17:32 - 2009-02-13 12:44 - 00117264 _____ () c:\Program Files\McAfee\SiteAdvisor\apengine.dll
2009-02-23 17:32 - 2009-02-13 12:44 - 00071696 _____ () c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
2009-02-23 17:32 - 2009-02-13 12:44 - 00207376 _____ () c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
2008-09-28 16:55 - 2008-09-28 16:55 - 01076224 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2015-03-13 09:28 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-03-13 09:28 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-03-13 09:28 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-03-13 09:28 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-03-13 09:28 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00750080 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-14 13:47 - 2015-03-14 13:47 - 00043008 ____N () c:\Users\<USERNAMEREPLACE>\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wjzr1.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00047616 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00863744 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 00:22 - 2014-10-22 00:22 - 00200704 _____ () C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-03-13 15:56 - 2015-03-07 06:12 - 01174856 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\libglesv2.dll
2015-03-13 15:56 - 2015-03-07 06:12 - 00080200 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\libegl.dll
2015-03-13 15:56 - 2015-03-07 06:13 - 09279304 _____ () C:\Program Files\Google\Chrome\Application\41.0.2272.89\pdf.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ColorMedia => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\<USERNAMEREPLACE>\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2075791736-2066105264-2045362467-500 - Administrator - Disabled)
Guest (S-1-5-21-2075791736-2066105264-2045362467-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2075791736-2066105264-2045362467-1002 - Limited - Enabled)
<USERNAMEREPLACE> (S-1-5-21-2075791736-2066105264-2045362467-1000 - Administrator - Enabled) => C:\Users\<USERNAMEREPLACE>
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Photosmart Plus B209a-m
Description: Photosmart Plus B209a-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: MpKsl1aac8012
Description: MpKsl1aac8012
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: MpKsl1aac8012
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/14/2015 01:47:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/14/2015 01:46:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2015 01:46:56 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
 
System errors:
=============
Error: (03/14/2015 01:47:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/14/2015 01:46:50 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor service to connect.
 
Error: (03/14/2015 01:46:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Optimizer Pro Crash Monitor (3c133651) service to connect.
 
Error: (03/14/2015 01:45:34 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (03/14/2015 01:45:34 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
 
Microsoft Office Sessions:
=========================
Error: (03/14/2015 01:47:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe
 
Error: (03/14/2015 01:46:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (03/14/2015 01:46:56 PM) (Source: VMCService) (EventID: 0) (User: )
Description: conflictManagerTypeValue
 
 
CodeIntegrity Errors:
===================================
  Date: 2010-01-25 22:26:57.134
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:26:57.102
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:26:57.071
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:26:57.040
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:26:57.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:19:39.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:19:39.148
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:19:39.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:19:39.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2010-01-25 22:19:38.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ X2 Dual-Core QL-64
Percentage of memory in use: 57%
Total physical RAM: 2814.36 MB
Available physical RAM: 1194.43 MB
Total Pagefile: 5627.01 MB
Available Pagefile: 3644.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1886.16 MB
 
==================== Drives ================================
 
Drive c: (ACER) (Fixed) (Total:455.99 GB) (Free:381.34 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 526E3EE7)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=456 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 



BC AdBot (Login to Remove)

 


#2 KoichiTohei

KoichiTohei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 17 March 2015 - 12:07 PM

I appreciate we're not supposed to bump threads and that they get dealt with on a first come first served basis but other topics posted after this one have been answered and I have to return my friends laptop tonight so I'd really welcome a response if at all possible.

 

Thanks



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 AM

Posted 18 March 2015 - 08:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Note
Change the following ID <USERNAMEREPLACE> to the original name before saving the Fixlist.txt file otherwise the entry will not be deleted.

