Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Youku Downloader Remnants/Slow Performance


  • This topic is locked This topic is locked
49 replies to this topic

#1 BKMalik

BKMalik

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 07 April 2015 - 09:44 PM

I downloaded Youku downloader and ever since my pc has been slow and has had three browser hijacks. The context men has a Chinese Youku entry (screenshot attached) that I can't disable with Shellmenufix because I can't identify it. Please help me identify and remove the problems (hijackthis log follows):

 

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 6:46:28 PM, on 4/7/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17689)

FIREFOX: 37.0.1 (x86 en-US)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WRSA.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe
C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\C2MP\TrayMenu.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Frys Electronics\Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/SKY2_FRPage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1A6B6AD0-2735-498F-834C-AFCEA37847C2} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office15\URLREDIR.DLL
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll
O2 - BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: SavvyConnect IE Extension - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SavvyConnectMenu] "C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
O4 - HKCU\..\Run: [WindowsWhere] "C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [CD Eject Tool] C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7F995F9DD757A9FC461582664006362B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
O4 - HKUS\S-1-5-18\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Dropbox.lnk = Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ShellFolderFix.lnk = Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
O4 - Global Startup: CodecPackTrayMenu.lnk = C:\Windows\SysWOW64\C2MP\TrayMenu.exe
O4 - Global Startup: CodecPackUpdateChecker.lnk = C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
O4 - Global Startup: Install Webroot FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install Webroot IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivX Web Player Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - (no file)
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc.  - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SavvyConnect Desktop Service (SCService) - Unknown owner - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: WRSVC - Webroot - C:\Program Files\Webroot\WRSA.exe

--
End of file - 17218 bytes
 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 08 April 2015 - 06:37 AM

Hello BKMalik and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 

Please download DDS from either of these links
LINK 1
LINK 2
and save it to your desktop.

  • Disable any antivirus programs during the scan (If you have difficulty properly disabling your protective programs, refer to this link here )
  • Double click dds to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.

---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt

:hello:
 
