Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack this Log - Please assist.


  • This topic is locked This topic is locked
4 replies to this topic

#1 food77

food77

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 08 April 2015 - 03:46 PM

So, strange things have been happening in my browser lately.  Just a lot of strange pop ups that appear to be advertisements on web pages, though I am seeing them on regular trustworthy websites, and they are covering over content.  I went ahead and ran a scan.  Please let me know if you see anything crazy in here.  Thanks!!

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:20:23 PM, on 4/8/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Users\John\AppData\Local\SmartWeb\SmartWebHelper.exe
C:\Program Files (x86)\gmsd_us_401\gmsd_us_401.exe
C:\Users\John\AppData\Local\gmsd_us_401\upgmsd_us_401.exe
C:\Users\John\AppData\Local\SmartWeb\SmartWebApp.exe
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: shopperz Helper - {5081D2D4-1637-404c-B74F-50526718257D} - C:\Program Files\shopperz\mseff32.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [gmsd_us_401] "C:\Program Files (x86)\gmsd_us_401\gmsd_us_401.exe"
O4 - HKLM\..\RunOnce: [Update] C:\Users\John\AppData\Roaming\VOPackage\VOPackage.exe /runonce
O4 - HKLM\..\RunOnce: [upgmsd_us_401.exe] C:\Users\John\AppData\Local\gmsd_us_401\upgmsd_us_401.exe -runonce
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [HP Deskjet 3050 J610 series (NET)] "C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN15G3D3R505HX:NW" -scfn "HP Deskjet 3050 J610 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Selection Tools] "C:\Users\John\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vcl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vcl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vcl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vcl.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vcl.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:/progra~3/{df1c3~1/171~1.0/ceto.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - Hewlett-Packard Company - C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Communication Modem (wurevyky) - Unknown owner - C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\nsdA388.tmp
O23 - Service: Subscript Title (zohizimy) - Unknown owner - C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\jnsq7DC9.tmp

--
End of file - 11886 bytes



BC AdBot (Login to Remove)

 


#2 BrianDrab

BrianDrab

  • Malware Response Team
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 08 April 2015 - 04:02 PM

Hi. My name is Brian, and I would be happy to look into your issue.
 



- General Instructions -

  • Please read all instructions and fixes thoroughly. Read the ENTIRE post BEFORE performing any steps so you understand all that needs to be done.
  • I would advise printing any instructions for easy reference as some of the fixes may require you to boot in Safe mode. Access to these instructions may not be available in Safe Mode.
  • Any fixes provided by myself are for this log file only and should not be used on any other systems.
  • Do not run any other removal software or perform updates other than the ones I provide, as it will complicate the cleaning process.
  • It's very likely that part of our cleanup will include emptying your recycle bin. If you use your recycle bin as an archive and do not wish this to be emptied, please let me know.
  • You have 4 days to reply to each post or the topic will be closed.
  • Please feel free to ask any questions, especially if you are having problems with my instructions.


- Save ALL Tools to your Desktop-

 

All tools that I have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.
 
Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
"Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.
IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
 

- Finally Before We Start-

 
Removing malware is a complicated multiple step process, Please stay with me until I have declared your system clean. I strongly recommend you backup your personal files and folders. Although rare, attempting to remove malware can render your machine unbootable or cause data loss. Having backups of your data is your responsibility. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

 

 

 

 

Yes I do see some things that need cleaned up but I would like you to run another tool.

 

Step#1 - FRST Scan
 1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running (if not already).
4. Press Scan button.
5. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
6. Please copy and paste log back here.
7. Another log (Addition.txt - also located in the same directory as FRST64.exe) will be generated Please also paste that along with the FRST.txt into your reply.

 



#3 food77

food77
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 08 April 2015 - 05:00 PM

Here are the results of that scan.. thanks for the response!

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by John at 2015-04-08 14:23:20
Running from C:\Users\John\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{0E47CC6A-42DD-9DFF-9BA5-69A9D7630E31}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD VISION Engine Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.5 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 1.0.35 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.6 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.26 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.9.120 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0022 - ASUS)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{3CA0D836-B5E7-463D-A1C5-9F49B3E3EDE6}) (Version: 2.20.0 - Kovid Goyal)
Canon Digital Camera Solution Disk 40-46 Software Starter Guide (HKLM-x32\...\SoftwareStarterGuide-DCSD40_46) (Version: 1.1.0.1 - Canon Inc.)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.7.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.0.0.20 - Canon Inc.)
Canon Personal Printing Guide (HKLM-x32\...\Personal Printing Guide) (Version: 1.0.0.1 - Canon Inc.)
Canon PowerShot SD1200 IS_IXUS 95 IS Camera User Guide (HKLM-x32\...\CameraUserGuide-PSSD1200IS_IXUS95IS) (Version: 1.0.0.1 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.2.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC (HKLM-x32\...\CameraWindowDC) (Version: 7.4.0.9 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.5.0.3 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 7.2.0.4 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.2.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.8.0.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.3.0.7 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.2.0.9 - Canon Inc.)
Classic Shell (HKLM\...\{840C85B7-D3D6-4143-9AF9-DAE80FD54CFC}) (Version: 4.1.0 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
GamesDesktop 025.401 (HKLM-x32\...\gmsd_us_401_is1) (Version:  - GAMESDESKTOP) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6690 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SceneSwitch (HKLM-x32\...\{5172E572-C175-4F80-A6D5-5CB45826AD61}) (Version: 1.0.14 - ASUS)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.22298 - TeamViewer)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows 8 Manager (HKLM\...\{AAABEA42-C400-45A5-8D23-3167742929E0}) (Version: 1.1.3 - Yamicsoft)
Windows Driver Package - ASUS (ATP) Mouse  (10/29/2012 1.0.0.148) (HKLM\...\C01F56FBD9B141017E63E2A1A141E59934D4DC67) (Version: 10/29/2012 1.0.0.148 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
XBMC (HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\XBMC) (Version:  - Team XBMC)
XBMC (HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\XBMC) (Version:  - Team XBMC)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

18-03-2015 23:36:13 Scheduled Checkpoint
24-03-2015 16:11:41 Windows Update
29-03-2015 00:32:57 Windows Update
03-04-2015 17:50:26 Windows Update
05-04-2015 13:51:00 Removed SceneSwitch