===


If this proxy setting is not required please add both lines in the quote box (the fix) before saving the fixlist.txt file.
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49231;https=127.0.0.1:49231

===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe
(Trend Micro Inc.) C:\Users\<USERNAMEREPLACE>\Desktop\PF Cleanup Tools\HijackThis.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [ToolwizCareFree] => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5274328 2015-03-13] (Toolwiz)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426276562&from=face&uid=WDCXWD5000BEVT-22ZAT0_WD-WXB0A59P8578P8578
CHR HKLM\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.google.com/service/update2/crx
S2 3c133651; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.56\OptProMon.dll",ENT
S2 c61b66f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.11\OptProCrash.dll",ENT
Task: {192CABC9-E62C-4EC7-9719-FC44AD416A3B} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5_user No Task File <==== ATTENTION
Task: {1C6689D1-D4D8-45DB-B020-BDF0EA7AAEC1} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-1 No Task File <==== ATTENTION
Task: {2310E55D-442C-4C3D-AB6F-6DF26A055E81} - System32\Tasks\NZWWEJAP => C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
Task: {286CF40C-E2C4-46C3-8269-F1A9CF98791A} - \77b26065-03f7-4e7f-94c1-f52429115a22-2 No Task File <==== ATTENTION
Task: {2E01C62A-EA6D-400C-BFE8-823B4C5AFA01} - System32\Tasks\3123d36a-79fa-4202-90f3-59267d763160 => C:\Program Files\CinemaHd For Pro 2.4cV15.12\3123d36a-79fa-4202-90f3-59267d763160.exe <==== ATTENTION
Task: {330814DB-58E7-4A8A-A411-C2E839B4CCF4} - \77b26065-03f7-4e7f-94c1-f52429115a22-5 No Task File <==== ATTENTION
Task: {36C8D7B3-44B3-41B3-B2B8-89A75FC65BDC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5 No Task File <==== ATTENTION
Task: {3B2DE06C-CD32-41B9-9975-143B5D38AD62} - \77b26065-03f7-4e7f-94c1-f52429115a22-3 No Task File <==== ATTENTION
Task: {3E0B2B8D-0800-4D08-8563-7C74A3EF4352} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-7 No Task File <==== ATTENTION
Task: {4FFC40A3-73F3-4D3C-900E-61EF9D98993F} - System32\Tasks\YWDIRMDPS => C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe [2015-02-21] ()
Task: {5464ADF4-87D8-48BC-B9C6-AC55402B0286} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-3 No Task File <==== ATTENTION
Task: {5828A4D0-8B86-4750-8BD2-22D13ADD77A5} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-6 No Task File <==== ATTENTION
Task: {595C395F-67A3-40BD-A0AE-A788B4CA15AA} - \77b26065-03f7-4e7f-94c1-f52429115a22-7 No Task File <==== ATTENTION
Task: {5D6B0421-BFBE-407F-BDA7-A342FA60C096} - \77b26065-03f7-4e7f-94c1-f52429115a22-5_user No Task File <==== ATTENTION
Task: {6F5D5D1F-8495-48ED-8690-ED2CB6EA2694} - System32\Tasks\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2 => C:\Program Files\Media+PlayerVidEd2.0\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2.exe <==== ATTENTION
Task: {83B0DB5E-3E1B-4FEE-A064-8A06B78ABCC3} - \77b26065-03f7-4e7f-94c1-f52429115a22-11 No Task File <==== ATTENTION
Task: {97C7D69B-4A7E-43D0-B3C2-9DEC9E804AD1} - \77b26065-03f7-4e7f-94c1-f52429115a22-4 No Task File <==== ATTENTION
Task: {98A22D2D-F1FF-49CD-BE7B-4B0A44661EC6} - System32\Tasks\RunTool => C:\Users\<USERNAMEREPLACE>\AppData\Local\ebbfc6a9-ef49-4f1a-8649-1be442fe7e86\sysad.exe
Task: {A3A4337A-7B81-4A1C-9BA5-1B7485E36C43} - \77b26065-03f7-4e7f-94c1-f52429115a22-6 No Task File <==== ATTENTION
Task: {A9C36C63-9F15-44F0-A39A-7614CB46158C} - System32\Tasks\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f => C:\Program Files\CinemaHd For Pro 2.4cV15.12\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f.exe <==== ATTENTION
Task: {B164B23A-94FA-4409-A2FC-7F3D37346BB8} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-11 No Task File <==== ATTENTION
Task: {B3B9D484-5C99-4EB7-B221-2638488C8587} - \77b26065-03f7-4e7f-94c1-f52429115a22-10_user No Task File <==== ATTENTION
Task: {B4492C5B-FF04-4728-87FB-B0981EA78BDF} - \77b26065-03f7-4e7f-94c1-f52429115a22-1 No Task File <==== ATTENTION
Task: {BEAF7F53-86B4-49F8-95DF-DB3318C5AB06} - \upfs7235 No Task File <==== ATTENTION
Task: {C6E06C79-ED07-4B70-8BE5-D862C1A4BD6F} - System32\Tasks\99d233d3-3fd4-4a57-9fd3-432a0aa357d8 => C:\Program Files\Media+PlayerVidEd2.0\99d233d3-3fd4-4a57-9fd3-432a0aa357d8.exe <==== ATTENTION
Task: {DBF143DA-D925-41FD-9449-000079DD1A55} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-4 No Task File <==== ATTENTION
Task: {F07B7667-9B4F-4D81-8698-95CA4CA8B7AC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-10_user No Task File <==== ATTENTION
Task: {FA73228A-8EDE-472C-84F8-D7B8982818B9} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\NZWWEJAP.job => C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
C:\Users\<USERNAMEREPLACE>\AppData\Roaming\NZWWEJAP.exe
C:\Program Files\Media+PlayerVidEd2.0
C:\Program Files\CinemaHd For Pro 2.4cV15.12
C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe
C:\Users\<USERNAMEREPLACE>\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wjzr1.dll
C:\Program Files\ToolwizCareFree