Sincerely


Edited by olgun52, 08 April 2015 - 06:39 AM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 08:12 AM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Frys Electronics (administrator) on THEHASSANFAMILY on 08-04-2015 09:00:07
Running from C:\Users\Frys Electronics\Documents\Downloads
Loaded Profiles: Frys Electronics (Available profiles: Frys Electronics)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Egis Technology Inc. ) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
() C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe
(FOMINE SOFTWARE) C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\C2MP\TrayMenu.exe
(Dropbox, Inc.) C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Luth Research LLC) C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641704 2012-11-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [818096 2015-04-08] (Webroot)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [SavvyConnectMenu] => C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe [582448 2014-11-25] (Luth Research LLC)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Run: [WindowsWhere] => C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe [45056 2011-03-05] ()
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Run: [CD Eject Tool] => C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe [552960 2007-06-27] (FOMINE SOFTWARE)
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Run: [GoogleChromeAutoLaunch_7F995F9DD757A9FC461582664006362B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [809288 2015-03-30] (Google Inc.)
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\RunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\RunOnce: [Adobe Speed Launcher] => 1428477708
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackTrayMenu.lnk
ShortcutTarget: CodecPackTrayMenu.lnk -> C:\Windows\SysWOW64\C2MP\TrayMenu.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShellFolderFix.lnk
ShortcutTarget: ShellFolderFix.lnk -> C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe ()
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [  ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [   ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [    ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [_WrSyncExcl] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncGreen] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncRed] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [_WrSyncYellow] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-2216231976-994283857-177851732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2216231976-994283857-177851732-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {c9ab6446-7efc-47fe-966c-dc54324eff9f} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2216231976-994283857-177851732-1000 -> DefaultScope {E028A560-469F-4F7A-BBD0-557194B11FDE} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2216231976-994283857-177851732-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2216231976-994283857-177851732-1000 -> {E028A560-469F-4F7A-BBD0-557194B11FDE} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-21] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-02-06] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-02-26] (Webroot)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: SavvyConnect IE Extension -> {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} -> C:\Program Files\Luth Research\SavvyConnectFramework\bin\Ieplugin\LuthIeplugin.dll [2015-03-09] (Luth Research, LLC)
BHO-x32: No Name -> {1A6B6AD0-2735-498F-834C-AFCEA37847C2} ->  No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-02-06] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-02-26] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: SavvyConnect IE Extension -> {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} -> C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll [2014-11-25] (Luth Research, LLC)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-02-06] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-02-06] (Webroot)
Toolbar: HKU\S-1-5-21-2216231976-994283857-177851732-1000 -> No Name - {E166B4A2-83E7-11D3-B4FD-004005A47AAA} -  No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-12-14] (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default
FF DefaultSearchEngine: Bing
FF DefaultSearchEngine,S:
FF DefaultSearchEngine.US: Google
FF DefaultSearchUrl:
FF SearchEngineOrder.1:
FF SearchEngineOrder.1,S:
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF SelectedSearchEngine,S:
FF Homepage: https://www.yahoo.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF NetworkProxy: "ftp", "114.174.13.187"
FF NetworkProxy: "ftp_port", 80
FF NetworkProxy: "http", "114.174.13.187"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co"
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "114.174.13.187"
FF NetworkProxy: "socks_port", 80
FF NetworkProxy: "ssl", "114.174.13.187"
FF NetworkProxy: "ssl_port", 80
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-04-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-04-07] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2012-12-14] (Citrix Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll [2014-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Motive\npMotive.dll No File
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.0.48\ma\bin\npMotive.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2216231976-994283857-177851732-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Frys Electronics\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-30] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2216231976-994283857-177851732-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll [2012-10-24] (Amazon.com, Inc.)
FF user.js: detected! => C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\user.js [2013-09-08]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-12-18] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll [2012-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll [2012-11-28] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2013-08-02] (Coupons, Inc.)
FF SearchPlugin: C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\searchplugins\bing-.xml [2015-03-28]
FF SearchPlugin: C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\searchplugins\google-non-ssl.xml [2014-07-28]
FF Extension: SavvyConnect Firefox Extension - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\savvyconnect@surveysavvy.com [2014-11-15]
FF Extension: Webroot Password Manager - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-02-06]
FF Extension: Webroot Password Manager - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted [2014-06-03]
FF Extension: Classic Bookmarks Button - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\ClassicBookmarksButton@ArisT2Noia4dev.xpi [2014-07-09]
FF Extension: Classic Theme Restorer - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10]
FF Extension: ClipConverter - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\clipconverter@clipconverter.cc.xpi [2013-08-24]
FF Extension: YouTube mp3 - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\info@youtube-mp3.org.xpi [2012-11-10]
FF Extension: NoSquint - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\nosquint@urandom.ca.xpi [2012-10-03]
FF Extension: Places Maintenance - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\places-maintenance@bonardo.net.xpi [2014-05-25]
FF Extension: Restartless Restart - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\restartless.restart@erikvold.com.xpi [2013-12-01]
FF Extension: SkipScreen - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\SkipScreen@SkipScreen.xpi [2013-07-06]
FF Extension: Stealthy - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\stealthyextension@gmail.com.xpi [2013-07-13]
FF Extension: The Addon Bar (restored) - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\the-addon-bar@GeekInTraining-GiT.xpi [2015-01-10]
FF Extension: Troubleshooter - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\troubleshooter@mozilla.org.xpi [2013-06-15]
FF Extension: New tab toolbar button - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{42975993-6fa0-46f5-a45f-706915f18ebf}.xpi [2014-08-07]
FF Extension: SmoothWheel (mozdev.org) - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}.xpi [2014-07-27]
FF Extension: Video DownloadHelper - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-14]
FF Extension: Web Developer - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2015-01-16]
FF Extension: Toggle Web Developer Toolbar - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{c75a27d8-4529-449f-b67b-aba65d7a1c0a}.xpi [2015-01-16]
FF Extension: Adblock Plus - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-10-03]
FF Extension: Tab Mix Plus - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-10-03]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-04-06]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-08-24]
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2014-06-03]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SavvyConnect) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbdfnhblopmjjmghkgflplloabcclbmj [2014-11-15]
CHR Extension: (Adguard AdBlocker) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnkhhnnamicmpeenaelnjfhikgbkllg [2015-01-25]
CHR Extension: (Adblock Plus) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-03-19]
CHR Extension: (Motive Extension) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\kofilaoejfjbjfopdnckahcidedndnln [2015-03-05]
CHR Extension: (Zoom) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lajondecmobodlejlcjllhojikagldgd [2014-09-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (Reload All Tabs) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpdljdpanfecnpindkbnikegohoobci [2015-02-19]
CHR Extension: (Google Wallet) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-29]
CHR Extension: (Webroot Password Manager) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2014-06-04]
CHR Extension: (Adblock Plus) - C:\Users\Frys Electronics\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookcoahhikhembadmoepbhiepkmbjija [2015-01-25]
CHR HKU\S-1-5-21-2216231976-994283857-177851732-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - No Path Or update_url value
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [kofilaoejfjbjfopdnckahcidedndnln] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2015-03-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2014-06-03]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com) [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SCService; C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [1985840 2014-09-02] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [818096 2015-04-08] (Webroot)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 anvsnddrv; C:\Windows\System32\drivers\anvsnddrv.sys [33872 2011-11-14] (AnvSoft Inc.)
S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-02-15] (SlySoft, Inc.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94720 2013-12-19] (Advanced Micro Devices) [File not signed]
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) [File not signed]
S3 BrUsbSer; C:\Windows\System32\DRIVERS\BrUsbSer.sys [19584 2006-09-03] (Brother Industries Ltd.) [File not signed]
S3 CXPLRCAP; C:\Windows\System32\drivers\CxPlrCap.sys [235904 2010-01-06] (Conexant Systems, Inc.) [File not signed]
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-08] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R1 RrNetCapFilterDriver; C:\Windows\System32\DRIVERS\RrNetCapFilterDriver.sys [24744 2014-04-28] (Audials AG)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [768680 2013-06-26] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [273576 2013-06-26] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [29352 2013-06-26] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [23208 2013-06-26] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] (Microsoft Corporation) [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2015-04-08] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [41040 2015-02-26] (Webroot)
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 AtiDCM; \??\C:\Users\Frys Electronics\AppData\Local\Temp\atdcm64a.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 ibituv; System32\drivers\ssfjfxbl.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S0 sMUwecPZ; System32\drivers\sMUwecPZ.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
S0 vutsoc; System32\drivers\fxsaldah.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 08:59 - 2015-04-08 09:00 - 00000000 ____D () C:\FRST
2015-04-08 03:21 - 2015-04-08 03:21 - 00000056 _____ () C:\Windows\setupact.log
2015-04-08 03:21 - 2015-04-08 03:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-08 03:20 - 2015-04-08 03:20 - 00000386 _____ () C:\Windows\PFRO.log
2015-04-07 23:10 - 2015-04-07 23:10 - 00002256 _____ () C:\Users\Frys Electronics\Documents\cc_20150407_231023.reg
2015-04-07 22:01 - 2015-04-07 22:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.02
2015-04-07 22:01 - 2015-04-07 22:01 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2015-04-07 21:51 - 2015-04-07 21:51 - 00000000 ____D () C:\Program Files\Speccy
2015-04-07 18:43 - 2015-04-07 18:43 - 00003256 _____ () C:\Windows\System32\Tasks\{B9C42B4B-D26F-4336-8048-26C37CE39E73}
2015-04-07 02:03 - 2015-04-07 02:03 - 00005834 _____ () C:\Users\Frys Electronics\Documents\Regbackup 4-6-15.reg
2015-04-07 01:29 - 2015-04-07 01:29 - 00001302 _____ () C:\Users\Frys Electronics\Desktop\Freemake Audio Converter.lnk
2015-04-07 01:28 - 2015-04-07 01:28 - 00001302 _____ () C:\Users\Frys Electronics\Desktop\Freemake Video Converter.lnk
2015-04-07 00:04 - 2015-04-07 00:04 - 00001163 _____ () C:\Users\Frys Electronics\Desktop\Any Video Converter.lnk
2015-04-06 23:46 - 2015-04-06 23:49 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Local\5D515C96_stp
2015-04-06 23:46 - 2015-04-06 23:46 - 08723608 _____ () C:\Users\Frys Electronics\AppData\Local\0796D59C_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 00385602 _____ () C:\Users\Frys Electronics\AppData\Local\5D515C96_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 00194993 _____ () C:\Users\Frys Electronics\AppData\Local\38C2540F_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 00000382 _____ () C:\Users\Frys Electronics\AppData\Local\0796D59C_stp.CIS.part
2015-04-06 23:46 - 2015-04-06 23:46 - 00000290 _____ () C:\Users\Frys Electronics\AppData\Local\38C2540F_stp.CIS.part
2015-04-06 23:46 - 2015-04-06 23:46 - 00000220 _____ () C:\Users\Frys Electronics\AppData\Local\5D515C96_stp.CIS.part
2015-04-06 23:45 - 2015-04-07 01:26 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\DVDVideoSoft
2015-04-06 10:59 - 2015-04-06 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-06 04:53 - 2015-04-06 04:53 - 00001920 _____ () C:\Users\Frys Electronics\Documents\cc_20150406_045303.reg
2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:01 - 2015-04-04 03:01 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-25 00:12 - 2015-03-25 00:12 - 00000000 ____D () C:\Program Files\ConvertHelper3
2015-03-19 02:48 - 2015-03-19 02:51 - 00000000 ____D () C:\Users\Frys Electronics\Documents\Video Download Capture
2015-03-19 02:47 - 2014-04-09 21:05 - 00031920 _____ (Wondershare) C:\Windows\system32\Drivers\Apowersoft_AudioDevice.sys
2015-03-19 02:41 - 2015-03-19 02:41 - 00002998 _____ () C:\Windows\System32\Tasks\{AA0017B2-B3EC-4373-AF30-DF815977F468}
2015-03-19 02:41 - 2015-03-19 02:41 - 00002998 _____ () C:\Windows\System32\Tasks\{8483FCB4-3D97-4A59-8A6D-340F97B7F5FE}
2015-03-19 02:41 - 2015-03-19 02:41 - 00002998 _____ () C:\Windows\System32\Tasks\{621F223D-7526-456D-8CCE-797637E04186}
2015-03-19 02:39 - 2015-03-19 02:39 - 00002998 _____ () C:\Windows\System32\Tasks\{02E2589E-0509-4C9A-9D44-365AF5787263}
2015-03-19 02:22 - 2015-03-19 02:22 - 00000000 ____D () C:\Users\Frys Electronics\Documents\Apowersoft Free Screen Recorder
2015-03-19 02:08 - 2015-03-19 02:08 - 00000000 ____D () C:\Users\Frys Electronics\.streamCapture
2015-03-19 01:49 - 2015-03-19 02:05 - 00000000 ____D () C:\Program Files (x86)\StreamingStar
2015-03-19 01:49 - 2015-03-19 01:52 - 00000000 ____D () C:\flvrecorder
2015-03-19 01:49 - 2015-03-19 01:49 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2015-03-18 20:34 - 2015-03-18 20:34 - 00000820 _____ () C:\Users\Frys Electronics\Documents\cc_20150318_203435.reg
2015-03-15 01:57 - 2015-03-15 02:15 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2015-03-15 01:57 - 2015-03-15 02:04 - 00000000 ____D () C:\ProgramData\iSkysoft iTube Studio
2015-03-15 01:57 - 2015-03-15 01:57 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Local\iSkysoft
2015-03-15 01:57 - 2015-03-15 01:57 - 00000000 ____D () C:\ProgramData\iSkysoft Application Common Data
2015-03-15 01:57 - 2015-03-15 01:57 - 00000000 ____D () C:\Program Files\Common Files\iSkysoft
2015-03-14 03:30 - 2015-03-14 03:33 - 00000000 ____D () C:\ProgramData\{AB3BD2D7-59F0-4bd7-AC3F-90752F4028D8}.tmp
2015-03-14 03:30 - 2015-03-14 03:30 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\360Safe
2015-03-14 03:30 - 2015-03-14 03:30 - 00000000 ____D () C:\Program Files (x86)\360
2015-03-14 03:04 - 2015-03-14 03:04 - 00000185 _____ () C:\Users\Frys Electronics\.swfinfo
2015-03-11 23:54 - 2015-03-12 00:07 - 00000000 ____D () C:\Users\Frys Electronics\Documents\VSO Downloader
2015-03-11 00:13 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 00:13 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 00:13 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 00:13 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 00:13 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 00:13 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 00:13 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 00:13 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 00:13 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 00:13 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 00:13 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 00:13 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 00:13 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 00:13 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 00:13 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 00:13 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 00:13 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 00:13 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 00:13 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 00:13 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 00:13 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 00:13 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 00:13 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 00:13 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 00:13 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 00:13 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 00:13 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 00:13 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 00:13 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 00:13 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 00:13 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 00:13 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 00:13 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 00:13 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 00:13 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 00:13 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 00:13 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 00:13 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 00:12 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 00:12 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 00:12 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 00:12 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 00:12 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 00:12 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 00:12 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 00:12 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 00:12 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 00:12 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 00:12 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 00:12 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 00:12 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 00:12 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 00:12 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 00:12 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 00:12 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 00:12 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 00:12 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 00:12 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 00:12 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 00:12 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 00:12 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 00:12 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 00:12 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 00:12 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 00:12 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 00:12 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 00:12 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 00:12 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 00:12 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 00:12 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 00:12 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 00:12 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 00:12 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 00:12 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 00:12 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 00:12 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 00:12 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 00:12 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 00:12 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 00:12 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 00:12 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 00:12 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 00:12 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 00:12 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 00:12 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 00:12 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 00:12 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 00:12 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 00:12 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 00:12 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 00:12 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 00:12 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 00:12 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 00:12 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 00:12 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 00:12 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 00:12 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 00:12 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 00:12 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 00:12 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 00:12 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 00:12 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 00:12 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 00:12 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 00:12 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 00:12 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 00:12 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 00:12 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 00:12 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 00:12 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 00:12 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 00:12 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 00:12 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 00:12 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 00:12 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 00:12 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 00:12 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 00:12 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 00:12 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 00:12 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 00:12 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 00:12 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 00:11 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 00:11 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 09:00 - 2014-06-03 22:52 - 00000000 ____D () C:\ProgramData\WRData
2015-04-08 08:51 - 2014-04-15 00:23 - 00000360 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-04-08 08:33 - 2013-07-24 23:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 08:26 - 2012-09-30 22:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-08 06:56 - 2014-04-10 23:36 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 06:32 - 2013-10-10 01:35 - 01552551 _____ () C:\Windows\WindowsUpdate.log
2015-04-08 05:22 - 2014-06-03 22:55 - 00166128 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-04-08 05:22 - 2014-06-03 22:55 - 00116736 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-04-08 05:22 - 2014-06-03 22:55 - 00103816 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-04-08 03:28 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-08 03:28 - 2009-07-14 00:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-08 03:22 - 2012-11-06 13:54 - 00000000 ___RD () C:\Users\Frys Electronics\Dropbox
2015-04-08 03:22 - 2012-11-06 13:52 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Dropbox
2015-04-08 03:21 - 2012-05-10 15:02 - 00000000 ____D () C:\ProgramData\clear.fi
2015-04-08 03:21 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-08 03:18 - 2012-09-30 20:58 - 00000000 ____D () C:\Users\Frys Electronics\Documents\ConvertXToDVD
2015-04-08 03:17 - 2012-09-30 23:01 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Vso
2015-04-08 03:09 - 2013-08-21 02:20 - 00001059 _____ () C:\Users\Frys Electronics\AppData\Roaming\vso_ts_preview.xml
2015-04-08 02:02 - 2012-10-01 00:22 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\dvdcss
2015-04-08 00:00 - 2014-10-10 22:45 - 00000416 _____ () C:\Windows\Tasks\NeroLiveEpgUpdate-THEHASSANFAMILY_Frys-Electronics.job
2015-04-07 23:20 - 2012-10-03 03:22 - 00000826 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-07 23:20 - 2012-10-03 03:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-07 23:18 - 2013-12-07 01:23 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Mp3tag
2015-04-07 03:04 - 2012-09-30 22:15 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-07 03:04 - 2012-09-30 22:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-07 03:04 - 2012-05-09 22:37 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Local\Adobe
2015-04-07 03:04 - 2011-08-30 07:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-07 02:18 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-07 02:05 - 2015-02-10 01:30 - 00000000 ____D () C:\Users\Frys Electronics\Documents\MKV-Chapterizer-v2.4
2015-04-07 00:37 - 2013-06-30 03:04 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\vlc
2015-04-07 00:04 - 2012-11-27 22:02 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\AnvSoft
2015-04-07 00:03 - 2013-07-25 23:23 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-04-05 18:23 - 2013-01-26 01:47 - 00000000 ____D () C:\Users\Frys Electronics\Documents\Tariq's Stories
2015-04-05 18:14 - 2014-09-22 20:41 - 00000000 ____D () C:\Users\Frys Electronics\Desktop\Tariq's Assignments
2015-04-04 23:57 - 2014-07-07 09:13 - 00018042 _____ () C:\Users\Frys Electronics\Desktop\New list.txt
2015-04-03 16:19 - 2014-01-29 14:58 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 23:28 - 2012-10-04 03:01 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Skype
2015-03-27 22:18 - 2014-09-28 21:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-27 22:18 - 2011-08-30 07:42 - 00000000 ____D () C:\ProgramData\Skype
2015-03-27 21:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-26 19:57 - 2014-04-10 23:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-26 19:57 - 2014-04-10 23:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-26 19:57 - 2012-09-30 22:08 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-20 23:07 - 2012-10-03 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-19 02:49 - 2013-05-28 00:10 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Apowersoft
2015-03-19 02:21 - 2013-07-12 00:59 - 00000000 ____D () C:\Users\Frys Electronics\www.apowersoft.com
2015-03-19 02:08 - 2012-05-09 22:35 - 00000000 ____D () C:\Users\Frys Electronics
2015-03-17 06:15 - 2014-04-10 23:36 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 06:15 - 2013-10-10 02:12 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 06:15 - 2012-09-30 22:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-15 00:47 - 2012-10-05 00:07 - 00000069 _____ () C:\Windows\NeroDigital.ini
2015-03-14 04:18 - 2012-10-23 22:45 - 00000000 ____D () C:\ProgramData\DivX
2015-03-14 03:37 - 2013-06-30 04:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-03-14 03:37 - 2013-06-30 04:14 - 00000000 ____D () C:\Program Files (x86)\Freemake
2015-03-14 03:37 - 2012-12-25 12:53 - 00000000 ____D () C:\Program Files\WinPcap
2015-03-14 03:37 - 2012-12-25 12:52 - 00000000 ____D () C:\ProgramData\Freemake
2015-03-14 03:37 - 2012-09-30 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
2015-03-14 03:04 - 2013-06-30 04:15 - 00000000 ____D () C:\Users\Frys Electronics\Documents\Freemake
2015-03-11 23:51 - 2012-12-16 20:21 - 00000000 ____D () C:\ProgramData\VSO
2015-03-11 23:51 - 2012-09-30 23:00 - 00000000 ____D () C:\Program Files (x86)\VSO
2015-03-11 05:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 03:51 - 2014-01-29 14:55 - 00003373 _____ () C:\Windows\wininit.ini
2015-03-11 03:51 - 2013-07-24 23:25 - 00001061 _____ () C:\Users\Frys Electronics\Desktop\Dropbox.lnk
2015-03-11 03:51 - 2013-07-24 23:23 - 00000000 ____D () C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-11 03:43 - 2009-07-14 00:45 - 00368768 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 03:42 - 2014-09-02 23:36 - 00000000 ____D () C:\Program Files (x86)\ATT
2015-03-11 03:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 03:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 03:24 - 2012-10-29 00:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 03:18 - 2014-04-28 03:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-11 03:17 - 2013-08-14 03:02 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 03:09 - 2012-10-03 03:38 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 22:40 - 2014-11-15 02:53 - 00002259 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SavvyConnect.lnk
2015-03-09 22:40 - 2014-11-15 02:53 - 00002247 _____ () C:\Users\Public\Desktop\SavvyConnect.lnk

