Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Cannot remove MYPCBACKUP malware!


  • This topic is locked This topic is locked
25 replies to this topic

#1 Tericab

Tericab

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 09 April 2015 - 05:35 PM

Somehow this malware was attached to something I downloaded and I've run CClearner and Malwarebytes and have tried to uninstall and it keeps returning with other popups.  It is also creating new tabs in my Firefox browser.

 

I ran an OTL Scan, but don't know what to do from there.  Here are my log results:

 

OTL logfile created on: 4/9/2015 6:11:20 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17691)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.90 Gb Total Physical Memory | 4.92 Gb Available Physical Memory | 62.32% Memory free
15.80 Gb Paging File | 13.61 Gb Available in Paging File | 86.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109.94 Gb Total Space | 1.83 Gb Free Space | 1.66% Space Free | Partition Type: NTFS
Drive F: | 465.76 Gb Total Space | 412.17 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
Drive G: | 14.90 Gb Total Space | 14.86 Gb Free Space | 99.73% Space Free | Partition Type: FAT32
Drive I: | 465.76 Gb Total Space | 93.35 Gb Free Space | 20.04% Space Free | Partition Type: NTFS
 
Computer Name: BCMOFFICE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj73BC.tmp ()
PRC - C:\ProgramData\FlashBeat\FlashBeat.exe ()
PRC - C:\Users\Owner\AppData\Local\Temp\nsv6A4C.tmp ()
PRC - C:\Users\Owner\AppData\Local\Temp\nsg65C7.tmp ()
PRC - C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp ()
PRC - C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe (Hefei Hejunzhengce Info Tech Co., Ltd.)
PRC - C:\ProgramData\FlashBeat\Gambali.exe (Gambali OEM Software)
PRC - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
PRC - C:\Program Files (x86)\CrashPlan\CrashPlanService.exe (Code 42 Software)
PRC - C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
PRC - C:\Program Files\Tablet\Pen\WacomHost.exe (Wacom Technology)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\nsWeb_DispOffr.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\Math.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\registry.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\System.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nslA2F4.tmp\nsDialogs.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nsv6A4C.tmp ()
MOD - C:\Users\Owner\AppData\Local\Temp\nsrD193.tmp\System.dll ()
MOD - C:\Users\Owner\AppData\Local\Temp\nsg65C7.tmp ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\63e9d81bd805aea8f8690fee2efc9a9e\PresentationFramework-SystemCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (OutfoxTvService) -- C:\Program Files\OutfoxTV\OutfoxTvService.exe File not found
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (ClickToRunSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe (Microsoft Corporation)
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (WTabletServiceCon) -- C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Wacom Technology, Corp.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (NitroReaderDriverReadSpool3) -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (Nitro PDF Software)
SRV - (remezyru) -- C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj73BC.tmp ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (FlashBeat) -- C:\ProgramData\FlashBeat\FlashBeat.exe ()
SRV - (fogezyny) -- C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp ()
SRV - (WinAudioSrv_R1) -- C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe (Hefei Hejunzhengce Info Tech Co., Ltd.)
SRV - (Gambali) -- C:\ProgramData\FlashBeat\Gambali.exe (Gambali OEM Software)
SRV - (TeamViewer) -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (WindowsVNT_R5) -- C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CrashPlanService) -- C:\Program Files (x86)\CrashPlan\CrashPlanService.exe (Code 42 Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (WacHidRouter) -- C:\Windows\SysNative\drivers\wachidrouter.sys (Wacom Technology)
DRV:64bit: - (wacomrouterfilter) -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys (Wacom Technology)
DRV:64bit: - (hidkmdf) -- C:\Windows\SysNative\drivers\hidkmdf.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultenginename.US: "Google"
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=293224"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.94.0
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: netvideohunter%40netvideohunter.com:1.17
FF - prefs.js..extensions.enabledAddons: d4db60df25f14dae9dd18%40185c395f9e794c9ab86be3eb.com:0.95.28
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.3: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015/04/09 01:52:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 37.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015/04/09 01:52:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{3d90f257-fa16-4fd0-9407-f1fc34a25274}: C:\Program Files (x86)\Show-Password\150.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ninjaloader@mail.com: C:\Program Files (x86)\Ninja Loader\FireFox
 