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0026DCC7-FE37-414B-9894-57D7DC420D17} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-23] (Microsoft Corporation)
Task: {0C3B753A-752B-4046-B6DA-003212A8ADF5} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\John\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {177FD6AA-FEB7-467E-8337-2F0E82765005} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313539303134303238372d322d573223576c5a55452a2a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: {1B9B4FB8-34CE-4A50-B913-46CBF8E291DE} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {1CCF98F8-8FD5-4BE1-AE70-5DD9DE224B8C} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {2385B2C6-7835-45F7-BD46-AD7288F96EF2} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {25781687-30A1-458A-9A4F-C00DF9F36015} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3A62E3AD-2F86-4BD3-B235-6F9B152DFD74} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.)
Task: {519098A9-D51C-49E9-8466-F64ABCC7257D} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {54D14551-C03E-4FA8-A91E-F36497BD52FD} - System32\Tasks\{A2F186F9-E23E-4FD4-9EAB-3741BD44AAE8} => pcalua.exe -a "C:\Program Files (x86)\Advanced System Protector\unins000.exe"
Task: {7112B65D-868A-4A9C-8FDC-696B8CEACDF0} - System32\Tasks\RPC => C:\Program Files (x86)\Reg Pro Cleaner\Regprocleaner.exe
Task: {7984F110-E0D8-4C2B-BB9F-9CCDEFE6B9D0} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {865EA1A7-98C9-4636-9C66-CBF4B79E1185} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-23] (Microsoft Corporation)
Task: {9753F122-A19C-4972-9C13-B3B50916BE9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-02] (Google Inc.)
Task: {9D14787E-21E3-493D-9B95-A964D5FEF6DC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A2C432B6-96EE-4BFA-A2B0-35AC16FF2106} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {A5671EB5-B093-47C7-9126-817D5A9265EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {B9F36C48-7850-4769-A1D2-EABDE3A8EF47} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {C8EE4A06-EF0D-4D43-9CFA-2B2BA29EE0D8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D32ED9B0-C5F6-4C92-8B0D-281382E530E8} - System32\Tasks\QEYRRHGBY => C:\ProgramData\4dfedb39a3694380b6ec75b2e5cee601\4dfedb39a3694380b6ec75b2e5cee601.exe [2015-03-28] ()
Task: {E346C960-CE27-4607-9BE4-5C5E8646BE62} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2012-10-31] (AsusTek)
Task: {F72600BD-A9BC-40C0-A959-9792FF42A16F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1943033763-3113564485-4255627063-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {FCACFA65-1C83-49CC-BE5D-545A31750F78} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {FF179314-A86C-44B3-9771-A1F2C0DA9C68} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-03-28 01:33 - 2015-03-28 01:33 - 00204800 _____ () C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\jnsq7DC9.tmp
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-04-07 23:01 - 2015-04-07 13:55 - 03984016 _____ () C:\Program Files (x86)\gmsd_us_401\gmsd_us_401.exe
2015-04-07 23:01 - 2015-04-07 13:55 - 03309712 ____N () C:\Users\John\AppData\Local\gmsd_us_401\upgmsd_us_401.exe
2015-04-08 13:47 - 2015-04-08 13:47 - 00288256 _____ () C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\nszF124.tmp
2015-04-07 10:21 - 2015-04-07 10:21 - 00098816 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32api.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00110080 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\pywintypes27.dll
2015-04-07 10:21 - 2015-04-07 10:21 - 00364544 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\pythoncom27.dll
2015-04-07 10:21 - 2015-04-07 10:21 - 00045568 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_socket.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 01161216 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_ssl.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00320512 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32com.shell.shell.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00713216 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_hashlib.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 01175040 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._core_.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00805888 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._gdi_.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00811008 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._windows_.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 01062400 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._controls_.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00735232 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._misc_.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00682496 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\pysqlite2._sqlite.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00128512 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_elementtree.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00127488 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\pyexpat.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00087552 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_ctypes.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00119808 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32file.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00108544 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32security.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00007168 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\hashobjs_ext.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00167936 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32gui.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00018432 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32event.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00038912 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32inet.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00011264 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32crypt.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00070656 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._html2.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00027136 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_multiprocessing.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00020480 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\_yappi.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00035840 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32process.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00686080 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\unicodedata.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00122368 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._wizard.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00024064 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32pipe.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00010240 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\select.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00025600 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32pdh.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00525640 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\windows._lib_cacheinvalidation.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00017408 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32profile.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00022528 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\win32ts.pyd
2015-04-07 10:21 - 2015-04-07 10:21 - 00078336 _____ () C:\Users\John\AppData\Local\Temp\_MEI17042\wx._animate.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:D346F792
AlternateDataStreams: C:\Users\John\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1 - 205.171.2.25

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "AsusVibeLauncher.lnk"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\StartupApproved\Run: => "msnmsgr"
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "msnmsgr"

==================== Accounts: =============================

Administrator (S-1-5-21-1943033763-3113564485-4255627063-500 - Administrator - Disabled)
Guest (S-1-5-21-1943033763-3113564485-4255627063-501 - Limited - Disabled)
John (S-1-5-21-1943033763-3113564485-4255627063-1001 - Administrator - Enabled) => C:\Users\John

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/08/2015 01:08:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: MSHTML.dll, version: 11.0.9600.17690, time stamp: 0x54e7d023
Exception code: 0xc0000005
Fault offset: 0x00407d0b
Faulting process id: 0x1bd8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/08/2015 05:37:02 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a24

Start Time: 01d071f7f9e7beb3

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: eeafefb6-ddeb-11e4-bec9-60a44c087579

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/07/2015 01:44:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19b4

Start Time: 01d071723a9a9092

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 2eb31f94-dd66-11e4-bec9-60a44c087579

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/07/2015 00:39:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 250

Start Time: 01d07169d8e03079

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: ccead3ae-dd5d-11e4-bec9-60a44c087579

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/07/2015 00:07:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 344

Start Time: 01d0716559461d11

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 4dd09913-dd59-11e4-bec9-60a44c087579

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/06/2015 11:34:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17416, time stamp: 0x5452eed9
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000417
Fault offset: 0x1002abf6
Faulting process id: 0xe0c
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (04/05/2015 00:28:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15485

Error: (04/05/2015 00:28:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15485

Error: (04/05/2015 00:28:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/05/2015 00:24:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15375

System errors:
=============
Error: (04/08/2015 01:47:22 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer NetBT_Tcpip_{795A9045-5871-4B8C-8257-A589EED57E67}
that believes that it is the master browser for the domain on transport %3.
The master browser is stopping or an election is being forced.

Error: (04/08/2015 09:43:39 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer NetBT_Tcpip_{795A9045-5871-4B8C-8257-A589EED57E67}
that believes that it is the master browser for the domain on transport %3.
The master browser is stopping or an election is being forced.