==================== Files in the root of some directories =======

2015-02-06 01:40 - 2015-02-06 01:40 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2013-03-13 03:55 - 2013-03-13 08:00 - 0000093 _____ () C:\Users\Frys Electronics\AppData\Roaming\ARCompanion.log
2012-10-05 00:08 - 2014-10-10 21:12 - 0000181 _____ () C:\Users\Frys Electronics\AppData\Roaming\default.rss
2012-10-26 00:03 - 2012-10-26 00:03 - 0000000 _____ () C:\Users\Frys Electronics\AppData\Roaming\downloads.m3u
2012-10-31 23:19 - 2012-10-31 23:19 - 0052890 _____ () C:\Users\Frys Electronics\AppData\Roaming\GoldenVideos.dmp
2012-12-16 20:21 - 2013-06-24 23:10 - 0007859 _____ () C:\Users\Frys Electronics\AppData\Roaming\pcouffin.cat
2012-12-16 20:21 - 2013-06-24 23:10 - 0001167 _____ () C:\Users\Frys Electronics\AppData\Roaming\pcouffin.inf
2012-12-16 20:21 - 2013-06-24 23:10 - 0000055 _____ () C:\Users\Frys Electronics\AppData\Roaming\pcouffin.log
2013-11-01 01:30 - 2013-11-01 01:30 - 0000000 _____ () C:\Users\Frys Electronics\AppData\Roaming\SharedSettings.ccs
2013-05-28 00:48 - 2013-05-28 00:48 - 0001181 _____ () C:\Users\Frys Electronics\AppData\Roaming\trace_FilterInstaller.1.txt
2013-05-28 00:48 - 2013-06-07 00:46 - 0000919 _____ () C:\Users\Frys Electronics\AppData\Roaming\trace_FilterInstaller.txt
2013-05-28 00:48 - 2013-06-07 00:46 - 0000000 _____ () C:\Users\Frys Electronics\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt
2013-08-21 02:20 - 2015-04-08 03:09 - 0001059 _____ () C:\Users\Frys Electronics\AppData\Roaming\vso_ts_preview.xml
2015-04-06 23:46 - 2015-04-06 23:46 - 8723608 _____ () C:\Users\Frys Electronics\AppData\Local\0796D59C_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 0000382 _____ () C:\Users\Frys Electronics\AppData\Local\0796D59C_stp.CIS.part
2015-04-06 23:46 - 2015-04-06 23:46 - 0194993 _____ () C:\Users\Frys Electronics\AppData\Local\38C2540F_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 0000290 _____ () C:\Users\Frys Electronics\AppData\Local\38C2540F_stp.CIS.part
2015-04-06 23:46 - 2015-04-06 23:46 - 0385602 _____ () C:\Users\Frys Electronics\AppData\Local\5D515C96_stp.CIS
2015-04-06 23:46 - 2015-04-06 23:46 - 0000220 _____ () C:\Users\Frys Electronics\AppData\Local\5D515C96_stp.CIS.part
2013-06-09 04:29 - 2014-12-11 22:59 - 0007168 _____ () C:\Users\Frys Electronics\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-19 23:29 - 2013-08-19 23:29 - 0000036 _____ () C:\Users\Frys Electronics\AppData\Local\housecall.guid.cache
2012-11-29 01:59 - 2012-11-29 01:59 - 0004325 _____ () C:\Users\Frys Electronics\AppData\Local\HWVendorDetection.log
2014-06-01 17:37 - 2014-06-01 17:59 - 0000600 _____ () C:\Users\Frys Electronics\AppData\Local\PUTTY.RND
2011-12-17 14:04 - 2011-12-17 14:05 - 0002640 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-11-25 16:14 - 2014-11-25 16:14 - 0010417 _____ () C:\ProgramData\regid.1997-03.com.luthresearch,savvyconnect_62B140B7-EBD9-4747-A365-63469EFDD933.swidtag

Some content of TEMP:
====================
C:\Users\Frys Electronics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmiqpzp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-07 05:39

==================== End Of Log ============================

 

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Frys Electronics at 2015-04-08 09:01:05
Running from C:\Users\Frys Electronics\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
 clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.237 - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Audio Converter 5.7.9 (HKLM-x32\...\Any Audio Converter) (Version: 5.7.9 - Anvsoft)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.4.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10503 - ATI Technologies Inc.) Hidden
Audials (HKLM-x32\...\{6A388B01-D414-429D-A917-B27BEC991A85}) (Version: 11.0.53800.0 - Audials AG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{A2A971DE-C864-4CF0-8FCA-FF7F569D8476}) (Version: 1.43.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CD Eject Tool 2.9 (HKLM-x32\...\CD Eject Tool_is1) (Version:  - Fomine Software)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
ConvertXtoDVD 4.1.20.0 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.20.0 - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daum PotPlayer 1.5.34665 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dropbox (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Audio Extractor 7.1.1 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.3.556 - j2 Global)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Size Explorer (HKLM-x32\...\{5842EF9D-F74D-4B40-9C28-ABBE26200748}) (Version: 1.1.2 - Bazwise)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.0.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.3 - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6126.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Repair Tool v1.5.2 (HKLM-x32\...\MP3 Repair Tool_is1) (Version: 1.5.2 - Aspect one)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero (HKLM-x32\...\Nero) (Version:  - )
Nero Mega Plugin Pack (HKLM-x32\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.15400.16.100 - Nero AG)
Nero Vision Xtra (HKLM-x32\...\Nero Vision Xtra) (Version:  - )
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SavvyConnect (HKLM-x32\...\{84F06BE5-18AB-409B-AF13-8A7FFA229F2E}) (Version: 3.12.0009 - Luth Research LLC)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{F6F8CF26-7340-4E0C-907C-E176F97A29CA}) (Version: 2.0.0.0 - Husdawg, LLC)
TagScanner 5.1.638 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unity Web Player (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unknown Device Identifier 8.02 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.02 - Huntersoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.76 - Webroot)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WindowsWhere (HKLM\...\{10EBA2F4-CFB7-47C6-91EA-35715C5A5E82}) (Version: 0.1.3 - Necrosoft)
WindowsWhere (HKLM-x32\...\{AEB9EABF-1C50-4301-8C51-9CAC2C819DC9}) (Version: 0.1.3 - Necrosoft)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-04-2015 23:26:22 Revo Uninstaller's restore point - Any Audio Converter 4.0.6
06-04-2015 23:31:09 Revo Uninstaller's restore point - Any Video Converter 5.7.9
06-04-2015 23:52:39 Revo Uninstaller's restore point - Dregol
07-04-2015 01:24:43 Revo Uninstaller's restore point - Free Audio Converter version 5.0.58.324

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-08-20 19:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0924E048-6840-4AA9-939C-96F14703E85B} - System32\Tasks\{B58533D0-14AE-444C-9268-B08EC57A9E59} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200(1).exe
Task: {0CA01636-0534-410D-8721-05CA02F22223} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {0CA0EFB5-1072-4026-888C-282981051BAF} - System32\Tasks\HP AR Program Upload - 46b38dffaca74097bffcb956210a97e683dc57d735df4592a9edaceb5b2c516d => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {10E277EC-6BF0-47F0-83EB-84934C17DD47} - System32\Tasks\{7AC9FB0F-EFBF-45F5-A80B-0EB6ECC12BE9} => C:\Users\Frys Electronics\Documents\Downloads\any-audio-converter.exe
Task: {1365E382-0DF3-4B41-ACBB-535A0C7EF89D} - System32\Tasks\NeroLiveEpgUpdate-THEHASSANFAMILY_Frys-Electronics => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe
Task: {17E4FA78-2578-4047-A45F-E65D32A8C98F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2B1E2873-E044-4936-BB21-119CA731EFD7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {34EDA9F2-2706-4359-8408-202580D62C46} - System32\Tasks\{BCED811F-D2B2-4A54-94BE-6CF7FC4F946D} => pcalua.exe -a "C:\Users\Frys Electronics\AppData\Local\Temp\Temp1_General-CleanTool.zip\NeroCleanTool5.0.0.18.exe"
Task: {3644F449-A45B-4A45-B8AA-AF9E700204E0} - System32\Tasks\HP AR Program Upload - 8fee742bc20240b1b87efd8e94100bbb3229e313203d48afa38701b780d2682e => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {398FEDE2-1D82-41F4-A075-26781118F197} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {3E70080F-BFAB-446F-83F9-3E56A6F7AC0F} - System32\Tasks\{C68F16F1-F8F8-470F-B7DD-1A18C277009B} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {4B4EBD79-C1F2-452C-A435-1CF8D5C908A8} - System32\Tasks\{8CB2A5CB-7A1F-4DB6-A806-A4996351055C} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {4E086A02-EA01-4E97-AB86-BB57CABB59D1} - System32\Tasks\{030EF693-56F3-4ABA-BA81-0C374726750E} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\FilterCheck\FilterCheck.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\FilterCheck"
Task: {4E5D7E69-A73F-439E-91EA-4F09849DA183} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4EF641DD-3E31-46C7-8EDB-97FF5A4CE0DB} - System32\Tasks\{4E8E5794-2886-4DB0-B8E7-31A282635A2D} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {5138B300-2E45-4DFB-817A-2FF8553A704E} - System32\Tasks\{D586E4D9-A9DF-45E7-99CD-763139E3CE57} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\cdtraypal\CDTrayPal\CDTray.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\cdtraypal\CDTrayPal"
Task: {52F82455-2EEB-4B3B-81DE-DFD1EF5CE635} - System32\Tasks\{93A6F47C-EB99-4E66-98B3-77DBFC79BF01} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {5594D3A4-225A-4839-A7D3-19997535F102} - System32\Tasks\{B9C42B4B-D26F-4336-8048-26C37CE39E73} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\HijackThis.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {57645AD6-3413-4AE7-9F8E-052C1C580279} - System32\Tasks\{51414D4E-969C-484F-8B13-342475AA4682} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {58DDADD4-790C-40DC-973E-B36992D0717C} - System32\Tasks\{78DC9C81-1A61-4246-B2EC-19E52D98D1D3} => C:\Program Files (x86)\EZ Grabber\EZ Grabber.exe
Task: {61EA2F3A-B9CA-431E-A98F-80B2F63321EC} - System32\Tasks\{1C4F604B-7860-490B-9775-94B48CF54CBE} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {6807EAD0-5F66-496D-A46E-D7AE8BCA0B49} - System32\Tasks\{AA0017B2-B3EC-4373-AF30-DF815977F468} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {6BBB85B0-5BAB-4740-94B2-394A3168EF20} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {6CDDA6CF-5FA0-4E3F-8F0D-B90A18D5AE38} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6E377247-BB0B-4020-B572-FE03267867E9} - System32\Tasks\{7682A56A-5971-4C65-9BF3-927F829C3CB8} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200(1).exe
Task: {6E855C7E-2016-4402-A2DC-C6EE0982EC29} - System32\Tasks\{E286C1B4-FB6E-4907-9F09-33956D0E41D6} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\trilogyi.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {74017881-DC2F-453E-A909-488126C214D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-07] (Adobe Systems Incorporated)
Task: {746E09B2-6055-4FDB-B59C-E0AB0167AE3C} - System32\Tasks\{EE39E11B-6BEA-40E3-8D3B-DE8CE7E7A7A6} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\DivXInstaller.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {75744FB9-354E-40ED-A87A-9C76CFA99A5A} - System32\Tasks\{02E2589E-0509-4C9A-9D44-365AF5787263} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {75928BB4-100B-452B-830C-4FA2FF5C21DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {7C0351C1-3B95-4C69-BC78-8E7DC098C86D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {7E8DD48C-4838-4EF2-9AB3-55973C603F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {80FCCC78-9C20-4B1B-A9AD-EDE47CB9C296} - System32\Tasks\{4AE4D8F0-FFFF-4C61-80B5-BEC2636DAF6E} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\colorcubesviz.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {82961AFA-DA61-4AAF-AB8C-0032D40C0CD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {876035EC-B6D5-44F4-B3DA-8B37CC995601} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {89B55AA0-DE80-4547-BC48-BA85EACB2CC0} - System32\Tasks\{B49AE075-CA59-42D1-96EE-EBF791573797} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {91467B55-7C3F-4268-9868-649BE3F1A663} - System32\Tasks\{904B24DF-56B2-482C-AE03-685A09DD75FF} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\mflpro_c1\Data\Disk1\setup.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\mflpro_c1\Data\Disk1"
Task: {93D3EC65-4ED2-43FF-A343-F80B8E7C085E} - System32\Tasks\{3BF620E8-CB2D-472C-A02F-7E3B7F652033} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\FilterCheck\FilterCheck.exe" -d "C:\Users\Frys Electronics\Documents\FilterCheck"
Task: {95441ACA-4A76-4B7F-95FB-30365F597293} - System32\Tasks\{D2ECED7D-D33E-42E5-9D3E-56A6C62F5630} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\General-CleanTool\NeroCleanTool5.0.0.18.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\General-CleanTool"
Task: {9654AEA3-9E37-4D75-86CF-198E7D13322D} - System32\Tasks\{C2D2E423-6115-41C8-96F8-54EF3839056B} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {9668E83B-BCC3-4A85-B26E-18B42E8991B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {96FF34A8-11AA-4323-A286-112C4C901EE8} - System32\Tasks\{EB0B05F7-A721-42A2-919A-F8426607851B} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {9717CCBC-2A33-48E2-8AE3-0672D5F20E96} - System32\Tasks\{D763556C-C1B1-43F2-866C-47E708255328} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {9952470D-122E-436F-9B12-6AEC7E9CBB78} - System32\Tasks\{621F223D-7526-456D-8CCE-797637E04186} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {9F53C483-3ABC-4CCC-A196-5E60A3686991} - System32\Tasks\{B354B3B5-5BBF-4BED-889B-E4682EE5DB49} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\setupconsumerc2rolw.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {A162D623-F586-4C60-B557-9D1275D3D84E} - System32\Tasks\{8483FCB4-3D97-4A59-8A6D-340F97B7F5FE} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {A3B9A8FC-D386-4EA6-BC60-4FCE5007F611} - System32\Tasks\{A100ACCF-AD70-447D-AAB1-E75FB552335E} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {A65B093D-022B-43A4-9864-AD8D9276E1F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {ABAA519B-9B9E-43EA-A8E1-99967555897C} - System32\Tasks\{393DA027-C867-46F8-9185-10614D00AB16} => pcalua.exe -a "C:\Users\Frys Electronics\Desktop\Fry's Backup\My Documents\Nero 6 Ultra + Keys\Nero-6.6.0.18_no_yt.exe" -d "C:\Users\Frys Electronics\Desktop\Fry's Backup\My Documents\Nero 6 Ultra + Keys"
Task: {AEB446EA-003E-4985-9DDC-9C693A92E128} - System32\Tasks\{70023B7B-D2F5-4310-882F-D398EEFB76EA} => pcalua.exe -a "C:\Users\Frys Electronics\AppData\Local\Temp\Temp1_Filter Check.zip\Filter Check.exe"
Task: {B00554CE-0E0F-4B76-AE80-5A0793FBC227} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {C2317044-54B7-403F-916C-DF04C270DFAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {C663A10D-940A-41FC-9BD8-EBE405ECEA5B} - System32\Tasks\{0D5D3C28-AA9F-4456-96F5-0C317FC0072F} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {C83995F2-B845-4AFD-AFB7-0E818D2352F3} - System32\Tasks\{27CBC206-E062-40CF-A390-BBACFBC0975B} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {D0B3D4A4-5827-414A-801A-33F04E8C7323} - System32\Tasks\{075C2D02-4216-41D4-9F32-FB59BC6DB8E6} => pcalua.exe -a D:\Driver\Installation\Setup.exe -d D:\Driver\Installation
Task: {D1F917C2-11C3-4AF3-AECA-46FCA454F4FA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D47C1D73-5AED-4FE2-937E-0FAC6DE51605} - System32\Tasks\{1468C3DF-4B2F-4B1F-9137-A81564926D14} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\colorcubesviz.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {D7F35E0D-C07E-43B6-9220-33213F01EBB8} - System32\Tasks\{A518CD63-642B-4693-99AE-12F64C1495EE} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\AmazonUnboxVideo.exe"
Task: {DA02FD75-110D-4F74-880C-D65BC0F26D33} - System32\Tasks\{01A5FF98-93C8-46FA-B1BA-F43AEFBA1762} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\Driver\x86\setup.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\Driver\x86"
Task: {DCDE46F7-BBA9-4924-B66C-E755B9286BD3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E67C7875-A36A-4E99-9E7A-31CBD07BD079} - System32\Tasks\{8CCFA371-9621-42EC-A8C4-D35F7180A9BC} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {ED22DF0A-B2F8-44AC-A8FB-7D5A85740E2A} - System32\Tasks\{945C658D-83FF-487F-B18C-FF28EB9FAD3D} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\Filter Check\Filter Check.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\Filter Check"
Task: {F65482B4-59DE-48AF-8451-5827429D41BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FC627748-F746-432E-8C01-CF334F61F609} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {FE2ADDDF-D7DF-4FFE-A9AC-7D59C3DC7451} - System32\Tasks\{CE41C10C-FF7B-4144-BC35-0D2F865E007F} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-THEHASSANFAMILY_Frys-Electronics.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-16 15:27 - 2012-11-16 15:27 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-02 21:47 - 2014-09-02 21:47 - 01985840 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-05 00:44 - 2010-09-28 12:52 - 00099840 _____ () C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFix.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-03-05 18:36 - 2011-03-05 18:36 - 00045056 _____ () C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe
2013-03-27 13:05 - 2013-03-27 13:05 - 00699392 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2014-04-05 00:44 - 2010-09-28 12:52 - 02625024 _____ () C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
2011-08-10 23:58 - 2011-08-10 23:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-11-16 15:27 - 2012-11-16 15:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-17 14:05 - 2011-10-12 06:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-08 03:21 - 2015-04-08 03:21 - 00043008 _____ () c:\Users\Frys Electronics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmiqpzp.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-08-10 23:57 - 2011-08-10 23:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-04 19:06 - 2014-11-04 19:06 - 00221696 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SCExtensionManager.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-02-06 01:40 - 2015-02-06 01:40 - 01013248 _____ () C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-04-07 03:04 - 2015-04-07 03:04 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2216231976-994283857-177851732-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2216231976-994283857-177851732-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2216231976-994283857-177851732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ADVService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Administrator (S-1-5-21-2216231976-994283857-177851732-500 - Administrator - Disabled)
Frys Electronics (S-1-5-21-2216231976-994283857-177851732-1000 - Administrator - Enabled) => C:\Users\Frys Electronics
Guest (S-1-5-21-2216231976-994283857-177851732-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2216231976-994283857-177851732-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 04:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 04:08:25 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/08/2015 04:07:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 03:22:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x708
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (04/08/2015 03:11:50 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10224.  Message ID: [0x2509].