[2012/03/26 20:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2015/04/08 13:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions
[2012/12/05 21:34:42 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\2020Player_WEB@2020Technologies.com
[2015/04/07 21:00:44 | 000,000,000 | ---D | M] ("CinemaPlus-3.3cV07.04") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
[2015/03/04 13:14:45 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\netvideohunter@netvideohunter.com
[2015/04/09 07:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData
[2015/04/07 21:00:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins
[2015/04/09 07:15:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\userCode
[2015/04/08 13:08:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions
[2015/04/07 21:00:41 | 000,000,000 | ---D | M] ("CinemaPlus-3.3cV07.04") -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com
[2015/04/07 20:44:40 | 000,000,000 | ---D | M] (EazyZoom) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions\fe@muohvog.com
[2015/04/07 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData
[2015/04/07 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\plugins
[2015/04/07 21:00:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com\extensionData\userCode
[2012/12/10 20:44:52 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\extensions\amznUWL2@amazon.com.xpi
[2013/12/25 03:05:36 | 000,000,915 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\searchplugins\yahoo.xml
[2015/04/09 01:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2015/04/09 01:52:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013/12/27 00:41:13 | 000,001,246 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\..\Toolbar\WebBrowser: (no name) - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001..\Run: [Akamai NetSession Interface] C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)
O4 - HKU\S-1-5-21-4271207691-2682249754-1176388757-1001..\Run: [NinjaLoader] "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup File not found
O4 - HKLM..\RunOnce: [Update] C:\Users\Owner\AppData\Roaming\Eppink\Eppink.exe /runonce File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk =  File not found
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\OLBPre\OLBPre.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\onbttnielinkednotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\Gambali64.dll (Gambali OEM Software)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\Gambali64.dll (Gambali OEM Software)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\Gambali64.dll (Gambali OEM Software)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\Gambali64.dll (Gambali OEM Software)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\Gambali64.dll (Gambali OEM Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Gambali.dll (Gambali OEM Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Gambali.dll (Gambali OEM Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Gambali.dll (Gambali OEM Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Gambali.dll (Gambali OEM Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Gambali.dll (Gambali OEM Software)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab (SyncXfer Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 10.67.2)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab (Java Plug-in 1.7.0_67)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{317DCE55-7A79-4AB7-8034-A09AC5C9B45C}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{896B5CD3-65C8-4909-803E-53D00D4D13C6}: DhcpNameServer = 198.224.145.135 198.224.144.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8FA22D1A-0DB8-4213-9859-AE64040B43CE}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/17 14:48:16 | 000,000,040 | ---- | M] () - I:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{734fd57e-a9b6-11e3-908a-386077d61c6b}\Shell - "" = AutoRun
O33 - MountPoints2\{734fd57e-a9b6-11e3-908a-386077d61c6b}\Shell\AutoRun\command - "" = E:\iLinker.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/04/09 18:01:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/04/09 15:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Support for Consumer Input
[2015/04/09 01:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2015/04/08 21:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OLBPre
[2015/04/08 17:17:45 | 000,408,424 | ---- | C] (Gambali OEM Software) -- C:\Windows\SysNative\Gambali64.dll
[2015/04/08 17:17:45 | 000,340,944 | ---- | C] (Gambali OEM Software) -- C:\Windows\SysWow64\Gambali.dll
[2015/04/08 17:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
[2015/04/08 17:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
[2015/04/08 17:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashBeat
[2015/04/08 14:33:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\.cache
[2015/04/07 21:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows VXM
[2015/04/07 21:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Network Accelerater
[2015/04/07 21:33:35 | 000,000,000 | ---D | C] -- C:\ProgramData\56e5155400004993
[2015/04/07 21:27:08 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\EmieBrowserModeList
[2015/04/07 21:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\226fdb4400001767
[2015/04/07 21:11:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
[2015/04/07 21:11:02 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Ninja Loader
[2015/04/07 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Optimizer Pro
[2015/04/07 21:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SafeGuard
[2015/04/07 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\DreamVideoSoft
[2015/04/07 21:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro 3.75
[2015/04/07 21:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
[2015/04/07 21:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Optimizer
[2015/04/07 21:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Audio
[2015/04/07 20:59:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
[2015/04/07 20:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\688bac24d8294ddc9b97a10de5058423
[2015/04/07 20:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
[2015/04/07 20:56:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\globalUpdate
[2015/04/07 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2015/04/07 20:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2015/04/07 20:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2015/04/07 20:49:00 | 000,000,000 | ---D | C] -- C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
[2015/04/07 20:45:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
[2015/04/07 20:44:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
[2015/04/05 10:28:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\CrashPlan
[2015/04/05 10:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2015/04/05 10:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CrashPlan
[2015/04/05 10:28:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrashPlan
[2015/04/05 03:00:27 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\GWX
[2015/04/05 03:00:27 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\GWX
[2015/04/04 11:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2015/03/11 06:38:25 | 000,372,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2015/03/11 06:38:25 | 000,299,008 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2015/03/11 06:38:25 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2015/03/11 06:38:25 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2015/03/11 06:38:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2015/03/11 06:38:25 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2015/03/11 06:38:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2015/03/11 06:38:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2015/03/11 06:38:22 | 001,202,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmv2clt.dll
[2015/03/11 06:38:22 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\blackbox.dll
[2015/03/11 06:38:22 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\blackbox.dll
[2015/03/11 06:38:21 | 014,632,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2015/03/11 06:38:21 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmv2clt.dll
[2015/03/11 06:38:21 | 000,782,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmdrmsdk.dll
[2015/03/11 06:38:20 | 011,411,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2015/03/11 06:38:20 | 005,554,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/03/11 06:38:20 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2015/03/11 06:38:20 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmdrmsdk.dll
[2015/03/11 06:38:20 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drmmgrtn.dll
[2015/03/11 06:38:19 | 003,973,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2015/03/11 06:38:19 | 003,917,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2015/03/11 06:38:19 | 001,574,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2015/03/11 06:38:19 | 001,480,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2015/03/11 06:38:19 | 000,631,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2015/03/11 06:38:19 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drmmgrtn.dll
[2015/03/11 06:38:18 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2015/03/11 06:38:18 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptui.dll
[2015/03/11 06:38:18 | 001,005,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptui.dll
[2015/03/11 06:38:18 | 000,616,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2015/03/11 06:38:18 | 000,532,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2015/03/11 06:38:18 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2015/03/11 06:38:18 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2015/03/11 06:38:18 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2015/03/11 06:38:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptsp.dll
[2015/03/11 06:38:17 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2015/03/11 06:38:17 | 000,693,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2015/03/11 06:38:17 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscp.dll
[2015/03/11 06:38:17 | 000,619,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2015/03/11 06:38:17 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msnetobj.dll
[2015/03/11 06:38:16 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2015/03/11 06:38:16 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscp.dll
[2015/03/11 06:38:16 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2015/03/11 06:38:16 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AUDIOKSE.dll
[2015/03/11 06:38:16 | 000,457,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ci.dll
[2015/03/11 06:38:16 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2015/03/11 06:38:16 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2015/03/11 06:38:16 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioSes.dll
[2015/03/11 06:38:16 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msnetobj.dll
[2015/03/11 06:38:16 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2015/03/11 06:38:16 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2015/03/11 06:38:16 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\audiodg.exe
[2015/03/11 06:38:15 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\AUDIOKSE.dll
[2015/03/11 06:38:15 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\AudioEng.dll
[2015/03/11 06:38:15 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2015/03/11 06:38:15 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2015/03/11 06:38:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2015/03/11 06:38:15 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2015/03/11 06:38:15 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcadm.dll
[2015/03/11 06:38:14 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDump.dll
[2015/03/11 06:38:14 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2015/03/11 06:38:14 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2015/03/11 06:38:14 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2015/03/11 06:38:14 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2015/03/11 06:38:14 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2015/03/11 06:38:14 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2015/03/11 06:38:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2015/03/11 06:38:14 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2015/03/11 06:38:14 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2015/03/11 06:38:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2015/03/11 06:38:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcawrk.exe
[2015/03/11 06:38:14 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2015/03/11 06:38:14 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcalua.exe
[2015/03/11 06:38:13 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2015/03/11 06:38:13 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2015/03/11 06:38:13 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\spwmp.dll
[2015/03/11 06:38:13 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pcaevts.dll
[2015/03/11 06:38:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\spwmp.dll
[2015/03/11 06:38:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2015/03/11 06:38:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2015/03/11 06:38:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdxm.ocx
[2015/03/11 06:38:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxmasf.dll
[2015/03/11 06:38:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msdxm.ocx
[2015/03/11 06:38:13 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxmasf.dll
[2015/03/11 06:38:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2015/03/11 06:38:12 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2015/03/11 06:38:01 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2015/03/11 06:38:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2015/03/11 06:37:59 | 001,461,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2015/03/11 06:37:59 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2015/03/11 06:37:58 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2015/03/11 06:37:58 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2015/03/11 06:37:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2015/03/11 06:37:58 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2015/03/11 06:37:58 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2015/03/11 06:37:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2015/03/11 06:37:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2015/03/11 06:37:58 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2015/03/11 06:37:58 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2015/03/11 06:37:58 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2015/03/11 06:37:58 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2015/03/11 06:37:56 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/03/11 06:37:56 | 001,067,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
[2015/03/11 06:37:54 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2015/03/11 06:37:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2015/03/11 06:37:54 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/03/11 06:37:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2015/03/11 06:37:54 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2015/03/11 06:37:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2015/03/11 06:37:53 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/03/11 06:37:53 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2015/03/11 06:37:53 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2015/03/11 06:37:53 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2015/03/11 06:37:52 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/03/11 06:37:52 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/03/11 06:37:52 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2015/03/11 06:37:51 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2015/03/11 06:37:51 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/03/11 06:37:51 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2015/03/11 06:37:51 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2015/03/11 06:37:51 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2015/03/11 06:37:51 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2015/03/11 06:37:51 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2015/03/11 06:37:50 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/03/11 06:37:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/03/11 06:37:50 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2015/03/11 06:37:49 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2015/03/11 06:37:49 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2015/03/11 06:37:49 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2015/03/11 06:37:48 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2015/03/11 06:37:48 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/03/11 06:37:47 | 006,035,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/03/11 06:37:47 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2015/03/11 06:37:47 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2015/03/11 06:37:47 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/03/11 06:37:47 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/03/11 06:37:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2015/03/11 06:37:46 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/03/11 06:37:11 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2015/03/11 06:37:11 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2014/12/30 19:25:50 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2015/04/09 18:04:11 | 000,786,662 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/04/09 18:04:11 | 000,665,342 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/04/09 18:04:11 | 000,123,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/04/09 18:00:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2015/04/09 17:56:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
[2015/04/09 17:42:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2015/04/09 16:27:00 | 000,001,330 | ---- | M] () -- C:\Windows\tasks\ZA.job
[2015/04/09 15:56:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
[2015/04/09 07:37:00 | 000,001,334 | ---- | M] () -- C:\Windows\tasks\ZWQZ.job
[2015/04/08 21:38:12 | 000,001,033 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2015/04/08 17:17:55 | 000,008,944 | ---- | M] () -- C:\Windows\SysWow64\GambaliOff.ini
[2015/04/08 17:17:55 | 000,008,944 | ---- | M] () -- C:\Windows\SysNative\GambaliOff.ini
[2015/04/08 16:51:34 | 000,031,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/04/08 16:51:34 | 000,031,552 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/04/08 16:42:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/04/08 16:42:01 | 2068,377,599 | -HS- | M] () -- C:\hiberfil.sys
[2015/04/08 13:51:48 | 000,001,092 | ---- | M] () -- C:\Users\Owner\Desktop\Continue Live Installation.lnk
[2015/04/08 13:38:43 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2015/04/08 13:15:24 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015/04/07 21:20:06 | 000,004,382 | ---- | M] () -- C:\Users\Owner\Documents\Kim Kizziee Resignation.pdf
[2015/04/07 21:04:07 | 000,001,953 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
[2015/04/07 19:23:05 | 000,006,656 | ---- | M] () -- C:\Users\Owner\Documents\cc_20150407_192259.reg
[2015/04/05 10:28:35 | 000,001,871 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2015/04/02 18:45:09 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 10.lnk
[2015/03/31 15:18:24 | 000,408,424 | ---- | M] (Gambali OEM Software) -- C:\Windows\SysNative\Gambali64.dll
[2015/03/31 15:18:24 | 000,340,944 | ---- | M] (Gambali OEM Software) -- C:\Windows\SysWow64\Gambali.dll
[2015/03/26 15:14:08 | 000,005,542 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\ZWQZ
[2015/03/26 15:14:08 | 000,004,185 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\ZA
[2015/03/12 03:24:38 | 005,086,520 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2015/04/08 21:38:12 | 000,001,033 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2015/04/08 17:17:46 | 000,008,944 | ---- | C] () -- C:\Windows\SysWow64\GambaliOff.ini
[2015/04/08 17:17:46 | 000,008,944 | ---- | C] () -- C:\Windows\SysNative\GambaliOff.ini
[2015/04/08 13:51:48 | 000,001,092 | ---- | C] () -- C:\Users\Owner\Desktop\Continue Live Installation.lnk
[2015/04/08 13:15:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2015/04/08 13:15:24 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2015/04/07 21:20:06 | 000,004,382 | ---- | C] () -- C:\Users\Owner\Documents\Kim Kizziee Resignation.pdf
[2015/04/07 20:56:43 | 000,001,330 | ---- | C] () -- C:\Windows\tasks\ZA.job
[2015/04/07 20:56:38 | 000,001,334 | ---- | C] () -- C:\Windows\tasks\ZWQZ.job
[2015/04/07 20:49:05 | 000,001,953 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
[2015/04/07 19:23:02 | 000,006,656 | ---- | C] () -- C:\Users\Owner\Documents\cc_20150407_192259.reg
[2015/04/05 10:28:35 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2015/03/26 15:14:08 | 000,005,542 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ZWQZ
[2015/03/26 15:14:08 | 000,004,185 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\ZA
[2015/02/28 13:54:45 | 000,006,144 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/12/30 19:25:50 | 000,099,384 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2014/12/30 19:25:50 | 000,007,859 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2014/12/30 19:25:50 | 000,001,167 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2014/11/03 04:01:23 | 000,000,412 | ---- | C] () -- C:\Users\Owner\.powerschool_gradebook.properties
[2014/11/03 03:57:25 | 000,000,012 | ---- | C] () -- C:\Users\Owner\.gradebook_userdict.tlx
[2013/09/07 22:19:39 | 001,006,161 | ---- | C] () -- C:\Users\Owner\Eddie4x601.jpg
[2013/04/04 12:46:59 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2012/09/24 22:48:01 | 001,896,146 | ---- | C] () -- C:\Users\Owner\GirlsSoccer01.jpg
[2012/08/26 19:14:43 | 000,000,132 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015/02/13 01:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015/02/13 01:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:AD022376

< End of report >
 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 09 April 2015 - 07:42 PM

Greetings Tericab and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

There is evidence of illegal software on your computer. I would like you to remove Adobe CS5 in order to continue to receive help beyond the below. If you are willing to do that please perform the below steps after removing the program.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did you remove Adobe?
  • AdwCleaner log
  • Junkware log
  • FRST results
  • Addition log
  • System Summary Information

Edited by Oh My!, 09 April 2015 - 08:04 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 09 April 2015 - 09:37 PM

Thank you for your quick response.  I have attached all of the log files you requested.