Error: (04/07/2015 02:21:54 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/07/2015 02:21:49 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:37:31 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:34:31 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:34:28 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:34:28 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:34:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Error: (04/06/2015 01:34:24 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.

A corruption was found in a file system index structure.  The file reference number is 0x9000000000009.  The name of the file is "<unable to determine file name>".  The corrupted index attribute is ":$SII:$INDEX_ALLOCATION".

Microsoft Office Sessions:
=========================
Error: (09/13/2013 10:59:07 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2015-04-08 11:15:59.464
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 11:15:59.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 11:15:59.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 11:15:57.167
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 11:15:56.917
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 06:28:27.285
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 06:28:27.097
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 06:28:26.910
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 06:28:26.707
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-04-08 06:28:26.519
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD A8-4500M APU with Radeon™ HD Graphics
Percentage of memory in use: 56%
Total physical RAM: 3540.28 MB
Available physical RAM: 1555.02 MB
Total Pagefile: 4180.28 MB
Available Pagefile: 1501.52 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:444.43 GB) (Free:112.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D9A91B2C)

Partition: GPT Partition Type.

==================== End Of Log ============================


and this:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by John (administrator) on JOHN_LAPTOP on 08-04-2015 14:21:10
Running from C:\Users\John\Desktop
Loaded Profiles: John &  (Available profiles: John)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\jnsq7DC9.tmp
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(AMD) C:\Windows\System32\atieclxx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(BitTorrent, Inc.) C:\Program Files (x86)\uTorrent\uTorrent.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SoftBrain Technologies Ltd.) C:\Users\John\AppData\Local\SmartWeb\SmartWebHelper.exe
() C:\Program Files (x86)\gmsd_us_401\gmsd_us_401.exe
() C:\Users\John\AppData\Local\gmsd_us_401\upgmsd_us_401.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(SoftBrain Technologies Ltd.) C:\Users\John\AppData\Local\SmartWeb\SmartWebApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\nszF124.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-20] (IvoSoft)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-01-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe [3417984 2012-08-27] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] (Apple Inc.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [gmsd_us_356] => [X]
HKLM-x32\...\Run: [gmsd_us_359] => [X]
HKLM-x32\...\Run: [gmsd_us_355] => [X]
HKLM-x32\...\Run: [gmsd_us_401] => C:\Program Files (x86)\gmsd_us_401\gmsd_us_401.exe [3984016 2015-04-07] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\John\AppData\Roaming\VOPackage\VOPackage.exe /runonce
HKLM-x32\...\RunOnce: [upgmsd_us_401.exe] => C:\Users\John\AppData\Local\gmsd_us_401\upgmsd_us_401.exe [3309712 2015-04-07] ()
HKLM-x32\...\RunOnce: [DelTr307765500] => cmd.exe /c rd /s /q  "C:\Users\John\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2014-01-16] (BitTorrent, Inc.)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\Run: [Selection Tools] => "C:\Users\John\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\RunOnce: [DelTr307765500] => cmd.exe /c rd /s /q  "C:\Users\John\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\...\RunOnce: [WSE_Vosteran] => [X]
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399736 2014-01-16] (BitTorrent, Inc.)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Selection Tools] => "C:\Users\John\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe" /winstartup
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [DelTr307765500] => cmd.exe /c rd /s /q  "C:\Users\John\AppData\Roaming\WSE_Vosteran"
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WSE_Vosteran] => [X]
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [788480 2014-10-28] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKLM-x32 -> DefaultScope {4E66C18C-0D0E-4F33-94AA-F38C9E030261} URL =
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=58&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=58&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> {045709F3-7EB3-4E01-8B28-BCD35C97FC1B} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtDzzyByDyBzytC0ByE0BtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtB0DyE0D0BtB0FtGyEzyyDtCtG0BzyzyyEtGyE0C0AyDtGtByB0D0FyCtAyEyDyBzyyBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtDyEzy0E0BtD0BtGyDtA0EtDtGyEtCtAtDtGzzzytDyDtGzy0Bzy0AyByDyD0B0EzytB0C2Q&cr=826029363&ir=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> {4E66C18C-0D0E-4F33-94AA-F38C9E030261} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN15312623051999122&UM=2
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=vmngemv2yach&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=58&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {015DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=58&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&q={searchTerms}&D=033015&SSPV=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {045709F3-7EB3-4E01-8B28-BCD35C97FC1B} URL = http://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_dnldkng_15_01_ie&cd=2XzuyEtN2Y1L1QzuyCtD0AyEyE0CtDzzyByDyBzytC0ByE0BtN0D0Tzu0StCtDzyyCtN1L2XzutAtFyCtFtCyCtFyCtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StDtB0DyE0D0BtB0FtGyEzyyDtCtG0BzyzyyEtGyE0C0AyDtGtByB0D0FyCtAyEyDyBzyyBtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AtDyEzy0E0BtD0BtGyDtA0EtDtGyEtCtAtDtGzzzytDyDtGzy0Bzy0AyByDyD0B0EzytB0C2Q&cr=826029363&ir=
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4E66C18C-0D0E-4F33-94AA-F38C9E030261} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3306058&CUI=UN15312623051999122&UM=2
SearchScopes: HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=vmngemv2yach&q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
BHO: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff64.dll No File
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2014-04-20] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
BHO-x32: shopperz -> {5081D2D4-1637-404c-B74F-50526718257D} -> C:\Program Files\shopperz\mseff32.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2014-04-20] (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2014-04-20] (IvoSoft)
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\VCL.dll [335064] (VC Corporation)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\VCL.dll [335064] (VC Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default\user.js [2015-04-03]
FF Extension: CinemaP-1.9cV28.03 - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default\Extensions\AVJYFVOD75109374@HCDE39471360.com [2015-03-28]
FF Extension: easycopysmokyinkcom - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default\Extensions\easycopy@smokyink.com [2015-04-02]
FF Extension: AA052FD6366A4771A5910D8DC551585D - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default\Extensions\{AA052FD6-366A-4771-A591-0D8DC551585D} [2015-04-02]
FF Extension: No Name - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\1desevn6.default\Extensions\59D317DB041748fdB89B47E6F96058F3@defext.xpi [2015-03-28]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=55&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&D=033015&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=55&CUI=&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&D=033015&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search
CHR DefaultNewTabURL: Default -> https://www.trovi.com/?gd=&ctid=CT3324369&octid=EB_ORIGINAL_CTID&ISID=M7D1BD512-7868-43DF-A849-D58B898A2E16&SearchSource=69&CUI=&SSPV=&lay=5&p=cnts&UM=8&UP=SPEF21DC0F-07FC-4D4C-B1A6-87013CAF0123&SAT=CNTS&D=033015