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 AM

Posted 24 March 2015 - 10:31 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 AM

Posted 24 March 2015 - 01:20 PM

This topic has been re-opened at the request of the person who originally posted.

#6 KoichiTohei

KoichiTohei
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:20 AM

Posted 25 March 2015 - 09:49 AM

Thanks for that Nasdaq, I saw my friend last night and ran the fix with the results below.  A few items weren't found as I'd removed them by other means in the meantime. I ran ADWC and it came up all clear so it looks like we're good?

 

Appreciate the help with this, it gives peace of mind knowing all the loose ends are tied up.

 

>>

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by <USERREPLACED> at 2015-03-24 21:27:19 Run:1
Running from C:\Users\<USERREPLACED>\Desktop\PF Cleanup Tools
Loaded Profiles: <USERREPLACED> (Available profiles: <USERREPLACED>)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49231;https=127.0.0.1:49231
 
CloseProcesses:
 
(Toolwiz.com) C:\Program Files\ToolwizCareFree\ToolwizTools.exe
(Trend Micro Inc.) C:\Users\<USERREPLACED>\Desktop\PF Cleanup Tools\HijackThis.exe
HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\...\Run: [ToolwizCareFree] => C:\Program Files\ToolwizCareFree\ToolwizCares.exe [5274328 2015-03-13] (Toolwiz)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hp&ts=1426276562&from=face&uid=WDCXWD5000BEVT-22ZAT0_WD-WXB0A59P8578P8578
CHR HKLM\...\Chrome\Extension: [nociobghckdhokecfeajdpimjeapnopn] - https://clients2.google.com/service/update2/crx
S2 3c133651; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.56\OptProMon.dll",ENT
S2 c61b66f6; "C:\Windows\system32\rundll32.exe" "c:\Program Files\Optimizer Pro 3.11\OptProCrash.dll",ENT
Task: {192CABC9-E62C-4EC7-9719-FC44AD416A3B} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5_user No Task File <==== ATTENTION
Task: {1C6689D1-D4D8-45DB-B020-BDF0EA7AAEC1} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-1 No Task File <==== ATTENTION
Task: {2310E55D-442C-4C3D-AB6F-6DF26A055E81} - System32\Tasks\NZWWEJAP => C:\Users\<USERREPLACED>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
Task: {286CF40C-E2C4-46C3-8269-F1A9CF98791A} - \77b26065-03f7-4e7f-94c1-f52429115a22-2 No Task File <==== ATTENTION
Task: {2E01C62A-EA6D-400C-BFE8-823B4C5AFA01} - System32\Tasks\3123d36a-79fa-4202-90f3-59267d763160 => C:\Program Files\CinemaHd For Pro 2.4cV15.12\3123d36a-79fa-4202-90f3-59267d763160.exe <==== ATTENTION
Task: {330814DB-58E7-4A8A-A411-C2E839B4CCF4} - \77b26065-03f7-4e7f-94c1-f52429115a22-5 No Task File <==== ATTENTION
Task: {36C8D7B3-44B3-41B3-B2B8-89A75FC65BDC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-5 No Task File <==== ATTENTION
Task: {3B2DE06C-CD32-41B9-9975-143B5D38AD62} - \77b26065-03f7-4e7f-94c1-f52429115a22-3 No Task File <==== ATTENTION
Task: {3E0B2B8D-0800-4D08-8563-7C74A3EF4352} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-7 No Task File <==== ATTENTION