 

# AdwCleaner v4.201 - Logfile created 09/04/2015 at 22:06:50
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - BCMOFFICE
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : Gambali
[#] Service Deleted : FlashBeat

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\226fdb4400001767
Folder Deleted : C:\ProgramData\56e5155400004993
Folder Deleted : C:\Users\Owner\Documents\PC Speed Maximizer
File Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ippkomaaonokjnfjoikaemidanojkfmm_0.localstorage
File Deleted : C:\END
File Deleted : C:\ProgramData\uninstaller.exe
File Deleted : C:\Windows\SysWOW64\Gambali.dll
File Deleted : C:\Windows\SysWOW64\GambaliOff.ini
File Deleted : C:\Windows\System32\Gambali64.dll
File Deleted : C:\Windows\System32\GambaliOff.ini
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\invalidprefs.js

***** [ Scheduled tasks ] *****

Task Deleted : LaunchSignup
Task Deleted : SomotoUpdateCheckerAutoStart

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{3d90f257-fa16-4fd0-9407-f1fc34a25274}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [ConsumerInput@Compete]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Jing]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\a57df88b03eb844
Key Deleted : HKLM\SOFTWARE\3d0931b5-01fe-4cc5-df93-103b75b9a8fd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Compete
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Define Ext
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\Show-Password
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Define Ext
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKU\.DEFAULT\Software\GeekBuddyRSP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;<local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://www.delta-search.com/?affID=120660&tt=190313_wctrl&babsrc=HP_ss&mntrId=AA1A386077D61C6B");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("avg.install.userSPSettings", "Delta Search");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22www.eas[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.admin", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.aflt", "babsst");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.dfltLng", "en");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.excTlbr", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.id", "aa1a42d5000000000000386077d61c6b");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.instlDay", "15789");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.instlRef", "sst");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.newTab", false);
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.prdct", "delta");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.rvrt", "false");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.smplGrp", "none");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrId", "base");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsn", "1.8.10.0");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.10.019:39:46");
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.delta.vrsni", "1.8.10.0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltlng", "en");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.did", "10671");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hdrMd5", "BAD92D905C2EDF91D8FE2ABAD97828DC");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hmpg", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.hrdid", "0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.id", "aa1a42d5000000000000386077d61c6b");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlDay", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlRef", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlday", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.instlref", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.keywordurl", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newTab", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newtab", "false");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.newtaburl", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.ppd", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.productid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.sg", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.smplgrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.srch", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.srchprvdr", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrid", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.upn2", "6OyHwVqQuG");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.upn2n", "92261732028467390");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.did", "10671");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.id", "aa1a42d5000000000000386077d61c6b");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15531");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHwVqQuG&loc=IB_TB&i=26&search=");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.upn2", "6OyHwVqQuG");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92261732028467390");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:05:41");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&[...]
[ga2781yf.default\prefs.js] - Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavi[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [19002 bytes] - [09/04/2015 22:03:28]
AdwCleaner[R1].txt - [17687 bytes] - [09/04/2015 22:05:29]
AdwCleaner[R2].txt - [17747 bytes] - [09/04/2015 22:06:24]
AdwCleaner[S0].txt - [18267 bytes] - [09/04/2015 22:06:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18327  bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 04/09/2015 at 22:21:52.23
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0m1zdpha.default-1343610594345\prefs.js

user_pref("CT3290971_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365637088569,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22am
user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ga2781yf.default\minidumps [2 files]
Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0m1zdpha.default-1343610594345\minidumps [63 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/09/2015 at 22:23:47.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Owner (administrator) on BCMOFFICE on 09-04-2015 22:25:06
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271207691-2682249754-1176388757-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-09-12] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-19] (Apple Inc.)
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: EazyZoom - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\fe@muohvog.com [2015-04-07]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\2020Player_WEB@2020Technologies.com [2012-12-05]
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: NetVideoHunter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\netvideohunter@netvideohunter.com [2015-03-04]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\amznUWL2@amazon.com.xpi [2012-12-10]
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjahobnmbbohjdpfffcpohenbjbcccd [2013-04-04]
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [156440 2014-11-20] (Code 42 Software)
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 xeluquze; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp [290304 2015-04-09] () [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 22:23 - 2015-04-09 22:23 - 00001559 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-04-09 22:21 - 2015-04-09 22:23 - 00000000 ____D () C:\Users\Owner\Documents\Log Files
2015-04-09 22:07 - 2015-04-09 22:07 - 00002950 _____ () C:\Windows\PFRO.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00000112 _____ () C:\Windows\setupact.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-09 22:03 - 2015-04-09 22:06 - 00000000 ___DC () C:\AdwCleaner
2015-04-09 22:03 - 2015-04-09 22:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BCMOFFICE-Windows-7-Home-Premium-(64-bit).dat
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___DC () C:\RegBackup
2015-04-09 22:02 - 2015-04-09 21:56 - 02686959 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-04-09 22:02 - 2015-04-09 21:56 - 02217984 _____ () C:\Users\Owner\Desktop\adwcleaner_4.201.exe
2015-04-09 20:21 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2015-04-09 18:41 - 2015-04-09 22:25 - 00018662 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-04-09 18:41 - 2015-04-09 22:25 - 00000000 ___DC () C:\FRST
2015-04-09 18:41 - 2015-04-09 18:40 - 02095616 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-04-09 18:01 - 2015-04-09 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-04-09 15:14 - 2015-04-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-04-09 01:52 - 2015-04-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 21:10 - 2015-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 15:09 - 2015-04-08 21:39 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-08 14:33 - 2015-04-08 14:33 - 00000000 ____D () C:\Users\Owner\.cache
2015-04-08 13:15 - 2015-04-08 13:15 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ () C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:27 - 2015-04-07 21:27 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 22:07 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 22:07 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ () C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-04-07 19:23 - 2015-04-07 19:23 - 00006656 _____ () C:\Users\Owner\Documents\cc_20150407_192259.reg
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Program Files (x86)\CrashPlan
2015-04-05 10:27 - 2015-04-05 10:27 - 47207976 _____ (Code 42 Software) C:\Users\Owner\Downloads\CrashPlan_3.7.0_Win.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:01 - 2015-04-09 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-11 06:38 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 06:38 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 06:38 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 06:38 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 06:38 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 06:38 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 06:38 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 06:38 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 06:38 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 06:38 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 06:38 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 06:38 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 06:38 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 06:38 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 06:38 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 06:38 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 06:38 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 06:38 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 06:38 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 06:38 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 06:38 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 06:38 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 06:38 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 06:38 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 06:38 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-11 06:38 - 2014-06-27 20:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-11 06:37 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 06:37 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 06:37 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 06:37 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 06:37 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 06:37 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 06:37 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 06:37 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 06:37 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 06:37 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 06:37 - 2015-02-23 23:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 06:37 - 2015-02-23 22:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 06:37 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 06:37 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 06:37 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 06:37 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 06:37 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 06:37 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 06:37 - 2015-02-19 23:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 06:37 - 2015-02-19 22:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 06:37 - 2015-02-19 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 06:37 - 2015-02-19 22:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 22:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 06:37 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 06:37 - 2015-02-19 22:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 06:37 - 2015-02-19 22:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 06:37 - 2015-02-19 22:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 06:37 - 2015-02-19 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 06:37 - 2015-02-19 22:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 06:37 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 06:37 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 06:37 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 06:37 - 2015-02-19 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 06:37 - 2015-02-19 22:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 06:37 - 2015-02-19 21:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 06:37 - 2015-02-19 21:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 06:37 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 06:37 - 2015-02-19 21:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 06:37 - 2015-02-19 21:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 06:37 - 2015-02-19 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 06:37 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 06:37 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 06:37 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 06:37 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 06:37 - 2015-02-19 21:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 06:37 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 06:37 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 06:37 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 06:37 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 06:37 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 06:37 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 06:37 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 06:37 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 06:37 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 06:37 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 06:37 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 06:37 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-09 22:17 - 2014-11-13 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 22:17 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-09 22:17 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-09 22:13 - 2014-10-27 03:31 - 01390230 _____ () C:\Windows\WindowsUpdate.log
2015-04-09 22:12 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-09 22:07 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 22:07 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-09 21:56 - 2011-06-24 16:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
2015-04-09 21:42 - 2012-06-13 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-09 19:16 - 2014-04-15 22:11 - 00104448 ___SH () C:\Users\Owner\Documents\Thumbs.db
2015-04-09 15:56 - 2011-06-24 16:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
2015-04-09 02:00 - 2014-09-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-04-08 14:33 - 2012-03-26 15:24 - 00000000 ____D () C:\Users\Owner
2015-04-08 13:25 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-08 13:15 - 2011-06-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-08 13:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 22:23 - 2012-03-26 20:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-07 21:38 - 2011-06-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-07 21:36 - 2012-03-26 21:39 - 00000000 ____D () C:\Program Files (x86)\DVDFab 8 Qt
2015-04-07 21:35 - 2013-05-15 20:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-07 20:42 - 2013-12-31 19:57 - 00000000 ____D () C:\ProgramData\Canon
2015-04-07 20:42 - 2013-12-31 19:53 - 00000000 ____D () C:\Program Files\Canon
2015-04-07 19:39 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-04-07 19:33 - 2012-05-19 23:43 - 00000000 ____D () C:\Users\Owner\.ProMPIX
2015-04-07 19:22 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-07 19:19 - 2013-12-16 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-04-07 19:19 - 2013-10-21 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-04-02 18:45 - 2015-02-19 20:40 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 18:45 - 2015-02-19 20:40 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-24 12:11 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-03-20 06:52 - 2014-08-15 23:11 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2015-03-12 04:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 03:24 - 2012-03-22 15:11 - 05086520 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 03:23 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 03:08 - 2012-03-26 21:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 03:04 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-12 03:01 - 2011-06-24 16:08 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Files in the root of some directories =======