CHR DefaultSuggestURL: Default -> http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-29]
CHR Extension: (algjnflpgoopkdijmkalfcifomdhmcbe) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2015-04-02]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-29]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-01]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-29]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-29]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-29]
CHR Extension: (Connect DLC 2) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj [2013-10-29]
CHR Extension: (ifohbjbgfchkkfhphahclmkpgejiplfo) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2015-04-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-29]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-01]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-02]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\John\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-01]
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\John\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-10-21]
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\John\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-01-01]
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\John\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-10-21]
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1943033763-3113564485-4255627063-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ffekppndigniegkobcngkdmaadbhhonj] - C:\Users\John\AppData\Local\CRE\ffekppndigniegkobcngkdmaadbhhonj.crx [2013-10-21]
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 fydidoce; C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\nszF124.tmp [288256 2015-04-08] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 zohizimy; C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579\jnsq7DC9.tmp [204800 2015-03-28] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S3 ASUSProcObsrv; C:\eSupport\eDriver\I386\AsPrOb64.sys [12416 2010-05-25] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3837440 2013-08-14] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-16] (Advanced Micro Devices)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R1 {f1620f27-1d71-456a-878a-996942b94131}Gw64; C:\Windows\System32\drivers\{f1620f27-1d71-456a-878a-996942b94131}Gw64.sys [48784 2015-03-28] (StdLib)
R1 cherimoya; system32\drivers\cherimoya.sys [X]
S1 MpKsl6b81c612; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48C59E52-B9D2-4434-A9C0-935490462171}\MpKsl6b81c612.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 14:21 - 2015-04-08 14:22 - 00030202 _____ () C:\Users\John\Desktop\FRST.txt
2015-04-08 14:19 - 2015-04-08 14:21 - 00000000 ____D () C:\FRST
2015-04-08 14:19 - 2015-04-08 14:19 - 02095616 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe
2015-04-08 13:50 - 2015-04-08 13:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-08 13:47 - 2015-04-08 13:47 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-08 13:47 - 2015-04-08 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-08 13:47 - 2015-04-08 13:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-08 13:47 - 2015-04-08 13:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-08 13:47 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-08 13:47 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-08 13:47 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-08 13:29 - 2015-04-08 13:29 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\John\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-08 13:20 - 2015-04-08 13:20 - 00002115 _____ () C:\Users\John\Desktop\HijackThis.lnk
2015-04-08 13:20 - 2015-04-08 13:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
2015-04-08 13:20 - 2015-04-08 13:20 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-04-08 13:19 - 2015-04-08 13:19 - 00812344 _____ (Trend Micro Inc.) C:\Users\John\Desktop\HJTInstall.exe
2015-04-08 00:03 - 2015-04-08 00:03 - 00017847 _____ () C:\Users\John\Downloads\Last.Knights.2015.HDRip.XviD-EVO [IPT].torrent
2015-04-07 23:01 - 2015-04-08 11:47 - 00000000 ____D () C:\Users\John\AppData\Local\gmsd_us_401
2015-04-07 23:01 - 2015-04-07 23:01 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_401
2015-04-07 22:46 - 2015-04-07 22:46 - 00017736 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E10.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-04-07 18:20 - 2015-04-07 18:20 - 00191109 _____ () C:\Users\John\Downloads\Wolfgang Amadeus Mozart - Complete Works [IPT].torrent
2015-04-07 18:14 - 2015-04-07 18:14 - 00056226 _____ () C:\Users\John\Downloads\Dr. Jekyll and Mr. Hyde (1920).avi [IPT].torrent
2015-04-03 17:52 - 2015-04-03 17:54 - 00000000 ___SD () C:\WINDOWS\system32\GWX
2015-04-03 17:52 - 2015-04-03 17:52 - 00000000 ___SD () C:\WINDOWS\SysWOW64\GWX
2015-03-31 00:42 - 2015-03-31 00:43 - 00067668 _____ () C:\Users\John\Downloads\photos.htm
2015-03-31 00:29 - 2015-03-31 00:29 - 00070812 _____ () C:\Users\John\Downloads\Jae_pdx.htm
2015-03-29 23:50 - 2015-03-29 23:50 - 00013951 _____ () C:\Users\John\Downloads\Interstellar IMAX 2014 720p BDRip x264 AC3-SANTi [IPT].torrent
2015-03-29 23:38 - 2015-03-29 23:38 - 00003866 _____ () C:\Users\John\Downloads\Maron.S01E10.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:37 - 2015-03-29 23:37 - 00013946 _____ () C:\Users\John\Downloads\Maron.S01E07.720p.HDTV.x264-EVOLVE [IPT].torrent
2015-03-29 23:37 - 2015-03-29 23:37 - 00004046 _____ () C:\Users\John\Downloads\Maron.S01E08.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:37 - 2015-03-29 23:37 - 00003866 _____ () C:\Users\John\Downloads\Maron.S01E09.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:36 - 2015-03-29 23:36 - 00004046 _____ () C:\Users\John\Downloads\Maron.S01E06.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:35 - 2015-03-29 23:35 - 00003886 _____ () C:\Users\John\Downloads\Maron.S01E05.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:34 - 2015-03-29 23:34 - 00004046 _____ () C:\Users\John\Downloads\Maron.S01E04.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:34 - 2015-03-29 23:34 - 00004046 _____ () C:\Users\John\Downloads\Maron.S01E03.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:33 - 2015-03-29 23:33 - 00004046 _____ () C:\Users\John\Downloads\Maron.S01E01.HDTV.XviD-AFG [IPT].torrent
2015-03-29 23:33 - 2015-03-29 23:33 - 00003886 _____ () C:\Users\John\Downloads\Maron.S01E02.HDTV.XviD-AFG [IPT].torrent
2015-03-29 22:38 - 2015-03-29 22:38 - 00020958 _____ () C:\Users\John\Downloads\House of Cards 2013 S03 Complete Season 3 720p NF WEBRip AAC x264-PSYPHER [IPT].torrent
2015-03-29 22:19 - 2015-03-29 22:19 - 00007072 _____ () C:\Users\John\Downloads\Interstellar.Extras-Grym [IPT].torrent
2015-03-29 15:42 - 2015-03-29 15:42 - 00000000 ____D () C:\ProgramData\f8aa4e6c00006080
2015-03-29 15:35 - 2015-03-29 15:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\ID Vault
2015-03-29 15:28 - 2015-03-29 15:28 - 00613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nse725F.tmp
2015-03-29 15:27 - 2015-03-29 15:27 - 00000000 ____D () C:\Users\John\Documents\Optimizer Pro
2015-03-29 15:25 - 2015-03-29 15:25 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-29 15:25 - 2015-03-29 15:25 - 00000000 ____D () C:\Program Files (x86)\YouTube Download Pool
2015-03-29 15:06 - 2015-03-29 15:06 - 00613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsfAE64.tmp
2015-03-29 15:04 - 2015-03-29 15:04 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2015-03-29 15:01 - 2015-03-29 15:01 - 00628688 _____ (CMI Limited) C:\Users\John\AppData\Local\nsrD44E.tmp
2015-03-29 14:57 - 2015-03-29 14:56 - 00613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsq4DC0.tmp
2015-03-29 14:04 - 2015-03-29 14:06 - 00008688 _____ () C:\WINDOWS\SysWOW64\VCLOff.ini
2015-03-29 14:04 - 2015-03-29 14:06 - 00008688 _____ () C:\WINDOWS\system32\VCLOff.ini
2015-03-29 14:03 - 2015-03-20 06:54 - 00335064 _____ (VC Corporation) C:\WINDOWS\SysWOW64\VCL.dll
2015-03-29 12:31 - 2015-03-29 12:31 - 00000000 ____D () C:\ProgramData\b7012a8600007cf7
2015-03-29 09:52 - 2015-03-29 09:52 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-03-28 23:30 - 2015-03-28 23:30 - 00000000 ____D () C:\Program Files (x86)\predm
2015-03-28 23:26 - 2015-03-28 16:17 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{f1620f27-1d71-456a-878a-996942b94131}Gw64.sys
2015-03-28 23:24 - 2015-03-28 23:24 - 00000000 ____D () C:\Users\John\AppData\Roaming\Opera Software