Error: (04/08/2015 02:07:10 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 8136.  Message ID: [0x2509].

Error: (04/08/2015 02:05:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10196.  Message ID: [0x2509].

Error: (04/08/2015 00:56:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1654
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/07/2015 05:41:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/08/2015 03:21:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/08/2015 03:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/08/2015 03:09:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 02:13:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 02:05:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 00:43:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2015 03:26:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/07/2015 03:24:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2015 02:12:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/07/2015 02:11:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/08/2015 04:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMTvWizard.exe.Manifest

Error: (04/08/2015 04:08:25 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\ATI\CIM\Bin64\SetACL64.exeC:\Program Files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST0

Error: (04/08/2015 04:07:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMDllHost.exe.Manifest

Error: (04/08/2015 03:22:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c170801d071041c291cdfC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlla8154231-ddbf-11e4-a537-c89cdca32452

Error: (04/08/2015 03:11:50 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10224.  Message ID: [0x2509].

Error: (04/08/2015 02:07:10 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 8136.  Message ID: [0x2509].

Error: (04/08/2015 02:05:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10196.  Message ID: [0x2509].

Error: (04/08/2015 00:56:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1165401d071995b2bd64bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla08b7c97-ddab-11e4-a537-c89cdca32452

Error: (04/07/2015 05:41:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMTvWizard.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 19:33:32.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:33:32.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:31:48.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:31:48.701
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:12:57.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:12:57.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:11:18.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:11:18.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 04:51:05.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 04:51:05.689
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-4100 Quad-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 13990.76 MB
Available physical RAM: 10249.16 MB
Total Pagefile: 27979.71 MB
Available Pagefile: 23563.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:1380.17 GB) (Free:1166.52 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:153.83 GB) NTFS
Drive g: (My Book) (Fixed) (Total:298.01 GB) (Free:152.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: E5515BF9)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1380.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 2CCEFD3F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================