Task: {4FFC40A3-73F3-4D3C-900E-61EF9D98993F} - System32\Tasks\YWDIRMDPS => C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe [2015-02-21] ()
Task: {5464ADF4-87D8-48BC-B9C6-AC55402B0286} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-3 No Task File <==== ATTENTION
Task: {5828A4D0-8B86-4750-8BD2-22D13ADD77A5} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-6 No Task File <==== ATTENTION
Task: {595C395F-67A3-40BD-A0AE-A788B4CA15AA} - \77b26065-03f7-4e7f-94c1-f52429115a22-7 No Task File <==== ATTENTION
Task: {5D6B0421-BFBE-407F-BDA7-A342FA60C096} - \77b26065-03f7-4e7f-94c1-f52429115a22-5_user No Task File <==== ATTENTION
Task: {6F5D5D1F-8495-48ED-8690-ED2CB6EA2694} - System32\Tasks\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2 => C:\Program Files\Media+PlayerVidEd2.0\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2.exe <==== ATTENTION
Task: {83B0DB5E-3E1B-4FEE-A064-8A06B78ABCC3} - \77b26065-03f7-4e7f-94c1-f52429115a22-11 No Task File <==== ATTENTION
Task: {97C7D69B-4A7E-43D0-B3C2-9DEC9E804AD1} - \77b26065-03f7-4e7f-94c1-f52429115a22-4 No Task File <==== ATTENTION
Task: {98A22D2D-F1FF-49CD-BE7B-4B0A44661EC6} - System32\Tasks\RunTool => C:\Users\<USERREPLACED>\AppData\Local\ebbfc6a9-ef49-4f1a-8649-1be442fe7e86\sysad.exe
Task: {A3A4337A-7B81-4A1C-9BA5-1B7485E36C43} - \77b26065-03f7-4e7f-94c1-f52429115a22-6 No Task File <==== ATTENTION
Task: {A9C36C63-9F15-44F0-A39A-7614CB46158C} - System32\Tasks\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f => C:\Program Files\CinemaHd For Pro 2.4cV15.12\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f.exe <==== ATTENTION
Task: {B164B23A-94FA-4409-A2FC-7F3D37346BB8} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-11 No Task File <==== ATTENTION
Task: {B3B9D484-5C99-4EB7-B221-2638488C8587} - \77b26065-03f7-4e7f-94c1-f52429115a22-10_user No Task File <==== ATTENTION
Task: {B4492C5B-FF04-4728-87FB-B0981EA78BDF} - \77b26065-03f7-4e7f-94c1-f52429115a22-1 No Task File <==== ATTENTION
Task: {BEAF7F53-86B4-49F8-95DF-DB3318C5AB06} - \upfs7235 No Task File <==== ATTENTION
Task: {C6E06C79-ED07-4B70-8BE5-D862C1A4BD6F} - System32\Tasks\99d233d3-3fd4-4a57-9fd3-432a0aa357d8 => C:\Program Files\Media+PlayerVidEd2.0\99d233d3-3fd4-4a57-9fd3-432a0aa357d8.exe <==== ATTENTION
Task: {DBF143DA-D925-41FD-9449-000079DD1A55} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-4 No Task File <==== ATTENTION
Task: {F07B7667-9B4F-4D81-8698-95CA4CA8B7AC} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-10_user No Task File <==== ATTENTION
Task: {FA73228A-8EDE-472C-84F8-D7B8982818B9} - \7eb53da3-d12a-4ac1-9958-6809a1515be6-2 No Task File <==== ATTENTION
Task: C:\Windows\Tasks\NZWWEJAP.job => C:\Users\<USERREPLACED>\AppData\Roaming\NZWWEJAP.exe <==== ATTENTION
C:\Users\<USERREPLACED>\AppData\Roaming\NZWWEJAP.exe
C:\Program Files\Media+PlayerVidEd2.0
C:\Program Files\CinemaHd For Pro 2.4cV15.12
C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe
C:\Users\<USERREPLACED>\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wjzr1.dll
C:\Program Files\ToolwizCareFree
 