2015-03-28 23:24 - 2015-03-28 23:24 - 00000000 ____D () C:\Users\John\AppData\Local\Opera Software
2015-03-28 23:23 - 2015-04-05 13:49 - 00000000 ____D () C:\Program Files\shopperz
2015-03-28 23:23 - 2015-03-29 12:26 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-28 22:15 - 2015-03-28 22:15 - 00613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsvDD01.tmp
2015-03-28 22:14 - 2015-03-28 23:14 - 00002326 _____ () C:\WINDOWS\patsearch.bin
2015-03-28 22:14 - 2015-03-28 22:14 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webTinstMKTN_01009.Wdf
2015-03-28 04:50 - 2015-03-28 04:50 - 00004018 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2015-03-28 02:48 - 2015-04-05 00:21 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-03-28 02:48 - 2015-04-01 15:32 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-03-28 02:48 - 2015-03-30 15:32 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-03-28 02:48 - 2015-03-29 15:32 - 00002806 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-03-28 02:48 - 2015-03-29 15:32 - 00002804 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-03-28 02:48 - 2015-03-29 15:32 - 00002804 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-03-28 02:46 - 2015-03-28 02:46 - 00628688 _____ (CMI Limited) C:\Users\John\AppData\Local\nstD44C.tmp
2015-03-28 02:46 - 2015-03-28 02:46 - 00000000 __SHD () C:\Users\John\AppData\Roaming\AnyProtectEx
2015-03-28 02:32 - 2015-03-29 13:24 - 00000004 _____ () C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-03-28 01:50 - 2015-03-28 01:50 - 00000000 ____D () C:\Users\John\AppData\Local\Crossbrowse
2015-03-28 01:49 - 2015-03-28 01:49 - 00003560 _____ () C:\WINDOWS\System32\Tasks\QEYRRHGBY
2015-03-28 01:48 - 2015-03-28 23:27 - 00008944 _____ () C:\WINDOWS\SysWOW64\GambaliOff.ini
2015-03-28 01:48 - 2015-03-28 23:27 - 00008944 _____ () C:\WINDOWS\system32\GambaliOff.ini
2015-03-28 01:48 - 2015-03-28 01:48 - 00000000 ____D () C:\ProgramData\4dfedb39a3694380b6ec75b2e5cee601
2015-03-28 01:48 - 2015-03-23 23:48 - 00408424 _____ (Gambali OEM Software) C:\WINDOWS\system32\Gambali64.dll
2015-03-28 01:48 - 2015-03-23 23:48 - 00340944 _____ (Gambali OEM Software) C:\WINDOWS\SysWOW64\Gambali.dll
2015-03-28 01:47 - 2015-03-29 15:07 - 00000000 ____D () C:\Users\John\AppData\Local\SmartWeb
2015-03-28 01:47 - 2015-03-29 14:01 - 00004036 _____ () C:\WINDOWS\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-03-28 01:47 - 2015-03-28 23:27 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-03-28 01:47 - 2015-03-28 01:47 - 00000000 ____D () C:\ProgramData\4f42abf82c5645f9aacf05b40b31dd08
2015-03-28 01:36 - 2015-03-28 22:49 - 00000000 ____D () C:\Users\John\AppData\Local\8642ED74-1427506609-3971-AC2C-60A44C087579
2015-03-28 01:35 - 2015-03-29 12:30 - 00000000 ____D () C:\Users\John\AppData\Roaming\WTools
2015-03-28 01:34 - 2015-03-28 01:35 - 00000078 _____ () C:\Users\John\AppData\Roaming\Selection Tools.installation.log
2015-03-28 01:33 - 2015-03-28 23:23 - 00000000 ____D () C:\Users\John\AppData\Roaming\Nosibay
2015-03-28 01:33 - 2015-03-28 01:33 - 00003226 _____ () C:\WINDOWS\System32\Tasks\RPC
2015-03-28 01:32 - 2015-04-08 13:47 - 00000000 ____D () C:\Users\John\AppData\Roaming\8642ED74-1427531567-3971-AC2C-60A44C087579
2015-03-28 01:32 - 2015-03-30 00:29 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-03-28 01:32 - 2015-03-28 01:32 - 00000000 ____D () C:\Users\John\AppData\Local\globalUpdate
2015-03-28 01:31 - 2015-03-29 15:42 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-03-28 01:31 - 2015-03-29 12:31 - 00000000 ____D () C:\Program Files (x86)\Super Optimizer
2015-03-28 01:31 - 2015-03-29 09:51 - 00000000 ____D () C:\Program Files (x86)\GUPlayer
2015-03-28 01:31 - 2015-03-28 22:40 - 00000000 ____D () C:\Program Files (x86)\Reg Pro Cleaner
2015-03-28 01:31 - 2015-03-28 01:35 - 00001298 _____ () C:\Users\John\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-28 01:31 - 2015-03-28 01:34 - 00005707 _____ () C:\Users\John\AppData\Roaming\Bubble Dock.installation.log
2015-03-28 01:31 - 2015-03-28 01:31 - 00004306 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313539303134303238372d322d573223576c5a55452a2a
2015-03-28 01:31 - 2015-03-28 01:31 - 00000097 _____ () C:\Users\John\AppData\Roaming\WindApp.boostrap.log
2015-03-28 01:31 - 2015-03-28 01:31 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-03-27 23:18 - 2015-03-27 23:18 - 00017066 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E08.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-03-24 15:28 - 2015-03-10 19:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 00943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-03-24 15:28 - 2015-03-10 15:08 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-03-24 11:19 - 2015-03-24 11:19 - 00020779 _____ () C:\Users\John\Downloads\American Queen _ Careers.htm
2015-03-24 11:19 - 2015-03-24 11:19 - 00000000 ____D () C:\Users\John\Downloads\American Queen _ Careers_files
2015-03-23 12:56 - 2015-03-23 12:57 - 00114781 ____T () C:\Users\John\Documents\Release of Medical Records 03 23 15.oxps
2015-03-23 02:18 - 2015-03-23 02:18 - 00017422 _____ () C:\Users\John\Downloads\Unfaithful.2002.720p.BRRIP.XVID-AC3-PULSAR [IPT].torrent
2015-03-16 22:42 - 2015-03-16 22:42 - 00163105 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E03.1080p.WEBRip.x264-TARS [IPT].torrent
2015-03-16 22:41 - 2015-03-16 22:41 - 00017435 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E07.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-03-16 22:31 - 2015-03-16 22:32 - 00015907 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E03.720p.HDTV.2CH.x265.HEVC-PSA.mkv [IPT] (2).torrent
2015-03-16 22:30 - 2015-03-16 22:30 - 00015907 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E03.720p.HDTV.2CH.x265.HEVC-PSA.mkv [IPT] (1).torrent
2015-03-14 15:55 - 2015-03-14 15:55 - 00012997 _____ () C:\Users\John\Downloads\Before Sunrise, Sunset, Midnight TRILOGY [IPT].torrent
2015-03-14 15:52 - 2015-03-14 15:52 - 00011538 _____ () C:\Users\John\Downloads\Dazed and Confused 1993.720p.BRRIP.x264.AC3.CrEwSaDe [IPT].torrent
2015-03-14 15:50 - 2015-03-14 15:50 - 00028366 _____ () C:\Users\John\Downloads\Fast.Food.Nation.LiMiTED.DVDRip.XviD-LMG [IPT].torrent
2015-03-14 15:48 - 2015-03-14 15:48 - 00069705 _____ () C:\Users\John\Downloads\Fading Gigolo (2013) LIMITED 720p BluRay x264 TuT IPT [IPT].torrent
2015-03-11 18:48 - 2015-03-05 19:53 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-03-11 18:48 - 2015-03-05 19:33 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-03-11 18:48 - 2015-02-25 16:26 - 04178944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-03-11 18:48 - 2015-02-19 20:03 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-03-11 18:48 - 2015-02-19 19:58 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-03-11 18:48 - 2015-02-19 19:20 - 00301056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-03-11 18:48 - 2015-02-19 19:15 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-03-11 18:48 - 2015-02-06 16:09 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-03-11 18:48 - 2015-02-05 18:28 - 02257408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-03-11 18:48 - 2015-02-05 18:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-03-11 18:48 - 2015-02-05 13:24 - 01113920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-03-11 18:48 - 2015-02-03 16:58 - 00264000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-03-11 18:48 - 2015-02-03 16:58 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-03-11 18:48 - 2015-02-03 16:58 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-03-11 18:48 - 2015-02-02 17:03 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-03-11 18:48 - 2015-02-02 17:02 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-03-11 18:48 - 2015-02-02 16:53 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-03-11 18:48 - 2015-02-02 16:53 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-03-11 18:48 - 2015-01-30 16:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-03-11 18:48 - 2015-01-30 16:29 - 02484224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-03-11 18:48 - 2015-01-30 16:20 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-03-11 18:48 - 2015-01-29 20:01 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-03-11 18:48 - 2015-01-29 19:03 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-03-11 18:48 - 2015-01-29 19:03 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-03-11 18:48 - 2015-01-29 19:02 