#4 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 08:14 AM

DDS

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17689  BrowserJavaVersion: 11.31.2
Run by Frys Electronics at 9:08:59 on 2015-04-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.13991.10246 [GMT -4:00]
.
AV: Webroot SecureAnywhere *Enabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
SP: Webroot SecureAnywhere *Enabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe
C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\C2MP\TrayMenu.exe
C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_134.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Webroot\WRSA.exe
C:\Program Files\Webroot\WRSA.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
BHO: {1A6B6AD0-2735-498F-834C-AFCEA37847C2} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
BHO: SavvyConnect IE Extension: {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\ieplugin\LuthIEPlugin.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll
uRun: [WindowsWhere] "C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe"
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [CD Eject Tool] C:\Program Files (x86)\CD Eject Tool\CD Eject Tool.exe
uRun: [GoogleChromeAutoLaunch_7F995F9DD757A9FC461582664006362B] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
uRunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"
uRunOnce: [Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"
uRunOnce: [Adobe Speed Launcher] 1428477708
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SavvyConnectMenu] "C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SavvyConnectUI.exe" -a
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\FRYSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\FRYSEL~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SHELLF~1.LNK - C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~2.LNK - C:\Windows\SysWOW64\C2MP\TrayMenu.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\wruninstall.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Trusted Zone: $talisma_url$
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{ED5E580A-AB82-4938-AE33-0B005A19ABCC} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-BHO: Webroot Filtering Extension: {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: SavvyConnect IE Extension: {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files\Luth Research\SavvyConnectFramework\bin\Ieplugin\LuthIeplugin.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Handler: WSISAllmytubechrome - {4724F5AF-4E6D-41CA - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\browser\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll
FF - plugin: C:\Users\Frys Electronics\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);user_pref('network.proxy.type', 5);
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2011-8-30 282704]
R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2014-6-3 116736]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-12-5 98888]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-8-30 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-8-30 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-8-30 62776]
R1 RrNetCapFilterDriver;RadioRip Filter Driver;C:\Windows\System32\drivers\RrNetCapFilterDriver.sys [2014-4-28 24744]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-11-16 238080]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-11-16 361984]
R2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-30 255376]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-10 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-10 1080120]
R2 SCService;SavvyConnect Desktop Service;C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe [2014-9-2 1985840]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2014-6-3 818096]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-10-3 46136]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-8-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-8-30 77696]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-10 136408]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-8-30 533096]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfswin7.sys [2013-6-26 768680]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaywin7.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirwin7.sys [2013-6-26 29352]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvolwin7.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WsAudio_Device(1);WsAudio_Device(1);C:\Windows\System32\drivers\VirtualAudio1.sys [2014-5-30 31080]
R3 WsAudio_Device(2);WsAudio_Device(2);C:\Windows\System32\drivers\VirtualAudio2.sys [2014-5-30 31080]
R3 WsAudio_Device(3);WsAudio_Device(3);C:\Windows\System32\drivers\VirtualAudio3.sys [2014-5-30 31080]
R3 WsAudio_Device(4);WsAudio_Device(4);C:\Windows\System32\drivers\VirtualAudio4.sys [2014-5-30 31080]
R3 WsAudio_Device(5);WsAudio_Device(5);C:\Windows\System32\drivers\VirtualAudio5.sys [2014-5-30 31080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-12 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-1-2 315488]
S3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-12-25 33872]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2015-3-19 31920]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-12-19 94720]
S3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2012-12-3 95344]
S3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSib.sys [2012-12-3 21872]
S3 CXPLRCAP;Capture Device;C:\Windows\System32\drivers\CxPlrCap.sys [2010-1-6 235904]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-8-17 110336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2014-8-27 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-3-11 114688]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-10 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-16 19456]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-8-17 206080]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-31 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-16 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-3 1255736]
S3 wrUrlFlt;Webroot UrlFilter;C:\Windows\System32\drivers\wrUrlFlt.sys [2015-2-26 41040]
S4 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2015-04-08 12:59:56    --------    d-----w-    C:\FRST
2015-04-08 02:01:12    --------    d-----w-    C:\Program Files\Unknown Device Identifier
2015-04-08 01:51:08    --------    d-----w-    C:\Program Files\Speccy
2015-04-07 03:46:02    --------    d-----w-    C:\Users\Frys Electronics\AppData\Local\5D515C96_stp
2015-04-07 03:45:40    --------    d-----w-    C:\Users\Frys Electronics\AppData\Roaming\DVDVideoSoft
2015-04-04 07:01:23    --------    d-s---w-    C:\Windows\SysWow64\GWX
2015-04-04 07:01:22    --------    d-s---w-    C:\Windows\System32\GWX
2015-03-25 04:12:33    --------    d-----w-    C:\Program Files\ConvertHelper3
2015-03-19 06:47:48    31920    ----a-w-    C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys
2015-03-19 06:08:25    --------    d-----w-    C:\Users\Frys Electronics\.streamCapture
2015-03-19 05:49:48    --------    d-----w-    C:\flvrecorder
2015-03-19 05:49:44    --------    d-----w-    C:\Program Files (x86)\WinPcap
2015-03-19 05:49:15    --------    d-----w-    C:\Program Files (x86)\StreamingStar
2015-03-15 05:57:35    --------    d-----w-    C:\Users\Frys Electronics\AppData\Local\iSkysoft
2015-03-15 05:57:35    --------    d-----w-    C:\Program Files\Common Files\iSkysoft
2015-03-15 05:57:20    --------    d-----w-    C:\ProgramData\iSkysoft iTube Studio
2015-03-15 05:57:19    --------    d-----w-    C:\ProgramData\iSkysoft Application Common Data
2015-03-15 05:57:19    --------    d-----w-    C:\Program Files (x86)\iSkysoft
2015-03-14 07:30:32    --------    d-----w-    C:\Program Files (x86)\360
2015-03-14 07:30:19    --------    d-----w-    C:\Users\Frys Electronics\AppData\Roaming\360Safe
2015-03-14 07:30:19    --------    d-----w-    C:\ProgramData\{AB3BD2D7-59F0-4bd7-AC3F-90752F4028D8}.tmp
2015-03-11 04:12:41    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2015-03-11 04:11:38    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2015-03-11 04:11:38    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
.
==================== Find3M  ====================
.
2015-04-08 10:56:54    136408    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-04-08 09:22:03    166128    ----a-w-    C:\Windows\SysWow64\WRusr.dll
2015-04-08 09:22:03    116736    ----a-w-    C:\Windows\System32\drivers\WRkrn.sys
2015-04-08 09:22:03    103816    ----a-w-    C:\Windows\System32\WRusr.dll
2015-04-07 07:04:54    778928    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-07 07:04:54    142512    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 10:15:38    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2015-03-17 10:15:28    107736    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2015-03-17 10:15:24    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2015-03-06 05:56:10    95680    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2015-03-06 05:56:10    155576    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2015-03-06 05:42:39    210944    ----a-w-    C:\Windows\System32\wdigest.dll
2015-03-06 05:42:36    86528    ----a-w-    C:\Windows\System32\TSpkg.dll
2015-03-06 05:42:35    29184    ----a-w-    C:\Windows\System32\sspisrv.dll
2015-03-06 05:42:35    136192    ----a-w-    C:\Windows\System32\sspicli.dll
2015-03-06 05:42:33    341504    ----a-w-    C:\Windows\System32\schannel.dll
2015-03-06 05:42:33    28160    ----a-w-    C:\Windows\System32\secur32.dll
2015-03-06 05:42:29    314880    ----a-w-    C:\Windows\System32\msv1_0.dll
2015-03-06 05:42:29    309760    ----a-w-    C:\Windows\System32\ncrypt.dll
2015-03-06 05:42:27    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2015-03-06 05:42:27    1461760    ----a-w-    C:\Windows\System32\lsasrv.dll
2015-03-06 05:42:20    22016    ----a-w-    C:\Windows\System32\credssp.dll
2015-03-06 05:41:46    31232    ----a-w-    C:\Windows\System32\lsass.exe
2015-03-06 05:41:31    64000    ----a-w-    C:\Windows\System32\auditpol.exe
2015-03-06 05:39:16    60416    ----a-w-    C:\Windows\System32\msobjs.dll
2015-03-06 05:38:57    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2015-03-06 05:36:56    686080    ----a-w-    C:\Windows\System32\adtschema.dll
2015-03-06 05:10:34    172032    ----a-w-    C:\Windows\SysWow64\wdigest.dll
2015-03-06 05:10:30    65536    ----a-w-    C:\Windows\SysWow64\TSpkg.dll
2015-03-06 05:10:26    248832    ----a-w-    C:\Windows\SysWow64\schannel.dll
2015-03-06 05:10:26    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2015-03-06 05:10:22    259584    ----a-w-    C:\Windows\SysWow64\msv1_0.dll
2015-03-06 05:10:22    221184    ----a-w-    C:\Windows\SysWow64\ncrypt.dll
2015-03-06 05:10:18    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2015-03-06 05:10:11    17408    ----a-w-    C:\Windows\SysWow64\credssp.dll
2015-03-06 05:09:31    50176    ----a-w-    C:\Windows\SysWow64\auditpol.exe
2015-03-06 05:09:19    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2015-03-06 05:07:50    60416    ----a-w-    C:\Windows\SysWow64\msobjs.dll
2015-03-06 05:07:43    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2015-03-06 05:06:20    686080    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2015-02-26 16:17:19    41040    ----atw-    C:\Windows\System32\drivers\wrUrlFlt.sys
2015-02-26 03:25:44    3204096    ----a-w-    C:\Windows\System32\win32k.sys
2015-02-20 04:41:01    41984    ----a-w-    C:\Windows\System32\lpk.dll
2015-02-20 04:40:59    100864    ----a-w-    C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56    14336    ----a-w-    C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55    46080    ----a-w-    C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49    70656    ----a-w-    C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46    10240    ----a-w-    C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43    34304    ----a-w-    C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51    25600    ----a-w-    C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16    372224    ----a-w-    C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16    299008    ----a-w-    C:\Windows\SysWow64\atmfd.dll
2015-02-20 03:06:02    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2015-02-20 03:05:49    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2015-02-20 02:50:14    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2015-02-20 02:49:29    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2015-02-20 02:49:19    584192    ----a-w-    C:\Windows\System32\vbscript.dll
2015-02-20 02:47:56    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2015-02-20 02:35:17    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2015-02-20 02:35:05    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2015-02-20 02:34:24    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2015-02-20 02:32:34    6035456    ----a-w-    C:\Windows\System32\jscript9.dll
2015-02-20 02:26:12    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2015-02-20 02:22:35    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2015-02-20 02:13:57    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-20 02:09:08    503296    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2015-02-20 02:08:59    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2015-02-20 02:08:13    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06:44    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2015-02-20 01:56:54    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2015-02-20 01:56:07    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2015-02-20 01:47:06    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2015-02-20 01:46:45    2125824    ----a-w-    C:\Windows\System32\inetcpl.cpl
2015-02-20 01:41:52    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30:39    4300288    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2015-02-20 01:28:25    2358784    ----a-w-    C:\Windows\System32\wininet.dll
2015-02-20 01:24:21    2052608    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2015-02-20 01:23:19    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:01:25    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2015-02-17 19:29:58    1247912    ----a-w-    C:\Windows\SysWow64\FM20.DLL
2015-02-06 05:40:51    10395072    ----a-w-    C:\Program Files (x86)\Common Files\wruninstall.exe
2015-02-03 03:34:39    693176    ----a-w-    C:\Windows\System32\winload.efi
2015-02-03 03:34:38    5554104    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2015-02-03 03:34:36    94656    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29    616360    ----a-w-    C:\Windows\System32\winresume.efi
2015-02-03 03:30:58    631808    ----a-w-    C:\Windows\System32\evr.dll
2015-02-03 03:29:19    8704    ----a-w-    C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49    2048    ----a-w-    C:\Windows\System32\mferror.dll
2015-02-03 03:28:14    6656    ----a-w-    C:\Windows\System32\apisetschema.dll
2015-02-03 03:19:12    663552    ----a-w-    C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:16:31    3973048    ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-03 03:16:31    3917760    ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
2015-02-03 03:11:55    50176    ----a-w-    C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48    23040    ----a-w-    C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03    2048    ----a-w-    C:\Windows\SysWow64\mferror.dll
2015-02-03 03:08:07    6656    ----a-w-    C:\Windows\SysWow64\apisetschema.dll
2015-02-03 02:32:25    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2015-01-31 03:48:54    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-01-30 23:56:52    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2008-12-21 21:46:54    351744    --sha-w-    C:\Windows\SysWOW64\avisynth.dll
2005-07-14 16:31:20    32256    --sh--w-    C:\Windows\SysWOW64\AVSredirect.dll
2004-05-26 12:37:34    719872    --sha-w-    C:\Windows\SysWOW64\devil.dll
2004-01-25 04:00:00    70656    --sh--w-    C:\Windows\SysWOW64\i420vfw.dll
2004-01-25 04:00:00    70656    --sh--w-    C:\Windows\SysWOW64\yv12vfw.dll
.
============= FINISH:  9:09:24.67 ===============
 



#5 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 08:18 AM

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Frys Electronics at 2015-04-08 09:01:05
Running from C:\Users\Frys Electronics\Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 clear.fi  (x32 Version: 1.5.1717_38186 - CyberLink Corp.) Hidden
 clear.fi  (x32 Version: 9.0.8031 - CyberLink Corp.) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer System Information (HKLM-x32\...\{72199E33-4F2A-4B7F-8E25-95DDDD50A678}) (Version: 1.0.0 - Acer)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3502 - Acer Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Amazon Cloud Player (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Amazon Amazon Cloud Player) (Version: 1.5.0.341 - Amazon Services LLC)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Send to Kindle (HKLM-x32\...\SendToKindle) (Version: 1.0.1.237 - Amazon)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Audio Converter 5.7.9 (HKLM-x32\...\Any Audio Converter) (Version: 5.7.9 - Anvsoft)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.4.4.0 - SlySoft)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.10503 - ATI Technologies Inc.) Hidden
Audials (HKLM-x32\...\{6A388B01-D414-429D-A917-B27BEC991A85}) (Version: 11.0.53800.0 - Audials AG)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{A2A971DE-C864-4CF0-8FCA-FF7F569D8476}) (Version: 1.43.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
CD Eject Tool 2.9 (HKLM-x32\...\CD Eject Tool_is1) (Version:  - Fomine Software)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.4.0.25 - Citrix Systems, Inc.)
clear.fi (HKLM-x32\...\InstallShield_{37126D87-E4FD-4614-B908-A0BB7ECE3992}) (Version: 1.5.2212.35 - CyberLink Corp.)
clear.fi (x32 Version: 1.5.2212.35 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.05.3002 - Acer Incorporated)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
ConvertXtoDVD 4.1.20.0 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.1.20.0 - )
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Daum PotPlayer 1.5.34665 x64 Edition (HKLM\...\PotPlayer64) (Version:  - )
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Defraggler (HKLM\...\Defraggler) (Version: 2.16 - Piriform)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.64 - DivX, LLC)
DivX Web Player (HKLM-x32\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 1.5.0 - DivX,Inc.)
Dropbox (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
DVD Audio Extractor 7.1.1 (HKLM-x32\...\DVD Audio Extractor_is1) (Version:  - Computer Application Studio)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
eFax Messenger (HKLM-x32\...\{DF6DA606-904D-4C18-823F-A4CFC3035E53}) (Version: 4.4.3.556 - j2 Global)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.103 - Etron Technology) Hidden
Evernote v. 4.5.1 (HKLM-x32\...\{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}) (Version: 4.5.1.5451 - Evernote Corp.)
ffdshow v1.3.4500 [2013-01-06] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4500.0 - )
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
Folder Size Explorer (HKLM-x32\...\{5842EF9D-F74D-4B40-9C28-ABBE26200748}) (Version: 1.1.2 - Bazwise)
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Freemake Audio Converter version 1.1.0 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.0 - Ellora Assets Corporation)
Freemake Video Converter version 4.0.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.0.4 - Ellora Assets Corporation)
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
HP Officejet 6600 Basic Device Software (HKLM\...\{B407F586-D027-45C3-9109-CC2943E839FA}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12992 - HP)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
iPhoneBrowser (HKLM-x32\...\{C1FCDCA1-2759-4E5E-84EE-3A665BB2F513}) (Version: 1.9.3 - Cranium Consulting and Custom Software)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.0.3 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.0.3 - )
LockHunter 2.0 beta 2, 64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich, Ltd)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6126.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.9 - 3r1c)
MKVtoolnix 4.4.0 (HKLM-x32\...\MKVtoolnix) (Version: 4.4.0 - Moritz Bunkus)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MP3 Repair Tool v1.5.2 (HKLM-x32\...\MP3 Repair Tool_is1) (Version: 1.5.2 - Aspect one)
Mp3tag v2.65a (HKLM-x32\...\Mp3tag) (Version: v2.65a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.27 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.18 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.18 - Egis Technology Inc.) Hidden
Nero (HKLM-x32\...\Nero) (Version:  - )
Nero Mega Plugin Pack (HKLM-x32\...\{EF901A4B-A25A-4962-83C6-C6691D062ED9}) (Version: 2.0 - MaCiO)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.2.15400.16.100 - Nero AG)
Nero Vision Xtra (HKLM-x32\...\Nero Vision Xtra) (Version:  - )
Next Generation Visualisations (HKLM-x32\...\{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}) (Version: 1.0.0 -  Microsoft)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14072.12 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.45.0 - SAMSUNG Electronics Co., Ltd.)
SavvyConnect (HKLM-x32\...\{84F06BE5-18AB-409B-AF13-8A7FFA229F2E}) (Version: 3.12.0009 - Luth Research LLC)
Self-service Plug-in (x32 Version: 3.4.0.33684 - Citrix Systems, Inc.) Hidden
Should I Remove It (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{F6F8CF26-7340-4E0C-907C-E176F97A29CA}) (Version: 2.0.0.0 - Husdawg, LLC)
TagScanner 5.1.638 (HKLM-x32\...\TagScanner_is1) (Version:  - Sergey Serkov)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unity Web Player (HKU\S-1-5-21-2216231976-994283857-177851732-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unknown Device Identifier 8.02 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.02 - Huntersoft)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VobSub v2.23 (Remove Only) (HKLM-x32\...\VobSub) (Version:  - )
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.45 - VSO-Software SARL)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.8.76 - Webroot)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3504 - Acer Incorporated)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WindowsWhere (HKLM\...\{10EBA2F4-CFB7-47C6-91EA-35715C5A5E82}) (Version: 0.1.3 - Necrosoft)
WindowsWhere (HKLM-x32\...\{AEB9EABF-1C50-4301-8C51-9CAC2C819DC9}) (Version: 0.1.3 - Necrosoft)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-04-2015 23:26:22 Revo Uninstaller's restore point - Any Audio Converter 4.0.6
06-04-2015 23:31:09 Revo Uninstaller's restore point - Any Video Converter 5.7.9
06-04-2015 23:52:39 Revo Uninstaller's restore point - Dregol
07-04-2015 01:24:43 Revo Uninstaller's restore point - Free Audio Converter version 5.0.58.324