2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-30 19:25 - 2015-01-11 13:25 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2014-12-30 19:25 - 2015-01-11 13:25 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2014-12-30 19:25 - 2015-01-11 13:25 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2014-12-30 19:25 - 2015-01-11 13:25 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2014-12-30 19:25 - 2015-01-11 13:25 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-02-28 13:54 - 2015-03-04 04:17 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 10:07 - 2012-03-27 10:07 - 0003178 _____ () C:\Users\Owner\AppData\Local\HWVendorDetection.log
2012-03-26 21:02 - 2012-03-26 21:07 - 0000834 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Owner at 2015-04-09 22:25:25
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop CS5.1 (HKLM-x32\...\{9158FF30-78D7-40EF-B83E-451AC5334640}) (Version: 12.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Scan to PDF Free 3.5.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
AIO_Scan (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{F42B8C14-63E5-4F8D-B848-12F010593AB8}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CrashPlan (HKLM-x32\...\{F5DF8435-7822-4D0C-88A9-604EC76D0B06}) (Version: 3.7.0 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImageMagick 6.8.8-0 Q16 (32-bit) (2014-01-01) (HKLM-x32\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mpixpro ROES (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\mpixpro ROES) (Version:  - mpix)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Mpix Press Edition) (HKLM-x32\...\{A33D675A-2833-45AF-855F-214FC549B944}) (Version: 7.8.4005 - Digilabs)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
PhotoRescue Wizard PC 3.3.2.13314 (HKLM-x32\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6236 - Realtek Semiconductor Corp.)
RedSn0w Packages (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\RedSn0w Packages) (Version:  - ) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.83040 - Sonos, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VPS ROES (HKLM-x32\...\{7B990B7E-4B5B-47AA-8017-E490F5D48B36}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-12-27 00:41 - 00001246 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0108855D-A749-45CF-83E2-25C977DBB825} - System32\Tasks\AdobeAAMUpdater-1.0-BCMOFFICE-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {057B8B8A-04CE-4DC4-94A8-90CD87D1D1CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {18975B83-258B-4E8B-9C04-D889343672F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {37D255EC-97A7-4680-9CA8-9AE04DC80FAA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4778F49E-1D7E-4BCF-B83E-AADB273995A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {756ECE48-998F-4362-83A9-449C3F90A888} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7E3AC824-CFF8-4FCA-A47B-5400563A240E} - System32\Tasks\{3B8739B0-2F92-4F37-8C74-670750C2740D} => pcalua.exe -a C:\Users\Owner\Desktop\oxelonplugins.exe -d C:\Users\Owner\Desktop
Task: {80262CC3-070F-4C8E-AA6E-994D9B8C478E} - System32\Tasks\{F93ACB3E-2519-405A-A9A6-6560CBC1D416} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
Task: {8248372F-089A-446B-B25C-749B8DFCEE99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {91944BE9-F7F2-453C-8AB6-62633D165C93} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AB7FCA9E-AFFB-43EF-B8E0-E49CC7F54D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B2039A05-BD51-423D-8023-7C76D42C1C4C} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-08] ()
Task: {B7BF62C9-8654-47EA-9B83-1016F2ACC3D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-04-07 20:45 - 2015-04-07 20:45 - 00185856 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
2015-03-20 06:51 - 2015-01-27 11:29 - 08898720 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-04-09 20:48 - 2015-04-09 20:48 - 00290304 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp
2014-08-15 23:11 - 2014-05-20 08:19 - 00105640 ____C () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-17 10:21 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4271207691-2682249754-1176388757-500 - Administrator - Disabled)
Guest (S-1-5-21-4271207691-2682249754-1176388757-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4271207691-2682249754-1176388757-1003 - Limited - Enabled)
Owner (S-1-5-21-4271207691-2682249754-1176388757-1001 - Administrator - Enabled) => C:\Users\Owner
Sonos (S-1-5-21-4271207691-2682249754-1176388757-1005 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.

Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 19%
Total physical RAM: 8091.41 MB
Available physical RAM: 6529.16 MB
Total Pagefile: 16181.02 MB
Available Pagefile: 14690.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:109.94 GB) (Free:3.16 GB) NTFS
Drive f: (Data) (Fixed) (Total:465.76 GB) (Free:445.9 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:93.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84AFD1A8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4FCA7A1)
Partition 1: (Active) - (Size=1.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 09 April 2015 - 09:56 PM

Greetings. It appears we have not addressed this:
 

There is evidence of illegal software on your computer. I would like you to remove Adobe CS5 in order to continue to receive help beyond the below. If you are willing to do that please perform the below steps after removing the program.

 

If you are willing to remove the program we can continue on. If not, unfortunately I will not be able to help you further.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 12 April 2015 - 06:19 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 13 April 2015 - 06:07 PM

Thank you for asking. Yes I still need help, sorry I have been sick the last few days and had to work.  I have removed Adobe PS 5 and will rerun logs and reply tonight. 



#7 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 13 April 2015 - 06:27 PM

Sorry, I have been sick and had to work.

 

 

# AdwCleaner v4.201 - Logfile created 13/04/2015 at 19:10:27
# Updated 08/04/2015 by Xplode
# Database : 2015-04-08.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Owner - BCMOFFICE
# Running from : C:\Users\Owner\Desktop\adwcleaner_4.201.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : cherimoya
[#] Service Deleted : consumerinput_update
[#] Service Deleted : consumerinput_updatem
[#] Service Deleted : csrcc
[#] Service Deleted : Gambali
[#] Service Deleted : shopperz Updater
[#] Service Deleted : FlashBeat
[#] Service Deleted : ZVYlaQqem
[#] Service Deleted : 5d9df4c6
[#] Service Deleted : 70F4EEDB-1367-4b4f-8247-3133551A7415

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\FlashBeat
Folder Deleted : C:\ProgramData\NetEngine
Folder Deleted : C:\ProgramData\VUAWmaiRtYl
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\Consumer Input
Folder Deleted : C:\Program Files (x86)\gmsd_us_426
Folder Deleted : C:\Program Files (x86)\Optimizer Pro 3.79
Folder Deleted : C:\Program Files\shopperz
Folder Deleted : C:\Users\Owner\AppData\Local\Consumer Input
Folder Deleted : C:\Users\Owner\AppData\Local\gmsd_us_426
Folder Deleted : C:\Users\Owner\AppData\Roaming\WebExtend
File Deleted : C:\Windows\SysWOW64\Gambali.dll
File Deleted : C:\Windows\SysWOW64\GambaliOff.ini
File Deleted : C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\Gambali64.dll
File Deleted : C:\Windows\System32\GambaliOff.ini
File Deleted : C:\Windows\System32\drivers\cherimoya.sys
File Deleted : C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\Owner\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Owner\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\user.js

***** [ Scheduled tasks ] *****

Task Deleted : ConsumerInputUpdateTaskMachineCore
Task Deleted : ConsumerInputUpdateTaskMachineUA
Task Deleted : gtaUpt
Task Deleted : Optimizer Pro Schedule
Task Deleted : NetEngine

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{5081D2D4-1637-404c-B74F-50526718257D}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep
Key Deleted : HKLM\SOFTWARE\Classes\Extension.jshep.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_us_426]
Key Deleted : HKLM\SOFTWARE\3d0931b5-01fe-4cc5-df93-103b75b9a8fd
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9AE7A6AE-162E-44C4-9A2B-A6B4EF19909D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404C-B74F-50526718257D}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\CompeteInc
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\shopperz
Key Deleted : HKLM\SOFTWARE\FlashBeat
Key Deleted : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZombieNews
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Setup Support for Consumer Input
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Consumer Input Installer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FlashBeat
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_us_426_is1
Key Deleted : [x64] HKLM\SOFTWARE\shopperz
Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5081D2D4-1637-404c-B74F-50526718257D}_is1
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v37.0.1 (x86 en-US)

[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
[0m1zdpha.default-1343610594345\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]

-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [19002 bytes] - [09/04/2015 22:03:28]
AdwCleaner[R1].txt - [17687 bytes] - [09/04/2015 22:05:29]
AdwCleaner[R2].txt - [17747 bytes] - [09/04/2015 22:06:24]
AdwCleaner[R3].txt - [7546 bytes] - [13/04/2015 19:08:29]
AdwCleaner[S0].txt - [18448 bytes] - [09/04/2015 22:06:50]
AdwCleaner[S1].txt - [7472 bytes] - [13/04/2015 19:10:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7531  bytes] ##########
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Mon 04/13/2015 at 19:16:03.87
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\Users\Owner\documents\optimizer pro"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\ga2781yf.default\extensions\staged
Successfully deleted the following from C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\0m1zdpha.default-1343610594345\prefs.js

user_pref("CT3290971_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1365637088569,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/13/2015 at 19:18:01.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Owner (administrator) on BCMOFFICE on 13-04-2015 19:18:37
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsaF029.tmp
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\wrex.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\wrex64.exe
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Web Protector Plus UI] => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlusUI.exe [320000 2015-02-24] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
ShortcutTarget: hqghumeaylnlf.lnk -> C:\ProgramData\{43a2cfbe-15dc-eff2-43a2-2cfbe15d3ef8}\hqghumeaylnlf.exe (PC Utilities Software Limited)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271207691-2682249754-1176388757-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-19] (Apple Inc.)
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: EazyZoom - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\fe@muohvog.com [2015-04-07]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\2020Player_WEB@2020Technologies.com [2012-12-05]
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: NetVideoHunter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\netvideohunter@netvideohunter.com [2015-04-13]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\amznUWL2@amazon.com.xpi [2012-12-10]
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox
FF Extension: No Name - C:\Program Files\shopperz\Firefox [Not Found]