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-03-11 18:48 - 2015-01-29 18:44 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-03-11 18:48 - 2015-01-29 18:42 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-03-11 18:48 - 2015-01-29 18:40 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-03-11 18:48 - 2015-01-29 18:37 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-03-11 18:48 - 2015-01-29 18:29 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-03-11 18:48 - 2015-01-29 18:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-03-11 18:48 - 2015-01-29 18:24 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-03-11 18:48 - 2015-01-29 18:16 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-03-11 18:48 - 2015-01-29 18:08 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-03-11 18:48 - 2015-01-29 18:06 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-03-11 18:48 - 2015-01-28 18:58 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-03-11 18:48 - 2015-01-28 18:29 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-03-11 18:48 - 2015-01-28 18:11 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 18:48 - 2015-01-28 18:04 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-03-11 18:48 - 2015-01-28 18:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-03-11 18:48 - 2015-01-28 18:00 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 18:48 - 2015-01-28 17:59 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-03-11 18:48 - 2015-01-28 17:55 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-03-11 18:48 - 2015-01-28 17:50 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-03-11 18:48 - 2015-01-28 17:49 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-03-11 18:48 - 2015-01-28 08:41 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 18:48 - 2015-01-28 08:41 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-03-11 18:48 - 2015-01-28 08:41 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-03-11 18:48 - 2015-01-27 19:24 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-03-11 18:48 - 2015-01-27 18:47 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-03-11 18:48 - 2015-01-26 21:22 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-03-11 18:48 - 2015-01-26 20:44 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-03-11 18:48 - 2015-01-26 19:11 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-03-11 18:48 - 2015-01-23 18:51 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-03-11 18:48 - 2015-01-23 00:17 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-03-11 18:48 - 2015-01-22 22:02 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-03-11 18:47 - 2015-02-20 18:16 - 25021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-11 18:47 - 2015-02-20 17:41 - 12827648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-03-11 18:47 - 2015-02-20 17:27 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-03-11 18:47 - 2015-02-20 17:27 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-03-11 18:47 - 2015-02-20 17:25 - 19720192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-03-11 18:47 - 2015-02-20 16:58 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-03-11 18:47 - 2015-02-20 16:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-03-11 18:47 - 2015-02-19 19:49 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-03-11 18:47 - 2015-02-19 19:48 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-11 18:47 - 2015-02-19 19:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-03-11 18:47 - 2015-02-19 19:35 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-11 18:47 - 2015-02-19 19:34 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-03-11 18:47 - 2015-02-19 19:32 - 06035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-03-11 18:47 - 2015-02-19 19:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-03-11 18:47 - 2015-02-19 19:07 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-11 18:47 - 2015-02-19 19:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-03-11 18:47 - 2015-02-19 19:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-03-11 18:47 - 2015-02-19 19:03 - 02278400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-03-11 18:47 - 2015-02-19 18:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-03-11 18:47 - 2015-02-19 18:56 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-03-11 18:47 - 2015-02-19 18:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-03-11 18:47 - 2015-02-19 18:49 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-11 18:47 - 2015-02-19 18:49 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-03-11 18:47 - 2015-02-19 18:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-03-11 18:47 - 2015-02-19 18:43 - 14398976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-11 18:47 - 2015-02-19 18:30 - 04300288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-03-11 18:47 - 2015-02-19 18:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-03-11 18:47 - 2015-02-19 18:29 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-03-11 18:47 - 2015-02-19 18:28 - 02358784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-11 18:47 - 2015-02-19 18:26 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-03-11 18:47 - 2015-02-19 18:24 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-03-11 18:47 - 2015-02-19 18:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-03-11 18:47 - 2015-02-19 18:16 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-11 18:47 - 2015-02-19 18:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-03-11 18:47 - 2015-02-19 18:01 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-03-11 18:47 - 2015-02-19 17:57 - 01311232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-03-11 18:47 - 2015-02-19 17:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-03-11 18:47 - 2015-02-12 10:40 - 22291584 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-03-11 18:47 - 2015-02-12 10:34 - 19731824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-03-11 18:47 - 2015-02-07 16:57 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-03-11 18:47 - 2015-02-07 16:49 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-03-11 18:47 - 2015-01-29 11:45 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-03-11 18:47 - 2015-01-29 11:34 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-03-11 18:47 - 2015-01-27 18:31 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-03-11 18:47 - 2015-01-27 18:11 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-03-11 18:47 - 2015-01-27 16:47 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-03-11 18:47 - 2015-01-27 16:41 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-03-11 18:47 - 2015-01-20 22:54 - 01384712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-03-11 18:47 - 2015-01-20 22:15 - 01123848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-03-11 18:47 - 2014-12-10 22:36 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-03-10 04:22 - 2015-03-10 04:22 - 00016225 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E06.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-03-10 04:21 - 2015-03-10 04:21 - 00057486 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E05.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-03-10 04:21 - 2015-03-10 04:21 - 00057486 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E05.720p.HDTV.X264-DIMENSION [IPT] (1).torrent
2015-03-10 04:20 - 2015-03-10 04:20 - 00000693 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E04.HDTV.XviD-FUM.avi [IPT].torrent
2015-03-10 04:19 - 2015-03-10 04:19 - 00015907 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E03.720p.HDTV.2CH.x265.HEVC-PSA.mkv [IPT].torrent
2015-03-10 04:18 - 2015-03-10 04:18 - 00072590 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E02.720p.HDTV.X264-DIMENSION [IPT].torrent
2015-03-10 04:17 - 2015-03-10 04:17 - 00000753 _____ () C:\Users\John\Downloads\Better.Call.Saul.S01E01.HDTV.XviD-FUM.avi [IPT].torrent
2015-03-10 04:12 - 2015-03-10 04:12 - 00035744 _____ () C:\Users\John\Downloads\The.Right.Stuff.1983.720p.HDTV.x264-x0r [IPT].torrent
2015-03-10 04:06 - 2015-03-10 04:06 - 00017230 _____ () C:\Users\John\Downloads\For.Your.Consideration.DVDRip.XviD-DiAMOND [IPT].torrent
2015-03-10 03:53 - 2015-03-10 03:53 - 00007341 _____ () C:\Users\John\Downloads\This Is Spinal Tap 1984 BRRip XvidHD 720p-NPW [IPT].torrent
2015-03-10 03:51 - 2015-03-10 03:51 - 00015010 _____ () C:\Users\John\Downloads\Frozen.2013.720p.BluRay.QEBSx.AAC20.MP4-FASM [IPT].torrent