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-08-20 19:15 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0924E048-6840-4AA9-939C-96F14703E85B} - System32\Tasks\{B58533D0-14AE-444C-9268-B08EC57A9E59} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200(1).exe
Task: {0CA01636-0534-410D-8721-05CA02F22223} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {0CA0EFB5-1072-4026-888C-282981051BAF} - System32\Tasks\HP AR Program Upload - 46b38dffaca74097bffcb956210a97e683dc57d735df4592a9edaceb5b2c516d => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {10E277EC-6BF0-47F0-83EB-84934C17DD47} - System32\Tasks\{7AC9FB0F-EFBF-45F5-A80B-0EB6ECC12BE9} => C:\Users\Frys Electronics\Documents\Downloads\any-audio-converter.exe
Task: {1365E382-0DF3-4B41-ACBB-535A0C7EF89D} - System32\Tasks\NeroLiveEpgUpdate-THEHASSANFAMILY_Frys-Electronics => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe
Task: {17E4FA78-2578-4047-A45F-E65D32A8C98F} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2B1E2873-E044-4936-BB21-119CA731EFD7} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {34EDA9F2-2706-4359-8408-202580D62C46} - System32\Tasks\{BCED811F-D2B2-4A54-94BE-6CF7FC4F946D} => pcalua.exe -a "C:\Users\Frys Electronics\AppData\Local\Temp\Temp1_General-CleanTool.zip\NeroCleanTool5.0.0.18.exe"
Task: {3644F449-A45B-4A45-B8AA-AF9E700204E0} - System32\Tasks\HP AR Program Upload - 8fee742bc20240b1b87efd8e94100bbb3229e313203d48afa38701b780d2682e => C:\Program Files\HP\HP Officejet 6600\bin\HPRewards.exe [2012-10-17] (TODO: <Company name>)
Task: {398FEDE2-1D82-41F4-A075-26781118F197} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {3E70080F-BFAB-446F-83F9-3E56A6F7AC0F} - System32\Tasks\{C68F16F1-F8F8-470F-B7DD-1A18C277009B} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {4B4EBD79-C1F2-452C-A435-1CF8D5C908A8} - System32\Tasks\{8CB2A5CB-7A1F-4DB6-A806-A4996351055C} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {4E086A02-EA01-4E97-AB86-BB57CABB59D1} - System32\Tasks\{030EF693-56F3-4ABA-BA81-0C374726750E} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\FilterCheck\FilterCheck.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\FilterCheck"
Task: {4E5D7E69-A73F-439E-91EA-4F09849DA183} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {4EF641DD-3E31-46C7-8EDB-97FF5A4CE0DB} - System32\Tasks\{4E8E5794-2886-4DB0-B8E7-31A282635A2D} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {5138B300-2E45-4DFB-817A-2FF8553A704E} - System32\Tasks\{D586E4D9-A9DF-45E7-99CD-763139E3CE57} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\cdtraypal\CDTrayPal\CDTray.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\cdtraypal\CDTrayPal"
Task: {52F82455-2EEB-4B3B-81DE-DFD1EF5CE635} - System32\Tasks\{93A6F47C-EB99-4E66-98B3-77DBFC79BF01} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {5594D3A4-225A-4839-A7D3-19997535F102} - System32\Tasks\{B9C42B4B-D26F-4336-8048-26C37CE39E73} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\HijackThis.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {57645AD6-3413-4AE7-9F8E-052C1C580279} - System32\Tasks\{51414D4E-969C-484F-8B13-342475AA4682} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {58DDADD4-790C-40DC-973E-B36992D0717C} - System32\Tasks\{78DC9C81-1A61-4246-B2EC-19E52D98D1D3} => C:\Program Files (x86)\EZ Grabber\EZ Grabber.exe
Task: {61EA2F3A-B9CA-431E-A98F-80B2F63321EC} - System32\Tasks\{1C4F604B-7860-490B-9775-94B48CF54CBE} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {6807EAD0-5F66-496D-A46E-D7AE8BCA0B49} - System32\Tasks\{AA0017B2-B3EC-4373-AF30-DF815977F468} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {6BBB85B0-5BAB-4740-94B2-394A3168EF20} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-02-21] ()
Task: {6CDDA6CF-5FA0-4E3F-8F0D-B90A18D5AE38} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {6E377247-BB0B-4020-B572-FE03267867E9} - System32\Tasks\{7682A56A-5971-4C65-9BF3-927F829C3CB8} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200(1).exe
Task: {6E855C7E-2016-4402-A2DC-C6EE0982EC29} - System32\Tasks\{E286C1B4-FB6E-4907-9F09-33956D0E41D6} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\trilogyi.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {74017881-DC2F-453E-A909-488126C214D2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-07] (Adobe Systems Incorporated)
Task: {746E09B2-6055-4FDB-B59C-E0AB0167AE3C} - System32\Tasks\{EE39E11B-6BEA-40E3-8D3B-DE8CE7E7A7A6} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\DivXInstaller.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {75744FB9-354E-40ED-A87A-9C76CFA99A5A} - System32\Tasks\{02E2589E-0509-4C9A-9D44-365AF5787263} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {75928BB4-100B-452B-830C-4FA2FF5C21DC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {7C0351C1-3B95-4C69-BC78-8E7DC098C86D} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {7E8DD48C-4838-4EF2-9AB3-55973C603F4A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {80FCCC78-9C20-4B1B-A9AD-EDE47CB9C296} - System32\Tasks\{4AE4D8F0-FFFF-4C61-80B5-BEC2636DAF6E} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\colorcubesviz.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {82961AFA-DA61-4AAF-AB8C-0032D40C0CD7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-21] (Microsoft Corporation)
Task: {876035EC-B6D5-44F4-B3DA-8B37CC995601} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {89B55AA0-DE80-4547-BC48-BA85EACB2CC0} - System32\Tasks\{B49AE075-CA59-42D1-96EE-EBF791573797} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {91467B55-7C3F-4268-9868-649BE3F1A663} - System32\Tasks\{904B24DF-56B2-482C-AE03-685A09DD75FF} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\mflpro_c1\Data\Disk1\setup.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\mflpro_c1\Data\Disk1"
Task: {93D3EC65-4ED2-43FF-A343-F80B8E7C085E} - System32\Tasks\{3BF620E8-CB2D-472C-A02F-7E3B7F652033} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\FilterCheck\FilterCheck.exe" -d "C:\Users\Frys Electronics\Documents\FilterCheck"
Task: {95441ACA-4A76-4B7F-95FB-30365F597293} - System32\Tasks\{D2ECED7D-D33E-42E5-9D3E-56A6C62F5630} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\General-CleanTool\NeroCleanTool5.0.0.18.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\General-CleanTool"
Task: {9654AEA3-9E37-4D75-86CF-198E7D13322D} - System32\Tasks\{C2D2E423-6115-41C8-96F8-54EF3839056B} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {9668E83B-BCC3-4A85-B26E-18B42E8991B8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {96FF34A8-11AA-4323-A286-112C4C901EE8} - System32\Tasks\{EB0B05F7-A721-42A2-919A-F8426607851B} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/abandoninstall?source=lightinstaller&amp;page=tsBing
Task: {9717CCBC-2A33-48E2-8AE3-0672D5F20E96} - System32\Tasks\{D763556C-C1B1-43F2-866C-47E708255328} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {9952470D-122E-436F-9B12-6AEC7E9CBB78} - System32\Tasks\{621F223D-7526-456D-8CCE-797637E04186} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {9F53C483-3ABC-4CCC-A196-5E60A3686991} - System32\Tasks\{B354B3B5-5BBF-4BED-889B-E4682EE5DB49} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\setupconsumerc2rolw.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {A162D623-F586-4C60-B557-9D1275D3D84E} - System32\Tasks\{8483FCB4-3D97-4A59-8A6D-340F97B7F5FE} => C:\Program Files (x86)\TubeDigger\TubeDigger.exe
Task: {A3B9A8FC-D386-4EA6-BC60-4FCE5007F611} - System32\Tasks\{A100ACCF-AD70-447D-AAB1-E75FB552335E} => C:\Program Files (x86)\Nero\Nero 9\Nero Vision\NeroVision.exe
Task: {A65B093D-022B-43A4-9864-AD8D9276E1F4} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {ABAA519B-9B9E-43EA-A8E1-99967555897C} - System32\Tasks\{393DA027-C867-46F8-9185-10614D00AB16} => pcalua.exe -a "C:\Users\Frys Electronics\Desktop\Fry's Backup\My Documents\Nero 6 Ultra + Keys\Nero-6.6.0.18_no_yt.exe" -d "C:\Users\Frys Electronics\Desktop\Fry's Backup\My Documents\Nero 6 Ultra + Keys"
Task: {AEB446EA-003E-4985-9DDC-9C693A92E128} - System32\Tasks\{70023B7B-D2F5-4310-882F-D398EEFB76EA} => pcalua.exe -a "C:\Users\Frys Electronics\AppData\Local\Temp\Temp1_Filter Check.zip\Filter Check.exe"
Task: {B00554CE-0E0F-4B76-AE80-5A0793FBC227} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {C2317044-54B7-403F-916C-DF04C270DFAC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-24] (Google Inc.)
Task: {C663A10D-940A-41FC-9BD8-EBE405ECEA5B} - System32\Tasks\{0D5D3C28-AA9F-4456-96F5-0C317FC0072F} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: {C83995F2-B845-4AFD-AFB7-0E818D2352F3} - System32\Tasks\{27CBC206-E062-40CF-A390-BBACFBC0975B} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {D0B3D4A4-5827-414A-801A-33F04E8C7323} - System32\Tasks\{075C2D02-4216-41D4-9F32-FB59BC6DB8E6} => pcalua.exe -a D:\Driver\Installation\Setup.exe -d D:\Driver\Installation
Task: {D1F917C2-11C3-4AF3-AECA-46FCA454F4FA} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {D47C1D73-5AED-4FE2-937E-0FAC6DE51605} - System32\Tasks\{1468C3DF-4B2F-4B1F-9137-A81564926D14} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\colorcubesviz.exe" -d "C:\Users\Frys Electronics\Documents\Downloads"
Task: {D7F35E0D-C07E-43B6-9220-33213F01EBB8} - System32\Tasks\{A518CD63-642B-4693-99AE-12F64C1495EE} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\AmazonUnboxVideo.exe"
Task: {DA02FD75-110D-4F74-880C-D65BC0F26D33} - System32\Tasks\{01A5FF98-93C8-46FA-B1BA-F43AEFBA1762} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\Driver\x86\setup.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\Driver\x86"
Task: {DCDE46F7-BBA9-4924-B66C-E755B9286BD3} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {E67C7875-A36A-4E99-9E7A-31CBD07BD079} - System32\Tasks\{8CCFA371-9621-42EC-A8C4-D35F7180A9BC} => C:\Program Files (x86)\Folder Size\FolderSize.exe [2013-02-13] (Brio)
Task: {ED22DF0A-B2F8-44AC-A8FB-7D5A85740E2A} - System32\Tasks\{945C658D-83FF-487F-B18C-FF28EB9FAD3D} => pcalua.exe -a "C:\Users\Frys Electronics\Documents\Downloads\Filter Check\Filter Check.exe" -d "C:\Users\Frys Electronics\Documents\Downloads\Filter Check"
Task: {F65482B4-59DE-48AF-8451-5827429D41BD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {FC627748-F746-432E-8C01-CF334F61F609} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-04-05] (Acer Incorporated)
Task: {FE2ADDDF-D7DF-4FFE-A9AC-7D59C3DC7451} - System32\Tasks\{CE41C10C-FF7B-4144-BC35-0D2F865E007F} => C:\Users\Frys Electronics\Documents\Downloads\VSOConvertXtoDVDv41200.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
Task: C:\Windows\Tasks\NeroLiveEpgUpdate-THEHASSANFAMILY_Frys-Electronics.job => C:\Program Files (x86)\Nero\Nero 9\Nero Live\NeroLive.exe