End
*****************
 
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
Processes closed successfully.
C:\Program Files\ToolwizCareFree\ToolwizTools.exe => No running process found
C:\Users\<USERREPLACED>\Desktop\PF Cleanup Tools\HijackThis.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKU\S-1-5-21-2075791736-2066105264-2045362467-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ToolwizCareFree => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome HomePage deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\nociobghckdhokecfeajdpimjeapnopn" => Key deleted successfully.
3c133651 => Service deleted successfully.
c61b66f6 => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{192CABC9-E62C-4EC7-9719-FC44AD416A3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{192CABC9-E62C-4EC7-9719-FC44AD416A3B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C6689D1-D4D8-45DB-B020-BDF0EA7AAEC1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C6689D1-D4D8-45DB-B020-BDF0EA7AAEC1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-1" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2310E55D-442C-4C3D-AB6F-6DF26A055E81} => Key not found. 
C:\Windows\System32\Tasks\NZWWEJAP not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NZWWEJAP => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{286CF40C-E2C4-46C3-8269-F1A9CF98791A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{286CF40C-E2C4-46C3-8269-F1A9CF98791A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2E01C62A-EA6D-400C-BFE8-823B4C5AFA01}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E01C62A-EA6D-400C-BFE8-823B4C5AFA01}" => Key deleted successfully.
C:\Windows\System32\Tasks\3123d36a-79fa-4202-90f3-59267d763160 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\3123d36a-79fa-4202-90f3-59267d763160" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{330814DB-58E7-4A8A-A411-C2E839B4CCF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{330814DB-58E7-4A8A-A411-C2E839B4CCF4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{36C8D7B3-44B3-41B3-B2B8-89A75FC65BDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36C8D7B3-44B3-41B3-B2B8-89A75FC65BDC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3B2DE06C-CD32-41B9-9975-143B5D38AD62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B2DE06C-CD32-41B9-9975-143B5D38AD62}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E0B2B8D-0800-4D08-8563-7C74A3EF4352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E0B2B8D-0800-4D08-8563-7C74A3EF4352}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-7" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4FFC40A3-73F3-4D3C-900E-61EF9D98993F} => Key not found. 
C:\Windows\System32\Tasks\YWDIRMDPS not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YWDIRMDPS => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5464ADF4-87D8-48BC-B9C6-AC55402B0286}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5464ADF4-87D8-48BC-B9C6-AC55402B0286}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5828A4D0-8B86-4750-8BD2-22D13ADD77A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5828A4D0-8B86-4750-8BD2-22D13ADD77A5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{595C395F-67A3-40BD-A0AE-A788B4CA15AA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{595C395F-67A3-40BD-A0AE-A788B4CA15AA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D6B0421-BFBE-407F-BDA7-A342FA60C096}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6B0421-BFBE-407F-BDA7-A342FA60C096}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F5D5D1F-8495-48ED-8690-ED2CB6EA2694}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F5D5D1F-8495-48ED-8690-ED2CB6EA2694}" => Key deleted successfully.