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-08 14:23 - 2013-09-03 19:20 - 00000000 ____D () C:\Users\John\AppData\Roaming\uTorrent
2015-04-08 14:18 - 2014-12-14 17:54 - 00000000 ____D () C:\Users\John\AppData\Roaming\ClassicShell
2015-04-08 14:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-08 13:55 - 2013-09-03 14:15 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1943033763-3113564485-4255627063-1001
2015-04-08 13:49 - 2013-10-02 15:57 - 00000930 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-08 13:49 - 2013-10-02 15:57 - 00000926 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-08 13:27 - 2014-05-21 10:11 - 01403437 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-08 11:16 - 2013-10-29 17:42 - 00000000 _____ () C:\END
2015-04-08 11:05 - 2014-05-22 01:20 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3FAB12E5-162E-41AB-9AD5-7B3FBB7FBA1E}
2015-04-08 01:31 - 2013-11-30 00:52 - 00000000 ____D () C:\Users\John\Documents\Torrents
2015-04-08 00:19 - 2015-01-01 15:19 - 00000142 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2015-04-07 22:27 - 2013-08-22 07:46 - 00312503 _____ () C:\WINDOWS\setupact.log
2015-04-07 10:21 - 2015-01-01 16:26 - 00000000 ___RD () C:\Users\John\Google Drive
2015-04-07 10:21 - 2014-05-22 00:04 - 00000000 ___DO () C:\Users\John\OneDrive
2015-04-05 13:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-04-05 13:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-05 00:21 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-05 00:20 - 2014-03-18 02:54 - 00051052 _____ () C:\WINDOWS\PFRO.log
2015-04-05 00:20 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-03 17:54 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-29 15:05 - 2013-10-25 11:16 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2015-03-29 09:53 - 2012-07-25 22:26 - 00000301 _____ () C:\WINDOWS\win.ini
2015-03-29 00:32 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2015-03-27 20:39 - 2013-09-03 13:49 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2015-03-24 16:13 - 2014-12-11 01:22 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-03-24 16:13 - 2014-07-09 22:36 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-03-24 11:00 - 2014-07-21 12:13 - 00000000 ____D () C:\Users\John\Documents\Resumes and Cover letters
2015-03-16 16:50 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-13 13:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-03-13 11:54 - 2015-01-01 16:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-12 12:01 - 2013-08-22 07:44 - 00490216 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-12 06:08 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 06:08 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-12 06:08 - 2013-08-22 08:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-12 06:07 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-12 06:07 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-12 06:07 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-12 06:07 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-12 05:09 - 2014-12-14 19:24 - 00000000 ____D () C:\Users\John\AppData\Roaming\XBMC
2015-03-11 23:53 - 2015-03-08 21:49 - 00000000 ____D () C:\Users\John\Document
2015-03-11 20:54 - 2014-08-26 21:24 - 00003100 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1943033763-3113564485-4255627063-1001
2015-03-11 19:34 - 2013-09-03 19:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-11 19:24 - 2013-09-03 15:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-11 19:19 - 2013-09-03 15:51 - 122905848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2015-03-28 01:31 - 2015-03-28 01:35 - 0001298 _____ () C:\Users\John\AppData\Roaming\Bubble Dock.boostrap.log
2015-03-28 01:31 - 2015-03-28 01:34 - 0005707 _____ () C:\Users\John\AppData\Roaming\Bubble Dock.installation.log
2015-03-28 01:34 - 2015-03-28 01:35 - 0000078 _____ () C:\Users\John\AppData\Roaming\Selection Tools.installation.log
2013-09-03 13:54 - 2013-10-02 16:04 - 0000401 _____ () C:\Users\John\AppData\Roaming\sp_data.sys
2015-01-01 15:19 - 2015-04-08 00:19 - 0000142 _____ () C:\Users\John\AppData\Roaming\WB.CFG
2015-03-28 01:31 - 2015-03-28 01:31 - 0000097 _____ () C:\Users\John\AppData\Roaming\WindApp.boostrap.log
2015-01-03 11:19 - 2015-01-03 11:19 - 0000010 _____ () C:\Users\John\AppData\Local\DSI.DAT
2015-01-03 11:19 - 2015-01-03 11:19 - 0022528 _____ () C:\Users\John\AppData\Local\dsisetup1568012962.exe
2015-03-29 15:28 - 2015-03-29 15:28 - 0613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nse725F.tmp
2015-03-29 15:06 - 2015-03-29 15:06 - 0613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsfAE64.tmp
2015-03-29 14:57 - 2015-03-29 14:56 - 0613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsq4DC0.tmp
2015-03-29 15:01 - 2015-03-29 15:01 - 0628688 _____ (CMI Limited) C:\Users\John\AppData\Local\nsrD44E.tmp
2015-03-28 02:46 - 2015-03-28 02:46 - 0628688 _____ (CMI Limited) C:\Users\John\AppData\Local\nstD44C.tmp
2015-03-28 22:15 - 2015-03-28 22:15 - 0613255 _____ (CMI Limited) C:\Users\John\AppData\Local\nsvDD01.tmp
2014-02-10 14:27 - 2014-02-10 14:27 - 0007605 _____ () C:\Users\John\AppData\Local\Resmon.ResmonCfg
2014-07-20 17:24 - 2014-07-20 17:24 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-09-03 14:37 - 2013-09-03 14:42 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2013-09-03 14:36 - 2013-09-03 14:37 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-06 01:00