==================== Loaded Modules (whitelisted) ==============

2012-11-16 15:27 - 2012-11-16 15:27 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-03-05 15:03 - 2012-03-05 15:03 - 00677376 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-02-16 13:53 - 2012-02-16 13:53 - 03642880 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-09-02 21:47 - 2014-09-02 21:47 - 01985840 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scservice\SCService.exe
2015-01-21 15:59 - 2015-01-21 15:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-05 00:44 - 2010-09-28 12:52 - 00099840 _____ () C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFix.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-03-05 18:36 - 2011-03-05 18:36 - 00045056 _____ () C:\Program Files (x86)\WindowsWhere\WindowsWhere.exe
2013-03-27 13:05 - 2013-03-27 13:05 - 00699392 _____ () C:\Windows\SysWOW64\C2MP\TrayMenu.exe
2014-04-05 00:44 - 2010-09-28 12:52 - 02625024 _____ () C:\Users\Frys Electronics\Documents\ShellFolderFix64\ShellFolderFixUI.exe
2011-08-10 23:58 - 2011-08-10 23:58 - 00627304 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-01-10 01:26 - 2014-01-10 01:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-11-16 15:27 - 2012-11-16 15:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-11-16 15:09 - 2012-11-16 15:09 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 13:16 - 2014-07-31 13:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-12-17 14:05 - 2011-10-12 06:22 - 00370984 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00750080 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-04-08 03:21 - 2015-04-08 03:21 - 00043008 _____ () c:\Users\Frys Electronics\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmiqpzp.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00047616 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 18:08 - 2015-03-04 18:08 - 00865280 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 18:07 - 2015-03-04 18:07 - 00200704 _____ () C:\Users\Frys Electronics\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2011-08-10 23:57 - 2011-08-10 23:57 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2014-01-10 01:28 - 2014-01-10 01:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2014-11-04 19:06 - 2014-11-04 19:06 - 00221696 _____ () C:\Program Files (x86)\Luth Research\SavvyConnectFramework\bin\scui\SCExtensionManager.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 16:19 - 2015-03-30 17:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-02-06 01:40 - 2015-02-06 01:40 - 01013248 _____ () C:\Users\Frys Electronics\AppData\Roaming\Mozilla\Firefox\Profiles\5z5oduer.default\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}\platform\WINNT_x86-msvc\components\wrxpcom.dll
2014-03-31 21:35 - 2014-03-31 21:35 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll
2015-04-07 03:04 - 2015-04-07 03:04 - 16858288 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2216231976-994283857-177851732-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-2216231976-994283857-177851732-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2216231976-994283857-177851732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Frys Electronics\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ADVService => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Unbox.lnk => C:\Windows\pss\Amazon Unbox.lnk.CommonStartup
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

==================== Accounts: =============================

Administrator (S-1-5-21-2216231976-994283857-177851732-500 - Administrator - Disabled)
Frys Electronics (S-1-5-21-2216231976-994283857-177851732-1000 - Administrator - Enabled) => C:\Users\Frys Electronics
Guest (S-1-5-21-2216231976-994283857-177851732-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2216231976-994283857-177851732-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 04:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 04:08:25 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (04/08/2015 04:07:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2015 03:22:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0
Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b
Exception code: 0xc0000005
Fault offset: 0x00000000000033c1
Faulting process id: 0x708
Faulting application start time: 0xFuel.Service.exe0
Faulting application path: Fuel.Service.exe1
Faulting module path: Fuel.Service.exe2
Report Id: Fuel.Service.exe3

Error: (04/08/2015 03:11:50 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10224.  Message ID: [0x2509].

Error: (04/08/2015 02:07:10 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 8136.  Message ID: [0x2509].

Error: (04/08/2015 02:05:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10196.  Message ID: [0x2509].

Error: (04/08/2015 00:56:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 37.0.1.5570, time stamp: 0x551e23ee
Faulting module name: mozalloc.dll, version: 37.0.1.5570, time stamp: 0x551e1536
Exception code: 0x80000003
Fault offset: 0x00001aa1
Faulting process id: 0x1654
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (04/07/2015 05:41:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "OnlineServices,version="3.7.0.0"1".
Dependent Assembly OnlineServices,version="3.7.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/08/2015 03:21:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/08/2015 03:19:56 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/08/2015 03:09:42 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 02:13:46 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 02:05:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/08/2015 00:43:57 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2015 03:26:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/07/2015 03:24:42 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/07/2015 02:12:17 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
ibituv
sMUwecPZ
vutsoc

Error: (04/07/2015 02:11:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (04/08/2015 04:08:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMTvWizard.exe.Manifest

Error: (04/08/2015 04:08:25 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Program Files\ATI\CIM\Bin64\SetACL64.exeC:\Program Files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST0

Error: (04/08/2015 04:07:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMDllHost.exe.Manifest

Error: (04/08/2015 03:22:46 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/08/2015 03:19:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c170801d071041c291cdfC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlla8154231-ddbf-11e4-a537-c89cdca32452

Error: (04/08/2015 03:11:50 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10224.  Message ID: [0x2509].

Error: (04/08/2015 02:07:10 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 8136.  Message ID: [0x2509].

Error: (04/08/2015 02:05:16 AM) (Source: .NET Runtime) (EventID: 1022) (User: )
Description: .NET Runtime version 4.0.30319.34209 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 10196.  Message ID: [0x2509].

Error: (04/08/2015 00:56:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe37.0.1.5570551e23eemozalloc.dll37.0.1.5570551e15368000000300001aa1165401d071995b2bd64bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla08b7c97-ddab-11e4-a537-c89cdca32452

Error: (04/07/2015 05:41:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: OnlineServices,version="3.7.0.0"C:\Program Files (x86)\Nero\Nero 10\Nero Vision\NMTvWizard.exe.Manifest


CodeIntegrity Errors:
===================================
  Date: 2014-12-11 19:33:32.900
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:33:32.784
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:31:48.825
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-11 19:31:48.701
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:12:57.142
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:12:57.017
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:11:18.175
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 05:11:18.050
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 04:51:05.798
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-12-10 04:51:05.689
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD FX™-4100 Quad-Core Processor
Percentage of memory in use: 26%
Total physical RAM: 13990.76 MB
Available physical RAM: 10249.16 MB
Total Pagefile: 27979.71 MB
Available Pagefile: 23563.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:1380.17 GB) (Free:1166.52 GB) NTFS
Drive f: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:153.83 GB) NTFS
Drive g: (My Book) (Fixed) (Total:298.01 GB) (Free:152.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: E5515BF9)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1380.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: 2CCEFD3F)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)

==================== End Of Log ============================


Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 5/9/2012 10:35:54 PM
System Uptime: 4/8/2015 3:20:39 AM (6 hours ago)
.
Motherboard: Acer |  | Aspire M3450
Processor: AMD FX™-4100 Quad-Core Processor             | CPU 1 | 3600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1380 GiB total, 1166.507 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 153.834 GiB free.
G: is FIXED (FAT32) - 298 GiB total, 152.014 GiB free.
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP719: 4/6/2015 11:26:22 PM - Revo Uninstaller's restore point - Any Audio Converter 4.0.6
RP720: 4/6/2015 11:31:09 PM - Revo Uninstaller's restore point - Any Video Converter 5.7.9
RP721: 4/6/2015 11:52:39 PM - Revo Uninstaller's restore point - Dregol
RP722: 4/7/2015 1:24:43 AM - Revo Uninstaller's restore point - Free Audio Converter version 5.0.58.324
.
==== Installed Programs ======================
.
 clear.fi
7-Zip 9.20
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer System Information
Acer Updater
Adobe AIR
Adobe Flash Player 16 ActiveX
Adobe Flash Player 17 NPAPI
Adobe Reader XI (11.0.10)
Adobe Shockwave Player 12.1
Amazon Cloud Player
Amazon MP3 Downloader 1.0.17
Amazon Send to Kindle
Amazon Unbox Video
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
AMD Drag and Drop Transcoding
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
Any Audio Converter 5.7.9
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO64 Codecs
Audials
AviSynth 2.5
Bonjour
calibre
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD Eject Tool 2.9
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
clear.fi
clear.fi Client
ConvertHelper 3.1.1
ConvertXtoDVD 4.1.20.0
Coupon Printer for Windows
D3DX10
Daum PotPlayer 1.5.34665 x64 Edition
Debut Video Capture Software
Definition Update for Microsoft Office 2013 (KB2956172) 32-Bit Edition
Defraggler
DivX Setup
DivX Web Player
Dropbox
DVD Audio Extractor 7.1.1
DVD Flick 1.3.0.7
DVD Shrink 3.2
eFax Messenger
eReg
Etron USB3.0 Host Controller
Evernote v. 4.5.1
ffdshow v1.3.4500 [2013-01-06]
FileASSASSIN
Folder Size Explorer
Free M4a to MP3 Converter 8.1
Freemake Audio Converter version 1.1.0
Freemake Video Converter version 4.0.4
Galerie de photos
Google Chrome
Google Update Helper
Haali Media Splitter
Hotkey Utility
HP Officejet 6600 Basic Device Software
HP Photo Creations
Identity Card
ImagXpress
ImgBurn
iPhoneBrowser
iTunes
Java 8 Update 31
Java Auto Updater
Junk Mail filter update
K-Lite Mega Codec Pack 10.0.3
LockHunter 2.0 beta 2, 64 bit
Logitech SetPoint 6.65
Malwarebytes Anti-Malware version 2.1.4.1018
Microsoft .NET Framework 4.5.2
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Office 64-bit Components 2013
Microsoft Office Click-to-Run 2010
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Starter 2010 - English
Microsoft OneDrive
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft PowerPoint MUI (English) 2013
Microsoft Publisher MUI (English) 2013
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Word MUI (English) 2013
mkv2vob
MKVtoolnix 4.4.0
Morphyre
Movie Maker
Mozilla Firefox 37.0.1 (x86 en-US)
Mozilla Maintenance Service
MP3 Repair Tool v1.5.2
Mp3tag v2.65a
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero
Nero 10 Menu TemplatePack Basic
Nero ControlCenter
Nero CoverDesigner
Nero Mega Plugin Pack
Nero Vision
Nero Vision 10
Nero Vision Xtra
NeroBurningROM
NeroExpress
neroxml
Next Generation Visualisations
NOOK for PC
Norton Online Backup
Online Plug-in
Outils de vérification linguistique 2013 de Microsoft Office - Français
Photo Common
Photo Gallery
QuickTime 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Samsung Kies3
SAMSUNG USB Driver for Mobile Phones
SavvyConnect
Security Update for Microsoft Office 2013 (KB2880502) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2910941) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2956151) 32-Bit Edition
Security Update for Microsoft Word 2013 (KB2956163) 32-Bit Edition
Self-service Plug-in
Should I Remove It
Shredder
Skype Click to Call
Skype™ 7.2
Speccy
swMSM
System Requirements Lab Detection
TagScanner 5.1.638
Times Reader
Unity Web Player
Unknown Device Identifier 8.02
Unlocker 1.9.2
Update for Microsoft Access 2013 (KB2956176) 32-Bit Edition
Update for Microsoft Excel 2013 (KB2956145) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2956174) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760371) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition
Update for Microsoft Office 2013 (KB2837654) 32-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition
Update for Microsoft Office 2013 (KB2880977) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881001) 32-Bit Edition
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition
Update for Microsoft Office 2013 (KB2883095) 32-Bit Edition
Update for Microsoft Office 2013 (KB2899498) 32-Bit Edition
Update for Microsoft Office 2013 (KB2899522) 32-Bit Edition
Update for Microsoft Office 2013 (KB2920754) 32-Bit Edition
Update for Microsoft Office 2013 (KB2920769) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956148) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956154) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956160) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956167) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956168) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956169) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956171) 32-Bit Edition
Update for Microsoft Office 2013 (KB2956177) 32-Bit Edition
Update for Microsoft OneDrive for Business (KB2920746) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2956165) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2956170) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2013 (KB2737996) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2965206) 32-Bit Edition
Update for Microsoft Project 2013 (KB2956187) 32-Bit Edition
Update for Microsoft Publisher 2013 (KB2883048) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
VLC media player
VobSub v2.23 (Remove Only)
VSO ConvertXToDVD
Webroot SecureAnywhere
Welcome Center
Windows 7 USB/DVD Download Tool
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WindowsWhere
WinPcap 4.1.1
WinRAR 4.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
4/8/2015 3:21:27 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ibituv sMUwecPZ vutsoc
4/8/2015 3:19:56 AM, Error: Service Control Manager [7034]  - The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
4/8/2015 3:09:42 AM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\DR1.
4/4/2015 3:01:45 AM, Error: Schannel [36887]  - The following fatal alert was received: 80.
4/3/2015 12:14:16 AM, Error: volsnap [36]  - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
.
==== End Of File ===========================
 