C:\Windows\System32\Tasks\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\5ac0a5e2-da94-46a2-9b98-81ddd91fc7e2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{83B0DB5E-3E1B-4FEE-A064-8A06B78ABCC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83B0DB5E-3E1B-4FEE-A064-8A06B78ABCC3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97C7D69B-4A7E-43D0-B3C2-9DEC9E804AD1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97C7D69B-4A7E-43D0-B3C2-9DEC9E804AD1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-4" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{98A22D2D-F1FF-49CD-BE7B-4B0A44661EC6} => Key not found. 
C:\Windows\System32\Tasks\RunTool not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunTool => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3A4337A-7B81-4A1C-9BA5-1B7485E36C43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3A4337A-7B81-4A1C-9BA5-1B7485E36C43}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A9C36C63-9F15-44F0-A39A-7614CB46158C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9C36C63-9F15-44F0-A39A-7614CB46158C}" => Key deleted successfully.
C:\Windows\System32\Tasks\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\9c5c854f-f0d3-4366-bc8e-fd49fc392c7f" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B164B23A-94FA-4409-A2FC-7F3D37346BB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B164B23A-94FA-4409-A2FC-7F3D37346BB8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-11" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3B9D484-5C99-4EB7-B221-2638488C8587}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3B9D484-5C99-4EB7-B221-2638488C8587}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B4492C5B-FF04-4728-87FB-B0981EA78BDF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4492C5B-FF04-4728-87FB-B0981EA78BDF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\77b26065-03f7-4e7f-94c1-f52429115a22-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BEAF7F53-86B4-49F8-95DF-DB3318C5AB06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BEAF7F53-86B4-49F8-95DF-DB3318C5AB06}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\upfs7235" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6E06C79-ED07-4B70-8BE5-D862C1A4BD6F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6E06C79-ED07-4B70-8BE5-D862C1A4BD6F}" => Key deleted successfully.
C:\Windows\System32\Tasks\99d233d3-3fd4-4a57-9fd3-432a0aa357d8 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\99d233d3-3fd4-4a57-9fd3-432a0aa357d8" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBF143DA-D925-41FD-9449-000079DD1A55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBF143DA-D925-41FD-9449-000079DD1A55}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-4" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F07B7667-9B4F-4D81-8698-95CA4CA8B7AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F07B7667-9B4F-4D81-8698-95CA4CA8B7AC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-10_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FA73228A-8EDE-472C-84F8-D7B8982818B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA73228A-8EDE-472C-84F8-D7B8982818B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7eb53da3-d12a-4ac1-9958-6809a1515be6-2" => Key deleted successfully.
C:\Windows\Tasks\NZWWEJAP.job not found.
"C:\Users\<USERREPLACED>\AppData\Roaming\NZWWEJAP.exe" => File/Directory not found.
"C:\Program Files\Media+PlayerVidEd2.0" => File/Directory not found.
"C:\Program Files\CinemaHd For Pro 2.4cV15.12" => File/Directory not found.
C:\ProgramData\646362220a194369943d559fdbbd8718\646362220a194369943d559fdbbd8718.exe => Moved successfully.
"C:\Users\<USERREPLACED>\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0wjzr1.dll" => File/Directory not found.
C:\Program Files\ToolwizCareFree => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:27:24 ====


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 AM

Posted 25 March 2015 - 01:34 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,957 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:20 AM

Posted 31 March 2015 - 08:46 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users