==================== End Of Log ============================



#4 BrianDrab

BrianDrab

  • Malware Response Team
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 08 April 2015 - 07:19 PM

Thanks for the info. We have some work to do. You have infections as well as disk corruption. In this instance, many of your infections came from uTorrent.  Please do the following.

 

Step#1 - Warnings

The Dangers of P2P Programs

IMPORTANT: I noticed that you have a P2P (Peer to Peer) file sharing program on your computer. I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more than likely infected with trojans, malware, rootkits, etc.

 

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

 

FBI - Peer to Peer Scams
USA Today Artticle on P2P Programs
File Sharing Infects 500,000 Computers

 

I very much recommend you uninstall this program from your machine. If not, you will likely be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.

 

Please uninstall the following Peer-to-Peer program(s): uTorrent

 

Step#2 - Uninstalls
Please uninstall the following programs one at a time. Instructions for doing so are here.
If any of the programs give you an error during the uninstall, notate it and move on to the next one. Just let me know which ones had issues. If you are asked to reboot, answer No until all the programs have been uninstalled and then you can reboot. All of these programs are either outdated, malware/adware, have a bad reputation or are not recommended. If you absolutely must have one of them I suggest that you wait until you are declared clean before reinstalling.

GamesDesktop 025.401
HijackThis 2.0.2
Windows 8 Manager

 

Step#3 - FRST Fix
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
1. Download attached file and save it to the Desktop. Attached File  fixlist.txt   18.13KB   3 downloads
Note. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work (in this case...the desktop).
2. Run FRST64 by Right-Clicking on the file and choosing Run as administrator.
3. Press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
4. When finished FRST64 will generate a log on the Desktop (Fixlog.txt). Please post the contents of it in your reply.

 

Step#4 - AdWCleaner
1. Please download AdwCleaner by Xplode onto your desktop.
2. Close all open programs and internet browsers.
3. Right-click on AdwCleaner.exe and select Run as administrator to run the tool.
4. Click on Scan.
5. After the scan is complete click on "Clean"
6. Confirm each time with Ok.
7. Your computer will be rebooted automatically. A text file will open after the restart.
8. Please post the content of that logfile with your next answer.
9. If need be, you can also find the logfile at C:\AdwCleaner\AdwCleaner[S0].txt as well.

 

Step#5 - JRT
1. Download Junkware Removal Tool to your desktop.
1. Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
2. The tool will open and start scanning your system.
3. Please be patient as this can take a while to complete depending on your system's specifications.
4. On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
5. Close the text file and reboot your machine.
6. Post the contents of JRT.txt into your next message.

 

Step#6 - Fresh Set of Logs
1. Right click on FRST64.exe and select Run as administrator. When the tool opens click Yes to disclaimer.
2. Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. Because you selected the Addition.txt check box this log will be created as well. Please copy and paste this log as well.
 
 
 
Items for your next post

1. FRST Fix Log

2. AdwCleaner Log

3. Junkware Log

4. FRST and Addition logs

 


Edited by BrianDrab, 09 April 2015 - 07:15 AM.


#5 BrianDrab

BrianDrab

  • Malware Response Team
  • 267 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:33 PM

Posted 12 April 2015 - 07:37 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users