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjahobnmbbohjdpfffcpohenbjbcccd [2013-04-04]
CHR HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [156440 2014-11-20] (Code 42 Software)
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S2 LiveUpdateWPP Manager; C:\Program Files (x86)\LiveUpdateWPP\LiveUpdateWPP.exe [425984 2015-02-07] (LiveUpdateWPP) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 ronevulo; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsaF029.tmp [143360 2015-04-13] () [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [4024920 2015-04-07] (Hefei Hejunzhengce Info Tech Co., Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [2976880 2015-03-24] (Microsoft Corporation) [File not signed]
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 19:18 - 2015-04-13 19:18 - 00018968 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-04-13 19:18 - 2015-04-13 19:18 - 00001353 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-04-13 19:18 - 2015-04-13 19:18 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2015-04-13 19:15 - 2015-04-13 11:58 - 02687136 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2015-04-13 18:18 - 2015-04-13 18:18 - 00063182 _____ () C:\Users\Owner\Documents\cc_20150413_181802-4-13.reg
2015-04-11 22:39 - 2015-04-11 22:39 - 00003560 _____ () C:\Windows\System32\Tasks\CJAZUQFGX
2015-04-11 22:38 - 2015-04-11 22:38 - 00000000 ____D () C:\ProgramData\8e4bc38d4f574f909eeed50de05d990f
2015-04-11 22:38 - 2015-04-11 22:38 - 00000000 ____D () C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a
2015-04-11 16:42 - 2015-04-11 16:41 - 00468480 _____ () C:\Users\Owner\Desktop\CKScanner.exe
2015-04-11 15:09 - 2015-04-11 15:10 - 00000000 ____D () C:\Program Files (x86)\WebProtectorPlus
2015-04-11 15:09 - 2015-04-11 15:09 - 00003194 _____ () C:\Windows\System32\Tasks\Web Protector Plus Server
2015-04-11 15:09 - 2015-04-11 15:09 - 00003164 _____ () C:\Windows\System32\Tasks\Web Protector Plus
2015-04-11 15:09 - 2015-04-11 15:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Web Protector Plus
2015-04-11 15:09 - 2015-04-11 15:09 - 00000000 ____D () C:\Program Files (x86)\WebProtector
2015-04-11 15:09 - 2015-04-11 15:09 - 00000000 ____D () C:\Program Files (x86)\LiveUpdateWPP
2015-04-11 13:21 - 2015-04-13 18:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\ZombieNews
2015-04-11 11:30 - 2015-04-11 15:30 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-11 11:25 - 2015-04-11 11:25 - 00000000 ____D () C:\ProgramData\ZombieNews
2015-04-09 23:17 - 2015-04-13 19:13 - 00000000 ____D () C:\ProgramData\{43a2cfbe-15dc-eff2-43a2-2cfbe15d3ef8}
2015-04-09 22:21 - 2015-04-09 22:28 - 00000000 ____D () C:\Users\Owner\Documents\Log Files
2015-04-09 22:07 - 2015-04-13 19:11 - 00000224 _____ () C:\Windows\setupact.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00002950 _____ () C:\Windows\PFRO.log
2015-04-09 22:07 - 2015-04-09 22:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-09 22:03 - 2015-04-13 19:10 - 00000000 ___DC () C:\AdwCleaner
2015-04-09 22:03 - 2015-04-09 22:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BCMOFFICE-Windows-7-Home-Premium-(64-bit).dat
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___DC () C:\RegBackup
2015-04-09 22:02 - 2015-04-09 21:56 - 02686959 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-04-09 22:02 - 2015-04-09 21:56 - 02217984 _____ () C:\Users\Owner\Desktop\adwcleaner_4.201.exe
2015-04-09 20:21 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2015-04-09 18:41 - 2015-04-13 19:18 - 02096640 ____C (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-04-09 18:41 - 2015-04-13 19:18 - 00000000 ___DC () C:\FRST
2015-04-09 18:01 - 2015-04-09 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-04-09 15:14 - 2015-04-09 15:14 - 00000000 ____D () C:\Program Files (x86)\Setup Support for Consumer Input
2015-04-09 01:52 - 2015-04-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 21:10 - 2015-04-12 01:39 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 15:09 - 2015-04-12 01:39 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-08 14:33 - 2015-04-08 14:33 - 00000000 ____D () C:\Users\Owner\.cache
2015-04-08 13:15 - 2015-04-13 19:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ () C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:27 - 2015-04-07 21:27 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-13 19:11 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-13 19:11 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ () C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-13 18:18 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-04-07 19:23 - 2015-04-07 19:23 - 00006656 _____ () C:\Users\Owner\Documents\cc_20150407_192259.reg
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Program Files (x86)\CrashPlan
2015-04-05 10:27 - 2015-04-05 10:27 - 47207976 _____ (Code 42 Software) C:\Users\Owner\Downloads\CrashPlan_3.7.0_Win.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:01 - 2015-04-09 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-13 19:16 - 2014-10-27 03:31 - 01792879 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 19:16 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 19:16 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 19:11 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 19:06 - 2013-12-16 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-04-13 18:56 - 2011-06-24 16:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
2015-04-13 18:42 - 2012-06-13 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 18:20 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 18:18 - 2011-06-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-13 18:15 - 2011-06-24 16:40 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-13 18:12 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-13 18:11 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-04-13 15:56 - 2011-06-24 16:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
2015-04-13 02:00 - 2014-09-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-04-11 11:38 - 2014-07-22 20:29 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-10 21:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 22:26 - 2012-07-17 10:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro PDF
2015-04-09 22:17 - 2014-11-13 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-09 22:07 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 19:16 - 2014-04-15 22:11 - 00104448 ___SH () C:\Users\Owner\Documents\Thumbs.db
2015-04-08 14:33 - 2012-03-26 15:24 - 00000000 ____D () C:\Users\Owner
2015-04-08 13:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 22:23 - 2012-03-26 20:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-07 21:38 - 2011-06-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-07 21:36 - 2012-03-26 21:39 - 00000000 ____D () C:\Program Files (x86)\DVDFab 8 Qt
2015-04-07 21:35 - 2013-05-15 20:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-07 20:42 - 2013-12-31 19:57 - 00000000 ____D () C:\ProgramData\Canon
2015-04-07 20:42 - 2013-12-31 19:53 - 00000000 ____D () C:\Program Files\Canon
2015-04-07 19:33 - 2012-05-19 23:43 - 00000000 ____D () C:\Users\Owner\.ProMPIX
2015-04-07 19:19 - 2013-10-21 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-04-02 18:45 - 2015-02-19 20:40 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 18:45 - 2015-02-19 20:40 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-20 06:52 - 2014-08-15 23:11 - 00000000 ___DC () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-12-30 19:25 - 2015-01-11 13:25 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2014-12-30 19:25 - 2015-01-11 13:25 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2014-12-30 19:25 - 2015-01-11 13:25 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2014-12-30 19:25 - 2015-01-11 13:25 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2014-12-30 19:25 - 2015-01-11 13:25 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-02-28 13:54 - 2015-03-04 04:17 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 10:07 - 2012-03-27 10:07 - 0003178 _____ () C:\Users\Owner\AppData\Local\HWVendorDetection.log
2012-03-26 21:02 - 2012-03-26 21:07 - 0000834 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\jue80A5.exe
C:\Users\Owner\AppData\Local\Temp\jue9987.exe
C:\Users\Owner\AppData\Local\Temp\jueB150.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-04 00:15

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Owner at 2015-04-13 19:18:57
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\uTorrent) (Version: 3.4.2.38656 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Scan to PDF Free 3.5.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
AIO_Scan (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{F42B8C14-63E5-4F8D-B848-12F010593AB8}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CrashPlan (HKLM-x32\...\{F5DF8435-7822-4D0C-88A9-604EC76D0B06}) (Version: 3.7.0 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
ImageMagick 6.8.8-0 Q16 (32-bit) (2014-01-01) (HKLM-x32\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
LiveUpdateWPP (HKLM-x32\...\LiveUpdateWPP) (Version:  - Anti-phishing database updater for Web Protector Plus. This service keeps your computer updated with the newest database of known Internet threats.)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mpixpro ROES (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\mpixpro ROES) (Version:  - mpix)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Mpix Press Edition) (HKLM-x32\...\{A33D675A-2833-45AF-855F-214FC549B944}) (Version: 7.8.4005 - Digilabs)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoRescue Wizard PC 3.3.2.13314 (HKLM-x32\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6236 - Realtek Semiconductor Corp.)
RedSn0w Packages (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\RedSn0w Packages) (Version:  - ) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VPS ROES (HKLM-x32\...\{7B990B7E-4B5B-47AA-8017-E490F5D48B36}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
Web Protector IE (HKLM-x32\...\WebProtector) (Version: 1.0.0.2 - WebProtector)
Web Protector Plus (uninstall only) (HKLM\...\WebProtectorPlus) (Version:  - )
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-04-2015 18:18:26 Removed Adobe Community Help

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-12-27 00:41 - 00001246 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057B8B8A-04CE-4DC4-94A8-90CD87D1D1CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {18975B83-258B-4E8B-9C04-D889343672F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {37D255EC-97A7-4680-9CA8-9AE04DC80FAA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] ()
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4778F49E-1D7E-4BCF-B83E-AADB273995A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {739CCFC7-1BB9-4DAB-96A3-BF4EF5E3088A} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-12] ()
Task: {756ECE48-998F-4362-83A9-449C3F90A888} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7E3AC824-CFF8-4FCA-A47B-5400563A240E} - System32\Tasks\{3B8739B0-2F92-4F37-8C74-670750C2740D} => pcalua.exe -a C:\Users\Owner\Desktop\oxelonplugins.exe -d C:\Users\Owner\Desktop
Task: {80262CC3-070F-4C8E-AA6E-994D9B8C478E} - System32\Tasks\{F93ACB3E-2519-405A-A9A6-6560CBC1D416} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
Task: {8248372F-089A-446B-B25C-749B8DFCEE99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {91944BE9-F7F2-453C-8AB6-62633D165C93} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {9BB0D178-4F28-47F6-9908-748F7CD612F2} - System32\Tasks\CJAZUQFGX => C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a\3ff7d2bad2204a528b3e3c306225006a.exe [2015-04-11] ()
Task: {AB7FCA9E-AFFB-43EF-B8E0-E49CC7F54D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B7BF62C9-8654-47EA-9B83-1016F2ACC3D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {CF308ED2-8D13-461D-AA2E-13EE774F0688} - System32\Tasks\Web Protector Plus => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe [2015-02-19] ()
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-04-07 20:45 - 2015-04-07 20:45 - 00185856 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp
2015-04-13 18:18 - 2015-04-13 18:18 - 00143360 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsaF029.tmp
2015-03-20 06:51 - 2015-01-27 11:29 - 08898720 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-24 09:54 - 2015-02-24 09:54 - 00361472 _____ () C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe
2013-06-10 21:39 - 2013-06-10 21:39 - 00105984 _____ () C:\Program Files (x86)\WebProtectorPlus\server64\libgcc_s_sjlj-1.dll
2013-06-10 21:39 - 2013-06-10 21:39 - 01129984 _____ () C:\Program Files (x86)\WebProtectorPlus\server64\libstdc++-6.dll
2014-08-15 23:11 - 2014-05-20 08:19 - 00105640 ____C () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-07-17 10:21 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:AD022376