#6 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 08 April 2015 - 02:28 PM

Hi BKMalik,

 

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 08:30 PM

Mbar log

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.09.01
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Frys Electronics :: THEHASSANFAMILY [administrator]

4/8/2015 8:17:00 PM
mbar-log-2015-04-08 (20-17-00).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 426597
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\WOW6432NODE\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} (Trojan.Poweliks.B) -> No action taken. [e4a1aac01b6fdd5980eff70bcc349967]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#8 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 08:31 PM

System log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 9622282240

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 9630523392

Downloaded database version: v2015.04.09.01
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
     04/08/2015 20:16:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\gjtveuet.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.09.01
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d1eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c0639c0, DeviceName: \Device\0000006c\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E5515BF9

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 35651584

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 35653632  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 35858432  Numsec = 2894415872

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e03eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010645b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2CCEFD3F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80109242c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107bfb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41FFC810

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80107cab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107b4b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107ccb60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d1b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d4b60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d5b60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\WOW6432NODE\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
------------ Kernel report ------------
     04/08/2015 20:53:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\gjtveuet.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-35653632-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 



#9 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 08 April 2015 - 09:13 PM

RK report

 

RogueKiller V10.5.9.0 [Apr  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Frys Electronics [Administrator]
Started from : C:\Users\Frys Electronics\Documents\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/08/2015  21:58:25

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 13 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64"  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2216231976-994283857-177851732-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Frys Electronics\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220"  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AtiDCM (\??\C:\Users\Frys Electronics\AppData\Local\Temp\atdcm64a.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AtiDCM (\??\C:\Users\Frys Electronics\AppData\Local\Temp\atdcm64a.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\AtiDCM (\??\C:\Users\Frys Electronics\AppData\Local\Temp\atdcm64a.sys) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\IHUninstallTrackingTASK -- CMD (/C DEL C:\Users\FRYSEL~1\AppData\Local\Temp\IHUFE85.tmp.exe) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 2 ¤¤¤
[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http", "114.174.13.187"); -> Found
[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http_port", 80); -> Found

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD15EARX-22PASB0 SCSI Disk Device +++++
--- User ---
[MBR] f9180d46a417c5c206276a9dd643af54
[BSP] 0bcad7eaa94863b4c7512867fa0957c0 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

+++++ PhysicalDrive1: Seagate FreeAgent USB Device +++++
--- User ---
[MBR] 666dfbdf08127dcb026ca0cf2ac3a06b
[BSP] 7048da7ba003daec8ef2cd994c5dd502 : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: WD 3200AAV External USB Device +++++
--- User ---
[MBR] 5792021b7e9e1135cf3e9e18af00cb11
[BSP] 0aa7b47126457242ae67ea791b49585d : Windows XP MBR Code
Partition table:
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: Generic- SD/MMC USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive6: Generic- MS/MS-Pro/HG USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive7: Generic- SD/MMC/MS/MSPRO USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_04082015_214949.log



#10 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:39 PM

Posted 09 April 2015 - 05:20 PM

Hi BKMalik,

Infected: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\WOW6432NODE\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]

-------------------------------------------------------------------------

[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http", "114.174.13.187"); -> Found
[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http_port", 80); -> Found
Do you use a proxy and did you make this proxy settings?

Do you use a proxy and did you make this proxy settings?
--------------------------------------------------------------------------------------------------
Please download PoweliksCleaner by ESET and save it to your desktop.

  • Double-click ESETPoweliksCleaner.exe and follow the prompts to run it.
  • Agree to the terms of the license agreement.
  • The tool will run automatically.
  • If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected Win32/Poweliks was successfully removed from your system will be displayed.
  • Press any key to exit the tool and reboot your PC.
  • If an infection was found and disinfected, please attach the ESETPoweliksCleaner.exe_date.time.log it produces to your next reply.

---------------------------------------------------------------------------------------------------
Please try run  Malwarebytes Anti-Rootkit

  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"

-----------------------------------------------------------------------------------------------------

  • Next please re-run FRST again and type the following in the edit box after Search: dllhost.exe;{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me.

Good work.


Edited by olgun52, 09 April 2015 - 05:29 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 09 April 2015 - 07:55 PM

[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http", "114.174.13.187"); -> Found
[PUM.Proxy][FIREFX:Config] 5z5oduer.default : user_pref("network.proxy.http_port", 80); -> Found
Do you use a proxy and did you make this proxy settings?

 

I did not make any Firefox proxy settings. The settings that I are in my advanced options are here:

 

http://imgur.com/wdtDTxm

 

Please help me to delete the PUM.Proxy and all other instances of PUM.

 

I am in the process of completing your last instructions.


Edited by BKMalik, 09 April 2015 - 11:50 PM.


#12 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 09 April 2015 - 09:13 PM

ESET completed and I deleted the infection. Both of the log files are attached in zip format.Attached File  ESETPoweliksCleaner.exe_20150409.205626.8036 - 1.zip   12.58KB   1 downloadsAttached File  ESETPoweliksCleaner.exe_20150409.211719.11040 - 2.zip   23.95KB   1 downloads


Edited by BKMalik, 09 April 2015 - 09:43 PM.


#13 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 09 April 2015 - 11:27 PM

MBAR Log

 

Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org

Database version:
  main:    v2015.04.10.01
  rootkit: v2015.03.31.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17691
Frys Electronics :: THEHASSANFAMILY [administrator]

4/9/2015 11:52:01 PM
mbar-log-2015-04-09 (23-52-01).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 427869
Time elapsed: 23 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 



#14 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 09 April 2015 - 11:28 PM

MBAR system log

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 9622282240

=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 9630523392

Downloaded database version: v2015.04.09.01
Downloaded database version: v2015.03.31.01
Downloaded database version: v2015.04.06.02
=======================================
Initializing...
------------ Kernel report ------------
     04/08/2015 20:16:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\gjtveuet.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.09.01
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d1eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c0639c0, DeviceName: \Device\0000006c\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E5515BF9

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 35651584

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 35653632  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 35858432  Numsec = 2894415872

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e03eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010645b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2CCEFD3F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80109242c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107bfb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41FFC810

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80107cab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107b4b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107ccb60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d1b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d4b60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d5b60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: HKU\S-1-5-21-2216231976-994283857-177851732-1000_Classes\WOW6432NODE\CLSID\{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} --> [Trojan.Poweliks.B]
Scan finished
------------ Kernel report ------------
     04/08/2015 20:53:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\gjtveuet.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
User declined to cleanup malware.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-35653632-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 8264433664

Downloaded database version: v2015.04.09.02
Downloaded database version: v2015.04.09.03
Downloaded database version: v2015.04.09.04
Downloaded database version: v2015.04.09.05
Downloaded database version: v2015.04.09.06
Downloaded database version: v2015.04.09.07
=======================================
Initializing...
------------ Kernel report ------------
     04/09/2015 20:31:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\gjtveuet.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\Wldap32.dll
\Windows\System32\gdi32.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\imagehlp.dll
\Windows\System32\shlwapi.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shell32.dll
\Windows\System32\wininet.dll
\Windows\System32\psapi.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.09.07
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d1eeb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d1ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c0639c0, DeviceName: \Device\0000006c\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E5515BF9

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 35651584

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 35653632  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 35858432  Numsec = 2894415872

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800e03eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010643060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8010645b60, DeviceName: \Device\00000086\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2CCEFD3F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80109242c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010924790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107bfb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41FFC810

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80107cab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4a060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107b4b60, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4b060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107ccb60, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a45060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d1b60, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a45b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4d060, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d4b60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8010a4eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010a4e060, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80107d5b60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan Interrupted
Scan was aborted.
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-35653632-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.1.1004

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17691

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.591000 GHz
Memory total: 14670376960, free: 10238267392

Downloaded database version: v2015.04.10.01
=======================================
Initializing...
------------ Kernel report ------------
     04/09/2015 23:51:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\RsYesMpk.sys
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\NDIS.SYS
\SystemRoot\System32\drivers\TDI.SYS
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\drivers\WRkrn.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie64.sys
\SystemRoot\system32\drivers\ahcix64s.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\RrNetCapFilterDriver.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\EtronXHCI.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\VirtualAudio1.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\VirtualAudio2.sys
\SystemRoot\system32\drivers\VirtualAudio3.sys
\SystemRoot\system32\drivers\VirtualAudio4.sys
\SystemRoot\system32\drivers\VirtualAudio5.sys
\SystemRoot\system32\drivers\tbhsd.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\amdiox64.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\EtronHub3.sys
\SystemRoot\System32\Drivers\USBD.SYS
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbprint.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_ahcix64s.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\Sftvolwin7.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfswin7.sys
\SystemRoot\system32\DRIVERS\Sftplaywin7.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirwin7.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\usbaapl64.sys
\SystemRoot\system32\DRIVERS\WinUsb.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\setupapi.dll
\Windows\System32\kernel32.dll
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2015.04.10.01
  rootkit: v2015.03.31.01

<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800d215060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800c46b9d0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d215060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800c45b9c0, DeviceName: \Device\0000006c\, DriverName: \Driver\ahcix64s\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E5515BF9

Partition information:

    Partition 0 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 35651584

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 35653632  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 35858432  Numsec = 2894415872

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa80103df060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80103e0a50, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80103df060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80103ec060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2CCEFD3F

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 976768002

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xfffffa80103c6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80103c2040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80103c6060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80103bfb60, DeviceName: \Device\00000094\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 41FFC810

Partition information:

    Partition 0 type is Other (0xc)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 625121217
    Partition file system is FAT32
    Partition is not bootable

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa8010700790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80107002c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8010700790, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800e393660, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa80106f8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80106f9040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106f8790, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80106df060, DeviceName: \Device\00000099\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa80106fa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80106fab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106fa060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80106f4060, DeviceName: \Device\0000009a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xfffffa80106f9790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80106f8040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106f9790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80103bbb60, DeviceName: \Device\0000009b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xfffffa80106fb790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80106fc040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80106fb790, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80106f5b60, DeviceName: \Device\0000009c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-35653632-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removal finished
 



#15 BKMalik

BKMalik
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Decatur, GA
  • Local time:12:39 PM

Posted 09 April 2015 - 11:43 PM

FRST Search.txt (files)

 

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Frys Electronics at 2015-04-10 00:37:08
Running from C:\Users\Frys Electronics\Documents\Downloads
Boot Mode: Normal

================== Search Files: "dllhost.exe; {AB8902B4-09CA-B78D-A8F59079A8D5}" =============

C:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhost.exe
[2009-07-13 19:43][2009-07-13 21:14] 0007168 ____A (Microsoft Corporation) A63DC5C2EA944E6657203E0C8EDEAF61 [File is signed]

C:\Windows\winsxs\amd64_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_a018e05d0d33081d\dllhost.exe
[2009-07-13 19:59][2009-07-13 21:39] 0009728 ____A (Microsoft Corporation) A8EDB86FC2A4D6D1285E4C70384AC35A [File is signed]

C:\Windows\SysWOW64\dllhost.exe
[2009-07-13 19:43][2009-07-13 21:14] 0007168 ____A (Microsoft Corporation) A63DC5C2EA944E6657203E0C8EDEAF61 [File is signed]

C:\Windows\System32\dllhost.exe
[2009-07-13 19:59][2009-07-13 21:39] 0009728 ____A (Microsoft Corporation) A8EDB86FC2A4D6D1285E4C70384AC35A [File is signed]

====== End Of Search ======






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users