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4271207691-2682249754-1176388757-500 - Administrator - Disabled)
Guest (S-1-5-21-4271207691-2682249754-1176388757-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4271207691-2682249754-1176388757-1003 - Limited - Enabled)
Owner (S-1-5-21-4271207691-2682249754-1176388757-1001 - Administrator - Enabled) => C:\Users\Owner
Sonos (S-1-5-21-4271207691-2682249754-1176388757-1005 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 28%
Total physical RAM: 8091.41 MB
Available physical RAM: 5755.39 MB
Total Pagefile: 16181.02 MB
Available Pagefile: 13973.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:109.94 GB) (Free:4.6 GB) NTFS
Drive f: (Data) (Fixed) (Total:465.76 GB) (Free:445.9 GB) NTFS
Drive h: (FLASHMOVIES) (Removable) (Total:14.9 GB) (Free:14.85 GB) FAT32
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:93.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84AFD1A8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4FCA7A1)
Partition 1: (Active) - (Size=1.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 13 April 2015 - 08:46 PM

Sorry to hear you were under the weather. Thank you for uninstalling the program.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe 
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R2 xeluquze; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp [290304 2015-04-09] () [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ () C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 22:07 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 22:07 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ () C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] ()
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {9BB0D178-4F28-47F6-9908-748F7CD612F2} - System32\Tasks\CJAZUQFGX => C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a\3ff7d2bad2204a528b3e3c306225006a.exe [2015-04-11] ()
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {CF308ED2-8D13-461D-AA2E-13EE774F0688} - System32\Tasks\Web Protector Plus => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe [2015-02-19] ()
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
C:\Program Files (x86)\WebProtectorPlus
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
hosts:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 13 April 2015 - 09:46 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Owner at 2015-04-13 22:35:46 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] =>
[X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office
15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar:
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R2 xeluquze; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp [290304 2015-04-09] () [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D ()
C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co)
C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic )
C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ ()
C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ ()
C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ ()
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 22:07 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 22:07 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ ()
C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____
() C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task:
{3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] ()
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {9BB0D178-4F28-47F6-9908-748F7CD612F2} - System32\Tasks\CJAZUQFGX => C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a\3ff7d2bad2204a528b3e3c306225006a.exe [2015-04-11] ()
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {CF308ED2-8D13-461D-AA2E-13EE774F0688} - System32\Tasks\Web Protector Plus => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe [2015-02-19] ()
Task:
{D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
C:\Program Files (x86)\WebProtectorPlus
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
hosts:
*****************

C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF => Moved successfully.
[1584] C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => Value not found.
"C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager" => File/Directory not found.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
[X] => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{734fd57e-a9b6-11e3-908a-386077d61c6b}" => Key deleted successfully.
HKCR\CLSID\{734fd57e-a9b6-11e3-908a-386077d61c6b} => Key not found.
"C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c7ed5196-a23d-4add-94fc-96ce1e2f3207} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => Key deleted successfully.
15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => Key deleted successfully.
"HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
Toolbar: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File => Error: No automatic fix found for this entry.
"HKCR\Wow6432Node\PROTOCOLS\Handler\osf" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer" => Key deleted successfully.
fogezyny => Service stopped successfully.
fogezyny => Service deleted successfully.
xeluquze => Service not found.
OutfoxTvService => Service deleted successfully.
LMIRfsClientNP => Service deleted successfully.
LMIInfo => Service deleted successfully.
C:\Windows\System32\Tasks\PZYCH => Moved successfully.
"2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D ()" => File/Directory not found.
C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389 => Moved successfully.
C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790 => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload => Moved successfully.
"2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co)" => File/Directory not found.
C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload => Moved successfully.
"2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic )" => File/Directory not found.
C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload => Moved successfully.
"2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ ()" => File/Directory not found.
C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload => Moved successfully.
"2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ ()" => File/Directory not found.
C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload => Moved successfully.
C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload => Moved successfully.
C:\ProgramData\Windows VXM => Moved successfully.
C:\Program Files (x86)\Windows Network Accelerater => Moved successfully.
C:\Users\Owner\AppData\Local\Ninja Loader => Moved successfully.
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader => Moved successfully.
C:\Program Files (x86)\SafeGuard => Moved successfully.
C:\Users\Owner\Documents\DreamVideoSoft => Moved successfully.
C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6} => Moved successfully.
"2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ ()" => File/Directory not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\Program Files (x86)\Windows Audio => Moved successfully.
C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF => Moved successfully.
C:\Windows\System32\Tasks\WKOEHUFYR => Moved successfully.
C:\ProgramData\688bac24d8294ddc9b97a10de5058423 => Moved successfully.
C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a => Moved successfully.
C:\Windows\Tasks\ZWQZ.job => Moved successfully.
C:\Windows\Tasks\ZA.job => Moved successfully.
"2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ ()" => File/Directory not found.
C:\Windows\System32\Tasks\ZWQZ => Moved successfully.
C:\Windows\System32\Tasks\ZA => Moved successfully.
C:\ProgramData\COMODO => Moved successfully.
C:\Program Files\COMODO => Moved successfully.
C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb} => Moved successfully.
C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF => Moved successfully.
"C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\ZWQZ => Moved successfully.
C:\Users\Owner\AppData\Roaming\ZA => Moved successfully.
C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs => Moved successfully.
"2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\ZA => No running process found
"C:\Users\Owner\AppData\Roaming\ZWQZ" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\compete.exe" => File/Directory not found.
C:\Users\Owner\AppData\Local\Temp\cw.exe => Moved successfully.
"C:\Users\Owner\AppData\Local\Temp\jue704A.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09AB2D60-3B00-42A3-AC54-9596B8E10819}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09AB2D60-3B00-42A3-AC54-9596B8E10819}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZWQZ not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZWQZ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0BC6313F-6A34-42CF-B16B-ACC0079BC448}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC6313F-6A34-42CF-B16B-ACC0079BC448}" => Key deleted successfully.
C:\Windows\System32\Tasks\WKOEHUFYR not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WKOEHUFYR" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{39B6F3B4-CBAA-4D82-BE5A-C0423476F883}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B6F3B4-CBAA-4D82-BE5A-C0423476F883}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => Key deleted successfully.
Task: => Error: No automatic fix found for this entry.
{3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] () => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{40F376BC-1A9F-4BA3-A36C-6C67AED25CC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40F376BC-1A9F-4BA3-A36C-6C67AED25CC0}" => Key deleted successfully.
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6A84266A-DE23-4EDF-9C55-D179A7924E4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A84266A-DE23-4EDF-9C55-D179A7924E4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\PZYCH not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PZYCH" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB0D178-4F28-47F6-9908-748F7CD612F2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB0D178-4F28-47F6-9908-748F7CD612F2}" => Key deleted successfully.
C:\Windows\System32\Tasks\CJAZUQFGX => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CJAZUQFGX" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0}" => Key deleted successfully.
C:\Windows\System32\Tasks\ZA not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF308ED2-8D13-461D-AA2E-13EE774F0688}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF308ED2-8D13-461D-AA2E-13EE774F0688}" => Key deleted successfully.
C:\Windows\System32\Tasks\Web Protector Plus => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Web Protector Plus" => Key deleted successfully.
Task: => Error: No automatic fix found for this entry.
{D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0 => Error: No automatic fix found for this entry.
C:\Windows\Tasks\ZA.job not found.
C:\Windows\Tasks\ZWQZ.job not found.
"C:\Program Files (x86)\WebProtectorPlus" => File/Directory not found.
C:\ProgramData\TEMP => ":AD022376" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog 22:35:50 ====

 

Performance update:

When I open firefox browser, I only had one pop as oppose to several repeated pop ups when I tried to go to a webpage.  It opens a new tab with an advertisement about installing some product.

Computer speed and response is not an issue.  I no longer seem to have ads popping up on my desktop.

In looking at my Control Panel, I still see programs installed that I did not authorize, like: Optimizer Pro, Infonaut, Games Desktop, Forward Desktop Background, Eppink, Icon Size and Pasta Leads.

 

Again, thank you for being patient and all your guidance.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 13 April 2015 - 09:59 PM

Sounds like we are making progress. There were a few problems running the fix. Please rerun FRST and make sure you check Addition.txt. Post both logs please.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 April 2015 - 07:00 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Owner at 2015-04-14 07:59:37 Run:3
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [AdobeBridge] =>
[X]
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\MountPoints2: {734fd57e-a9b6-11e3-908a-386077d61c6b} - E:\iLinker.exe
C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)
C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: HKLM-x32 - (No Name) - {c7ed5196-a23d-4add-94fc-96ce1e2f3207} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office
15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
Toolbar:
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
R2 fogezyny; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\jnshC71A.tmp [185856 2015-04-07] () [File not signed]
R2 xeluquze; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsy1147.tmp [290304 2015-04-09] () [File not signed]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
S4 LMIRfsClientNP; No ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
2015-04-08 17:17 - 2015-04-08 17:17 - 00003560 _____ () C:\Windows\System32\Tasks\PZYCH
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D ()
C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389
2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D () C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790
2015-04-08 12:12 - 2015-04-08 12:12 - 00555688 _____ () C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload
2015-04-08 12:05 - 2015-04-08 12:05 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload
2015-04-08 12:03 - 2015-04-08 12:03 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload
2015-04-08 12:02 - 2015-04-08 12:02 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload
2015-04-08 11:45 - 2015-04-08 11:45 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload
2015-04-08 11:05 - 2015-04-08 11:05 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload
2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co)
C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload
2015-04-08 10:16 - 2015-04-08 10:16 - 00555672 _____ () C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload
2015-04-08 10:13 - 2015-04-08 10:14 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload
2015-04-08 09:57 - 2015-04-08 09:57 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload
2015-04-08 09:21 - 2015-04-08 09:21 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload
2015-04-08 08:52 - 2015-04-08 08:52 - 00860496 _____ () C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload
2015-04-08 07:19 - 2015-04-08 07:19 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload
2015-04-08 07:11 - 2015-04-08 07:11 - 01102064 _____ (Installer Setup) C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload
2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic )
C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload
2015-04-08 05:46 - 2015-04-08 05:46 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload
2015-04-08 04:23 - 2015-04-08 04:23 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload
2015-04-08 03:54 - 2015-04-08 03:54 - 00823760 _____ (Internet ) C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload
2015-04-08 03:46 - 2015-04-08 03:46 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload
2015-04-08 03:43 - 2015-04-08 03:43 - 00827928 _____ (Generic ) C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload
2015-04-08 03:12 - 2015-04-08 03:12 - 00543032 _____ (BetOnSoft N.V.) C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload
2015-04-08 03:08 - 2015-04-08 03:08 - 00860936 _____ () C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload
2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ ()
C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload
2015-04-08 02:37 - 2015-04-08 02:37 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload
2015-04-08 02:36 - 2015-04-08 02:36 - 00373448 _____ () C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload
2015-04-08 02:15 - 2015-04-08 02:15 - 00555696 _____ () C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload
2015-04-08 01:51 - 2015-04-08 01:52 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload
2015-04-08 01:51 - 2015-04-08 01:51 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload
2015-04-08 01:23 - 2015-04-08 01:23 - 00837688 _____ () C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload
2015-04-08 00:41 - 2015-04-08 00:42 - 00895616 _____ (SlimWare Utilities, Inc.) C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload
2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ ()
C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload
2015-04-07 23:40 - 2015-04-07 23:40 - 00469544 _____ (Installer Technology Co) C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-04-07 21:47 - 2015-04-07 21:47 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-04-07 21:11 - 2015-04-07 21:14 - 00000000 ____D () C:\Users\Owner\AppData\Local\Ninja Loader
2015-04-07 21:11 - 2015-04-07 21:11 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader
2015-04-07 21:09 - 2015-04-07 21:20 - 00000000 ____D () C:\Program Files (x86)\SafeGuard
2015-04-07 21:05 - 2015-04-07 21:05 - 00000000 ____D () C:\Users\Owner\Documents\DreamVideoSoft
2015-04-07 21:04 - 2015-04-08 13:08 - 00000000 ____D () C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}
2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ ()
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a
2015-04-07 21:01 - 2015-04-09 22:14 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-07 21:01 - 2015-04-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Windows Audio
2015-04-07 20:59 - 2015-04-07 20:59 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF
2015-04-07 20:57 - 2015-04-08 12:09 - 00003560 _____ () C:\Windows\System32\Tasks\WKOEHUFYR
2015-04-07 20:57 - 2015-04-08 12:09 - 00000000 ____D () C:\ProgramData\688bac24d8294ddc9b97a10de5058423
2015-04-07 20:57 - 2015-04-07 20:57 - 00000000 ____D () C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a
2015-04-07 20:56 - 2015-04-09 22:07 - 00001334 _____ () C:\Windows\Tasks\ZWQZ.job
2015-04-07 20:56 - 2015-04-09 22:07 - 00001330 _____ () C:\Windows\Tasks\ZA.job
2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ ()
C:\Windows\System32\Tasks\ZWQZ
2015-04-07 20:56 - 2015-04-07 21:00 - 00004358 _____ () C:\Windows\System32\Tasks\ZA
2015-04-07 20:56 - 2015-04-07 20:56 - 00000000 ____D () C:\ProgramData\COMODO
2015-04-07 20:55 - 2015-04-07 20:55 - 00000000 ___DC () C:\Program Files\COMODO
2015-04-07 20:49 - 2015-04-07 20:49 - 00000000 ____D () C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}
2015-04-07 20:45 - 2015-04-07 20:51 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF
2015-04-07 20:44 - 2015-04-09 20:48 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF
2015-03-26 15:14 - 2015-03-26 15:14 - 00005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
2015-03-26 15:14 - 2015-03-26 15:14 - 00004185 _____ () C:\Users\Owner\AppData\Roaming\ZA
2012-08-26 19:14 - 2015-02-28 14:52 - 0000132 _____ () C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____
() C:\Users\Owner\AppData\Roaming\ZA
2015-03-26 15:14 - 2015-03-26 15:14 - 0005542 _____ () C:\Users\Owner\AppData\Roaming\ZWQZ
C:\Users\Owner\AppData\Local\Temp\compete.exe
C:\Users\Owner\AppData\Local\Temp\cw.exe
C:\Users\Owner\AppData\Local\Temp\jue704A.exe
C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
Task: {09AB2D60-3B00-42A3-AC54-9596B8E10819} - System32\Tasks\ZWQZ => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
Task: {0BC6313F-6A34-42CF-B16B-ACC0079BC448} - System32\Tasks\WKOEHUFYR => C:\ProgramData\688bac24d8294ddc9b97a10de5058423\688bac24d8294ddc9b97a10de5058423.exe [2015-04-02] ()
Task: {39B6F3B4-CBAA-4D82-BE5A-C0423476F883} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task:
{3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] ()
Task: {40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {6A84266A-DE23-4EDF-9C55-D179A7924E4E} - System32\Tasks\PZYCH => C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790\03dff548327b4f6eaa97fdee45bb8790.exe [2015-04-08] ()
Task: {9BB0D178-4F28-47F6-9908-748F7CD612F2} - System32\Tasks\CJAZUQFGX => C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a\3ff7d2bad2204a528b3e3c306225006a.exe [2015-04-11] ()
Task: {C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} - System32\Tasks\ZA => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: {CF308ED2-8D13-461D-AA2E-13EE774F0688} - System32\Tasks\Web Protector Plus => C:\Program Files (x86)\WebProtectorPlus\WebProtectorPlus.exe [2015-02-19] ()
Task:
{D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
Task: C:\Windows\Tasks\ZA.job => C:\Users\Owner\AppData\Roaming\ZA.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZWQZ.job => C:\Users\Owner\AppData\Roaming\ZWQZ.exe <==== ATTENTION
C:\Program Files (x86)\WebProtectorPlus
AlternateDataStreams: C:\ProgramData\TEMP:AD022376
hosts:
*****************

"C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF" => File/Directory not found.
[4816] C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager => Value not found.
"C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager" => File/Directory not found.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => Value not found.
[X] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{734fd57e-a9b6-11e3-908a-386077d61c6b} => Key not found.
HKCR\CLSID\{734fd57e-a9b6-11e3-908a-386077d61c6b} => Key not found.
"C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}\hqghumeaylnlf.exe (No File)" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hqghumeaylnlf.lnk" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{c7ed5196-a23d-4add-94fc-96ce1e2f3207} => Value not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key not found.
HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key not found.
15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation) => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found.
HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => Key not found.
HKCR\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => Key not found.
HKCR\Wow6432Node\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found.
HKCR\Wow6432Node\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF} => Key not found.
Toolbar: => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File => Error: No automatic fix found for this entry.
HKCR\Wow6432Node\PROTOCOLS\Handler\osf => Key not found.
HKCR\Wow6432Node\CLSID\{D924BDC6-C83A-4BD5-90D0-095128A113D1} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer => Key not found.
fogezyny => Service not found.
xeluquze => Service not found.
OutfoxTvService => Service not found.
LMIRfsClientNP => Service not found.
LMIInfo => Service not found.
"C:\Windows\System32\Tasks\PZYCH" => File/Directory not found.
"2015-04-08 17:17 - 2015-04-08 17:17 - 00000000 ____D ()" => File/Directory not found.
"C:\ProgramData\dad90bd9067c4d8c9d9ce6bf2a8c0389" => File/Directory not found.
"C:\ProgramData\03dff548327b4f6eaa97fdee45bb8790" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 20415.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 720537.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 81479.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 683788.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 520856.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 468449.crdownload" => File/Directory not found.
"2015-04-08 10:45 - 2015-04-08 10:45 - 00469544 _____ (Installer Technology Co)" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 255606.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 523114.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 429897.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 344803.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 666096.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 463658.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 623396.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 883764.crdownload" => File/Directory not found.
"2015-04-08 07:09 - 2015-04-08 07:10 - 00827928 _____ (Generic )" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 55737.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 494422.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 30091.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 989044.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 342881.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 260814.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 407379.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 751445.crdownload" => File/Directory not found.
"2015-04-08 02:38 - 2015-04-08 02:38 - 00373448 _____ ()" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 394907.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 917003.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 725535.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 15473.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 478526.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 764748.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 248993.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 294140.crdownload" => File/Directory not found.
"2015-04-08 00:28 - 2015-04-08 00:29 - 00555680 _____ ()" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 850500.crdownload" => File/Directory not found.
"C:\Users\Owner\Downloads\Unconfirmed 864655.crdownload" => File/Directory not found.
"C:\ProgramData\Windows VXM" => File/Directory not found.
"C:\Program Files (x86)\Windows Network Accelerater" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Ninja Loader" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ninja Loader" => File/Directory not found.
"C:\Program Files (x86)\SafeGuard" => File/Directory not found.
"C:\Users\Owner\Documents\DreamVideoSoft" => File/Directory not found.
"C:\ProgramData\{3d5b582d-a7d0-d622-3d5b-b582da7d60b6}" => File/Directory not found.
"2015-04-07 21:02 - 2015-04-07 21:02 - 00004306 _____ ()" => File/Directory not found.
"C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a" => File/Directory not found.
"C:\ProgramData\Optimizer" => File/Directory not found.
"C:\Program Files (x86)\Windows Audio" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\60CE3C2D-1428454785-E111-94AB-38607704F3BF" => File/Directory not found.
"C:\Windows\System32\Tasks\WKOEHUFYR" => File/Directory not found.
"C:\ProgramData\688bac24d8294ddc9b97a10de5058423" => File/Directory not found.
"C:\ProgramData\1999649cd3bb4900bdd7bb9feb49768a" => File/Directory not found.
"C:\Windows\Tasks\ZWQZ.job" => File/Directory not found.
"C:\Windows\Tasks\ZA.job" => File/Directory not found.
"2015-04-07 20:56 - 2015-04-07 21:00 - 00004362 _____ ()" => File/Directory not found.
"C:\Windows\System32\Tasks\ZWQZ" => File/Directory not found.
"C:\Windows\System32\Tasks\ZA" => File/Directory not found.
"C:\ProgramData\COMODO" => File/Directory not found.
"C:\Program Files\COMODO" => File/Directory not found.
"C:\ProgramData\{3dc36c7e-f881-8087-3dc3-36c7ef88b1fb}" => File/Directory not found.
"C:\Users\Owner\AppData\Local\60CE3C2D-1428439549-E111-94AB-38607704F3BF" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\ZWQZ" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\ZA" => File/Directory not found.
"C:\Users\Owner\AppData\Roaming\Adobe PNG Format CS5 Prefs" => File/Directory not found.
"2015-03-26 15:14 - 2015-03-26 15:14 - 0004185 _____" => File/Directory not found.
C:\Users\Owner\AppData\Roaming\ZA => No running process found
"C:\Users\Owner\AppData\Roaming\ZWQZ" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\compete.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\cw.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\jue704A.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\OnlineBackup.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\Setup_0286.exe" => File/Directory not found.
"C:\Users\Owner\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09AB2D60-3B00-42A3-AC54-9596B8E10819} => Key not found.
C:\Windows\System32\Tasks\ZWQZ not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZWQZ => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BC6313F-6A34-42CF-B16B-ACC0079BC448} => Key not found.
C:\Windows\System32\Tasks\WKOEHUFYR not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WKOEHUFYR => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{39B6F3B4-CBAA-4D82-BE5A-C0423476F883} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates => Key not found.
Task: => Error: No automatic fix found for this entry.
{3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] () => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40F376BC-1A9F-4BA3-A36C-6C67AED25CC0} => Key not found.
C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6A84266A-DE23-4EDF-9C55-D179A7924E4E} => Key not found.
C:\Windows\System32\Tasks\PZYCH not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PZYCH => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB0D178-4F28-47F6-9908-748F7CD612F2} => Key not found.
C:\Windows\System32\Tasks\CJAZUQFGX not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CJAZUQFGX => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5B1A2B5-CB5A-49B0-B06C-435AEF376BC0} => Key not found.
C:\Windows\System32\Tasks\ZA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ZA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF308ED2-8D13-461D-AA2E-13EE774F0688} => Key not found.
C:\Windows\System32\Tasks\Web Protector Plus not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Web Protector Plus => Key not found.
Task: => Error: No automatic fix found for this entry.
{D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0 => Error: No automatic fix found for this entry.
C:\Windows\Tasks\ZA.job not found.
C:\Windows\Tasks\ZWQZ.job not found.
"C:\Program Files (x86)\WebProtectorPlus" => File/Directory not found.
"C:\ProgramData\TEMP" => ":AD022376" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog 07:59:39 ====



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 14 April 2015 - 01:40 PM

My apologies, I was not as clear as I could have been. I would like you to run a FRST scan like we did in Post #2. Make sure Addition.txt is checked before you scan your computer.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 April 2015 - 02:19 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-04-2015
Ran by Owner (administrator) on BCMOFFICE on 14-04-2015 15:09:52
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Code 42 Software) C:\Program Files (x86)\CrashPlan\CrashPlanService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe
() C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Code 42 Software, Inc.) C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Akamai Technologies, Inc.) C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp
() C:\Users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF\bnso9713.exe
() C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp
() C:\Users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp
() C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\ansaC9C7.exe
(Gambali OEM Software) C:\ProgramData\FlashBeat\Gambali.exe
() C:\ProgramData\FlashBeat\FlashBeat.exe
() C:\Program Files (x86)\gmsd_us_443\gmsd_us_443.exe
() C:\Users\Owner\AppData\Local\gmsd_us_443\upgmsd_us_443.exe
() C:\Users\Owner\AppData\Roaming\60CE3C2D-1428439458-E111-94AB-38607704F3BF\nsj1DF6.tmp
(PastaLeads) C:\Program Files\Common Files\PastaLeads\PastaLeads Client\pastaleadss.exe
() C:\Program Files (x86)\OLBPre\OLBPre.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11548264 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinCheck] => C:\Users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF\bnso9713.exe [283648 2015-04-13] ()
HKLM-x32\...\RunOnce: [Update] => C:\Users\Owner\AppData\Roaming\Eppink\Eppink.exe [302869 2015-04-13] ( )
HKLM-x32\...\RunOnce: [upgmsd_us_443.exe] => C:\Users\Owner\AppData\Local\gmsd_us_443\upgmsd_us_443.exe [3308488 2015-04-13] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [NinjaLoader] => "C:\Program Files (x86)\Ninja Loader\Ninja Loader.exe" --startup
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [148008 2015-04-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\OLBPre\OLBPre.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: HKLM-x32 - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {16F67783-7E72-4C39-99C4-4780A8335484} http://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-15] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2013-02-05] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-03-26] (Nitro PDF)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-30] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4271207691-2682249754-1176388757-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-19] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-19] (Apple Inc.)
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: EazyZoom - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\fe@muohvog.com [2015-04-07]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ga2781yf.default\Extensions\59D317DB041748fdB89B47E6F96058F3@defext.xpi [2015-04-13]
FF Extension: 20-20 3D Viewer - WEB - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\2020Player_WEB@2020Technologies.com [2012-12-05]
FF Extension: CinemaPlus-3.3cV07.04 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\d4db60df25f14dae9dd18@185c395f9e794c9ab86be3eb.com [2015-04-07]
FF Extension: NetVideoHunter - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\netvideohunter@netvideohunter.com [2015-04-13]
FF Extension: Add to Amazon Wish List Button - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\Extensions\amznUWL2@amazon.com.xpi [2012-12-10]
FF HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Firefox\Extensions: [ninjaloader@mail.com] - C:\Program Files (x86)\Ninja Loader\FireFox

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjjahobnmbbohjdpfffcpohenbjbcccd [2013-04-04]
CHR HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cmlhbjpgeogifjnmlajdaealbdlfonah] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kfecnpmgnlnbmipaogfhoacoioifjgko] - http://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 5d9df4c6; c:\Program Files (x86)\Optimizer Pro 3.79\OptProMon.dll [2313768 2015-04-13] ()
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 CrashPlanService; C:\Program Files (x86)\CrashPlan\CrashPlanService.exe [156440 2014-11-20] (Code 42 Software)
R2 gofiwudy; C:\Users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp [120832 2015-04-13] () [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 moruxefo; C:\Users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp [189952 2015-04-13] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
R2 vujofilo; C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp [121344 2015-04-13] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2014-01-13] (Wacom Technology, Corp.)
R2 WinAudioSrv_R1; C:\Program Files (x86)\Windows Audio\R1\AudioSrv.exe [X]
R2 WindowsVNT_R5; C:\Program Files (x86)\Windows Network Accelerater\v5\winvxm.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [352008 2012-11-10] (EldoS Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 15:09 - 2015-04-14 15:10 - 00019346 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-04-14 09:00 - 2015-04-14 09:00 - 00000000 ____D () C:\ProgramData\Optimizer
2015-04-13 22:54 - 2015-04-13 22:54 - 00001867 _____ () C:\Users\Owner\Desktop\MyPC Backup.lnk
2015-04-13 22:54 - 2015-04-13 22:54 - 00000000 ____D () C:\Program Files (x86)\OLBPre
2015-04-13 22:51 - 2015-04-13 22:51 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-04-13 22:41 - 2015-04-13 22:41 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-04-13 20:24 - 2015-04-13 23:28 - 00000000 ____C () C:\END
2015-04-13 20:18 - 2015-04-14 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Local\gmsd_us_443
2015-04-13 20:18 - 2015-04-13 22:48 - 00000000 ____D () C:\Program Files (x86)\gmsd_us_443
2015-04-13 19:54 - 2015-04-13 19:54 - 00003560 _____ () C:\Windows\System32\Tasks\CMBNIUK
2015-04-13 19:54 - 2015-04-13 19:54 - 00000000 ____D () C:\ProgramData\a040bb4567e84331a76e603c9625e3a4
2015-04-13 19:54 - 2015-03-31 15:18 - 00408424 ____N (Gambali OEM Software) C:\Windows\system32\Gambali64.dll
2015-04-13 19:54 - 2015-03-31 15:18 - 00340944 ____N (Gambali OEM Software) C:\Windows\SysWOW64\Gambali.dll
2015-04-13 19:52 - 2015-04-13 22:48 - 00000000 ____D () C:\ProgramData\FlashBeat
2015-04-13 19:52 - 2015-04-13 19:52 - 00000000 ____D () C:\ProgramData\8e5233129da0415fbe27bfb648f69f2c
2015-04-13 19:45 - 2015-04-13 22:48 - 00000000 ____D () C:\ProgramData\{8df39f9f-f999-bdcb-8df3-39f9ff997e7f}
2015-04-13 19:45 - 2015-04-13 19:45 - 00003256 _____ () C:\Windows\System32\Tasks\Optimizer Pro Schedule
2015-04-13 19:45 - 2015-04-13 19:45 - 00001103 _____ () C:\Users\Owner\Desktop\Optimizer Pro.lnk
2015-04-13 19:45 - 2015-04-13 19:45 - 00000000 ____D () C:\Users\Owner\Documents\Optimizer Pro
2015-04-13 19:45 - 2015-04-13 19:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Optimizer Pro
2015-04-13 19:45 - 2015-04-13 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-13 19:45 - 2015-04-13 19:45 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 3.79
2015-04-13 19:44 - 2015-04-13 22:48 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF
2015-04-13 19:43 - 2015-04-13 19:43 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF
2015-04-13 19:41 - 2015-04-13 19:41 - 00000000 ____D () C:\Users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF
2015-04-13 19:40 - 2015-04-13 19:41 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF
2015-04-13 19:40 - 2015-04-13 19:40 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Eppink
2015-04-13 19:39 - 2015-04-13 22:49 - 00000000 ____D () C:\Program Files (x86)\Infonaut_1.10.0.14
2015-04-13 19:18 - 2015-04-13 19:18 - 00001353 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-04-13 19:18 - 2015-04-13 19:18 - 00000000 ____D () C:\Users\Owner\Desktop\FRST-OlderVersion
2015-04-13 19:15 - 2015-04-13 11:58 - 02687136 _____ (Thisisu) C:\Users\Owner\Desktop\JRT_NEW.exe
2015-04-13 18:18 - 2015-04-13 18:18 - 00063182 _____ () C:\Users\Owner\Documents\cc_20150413_181802-4-13.reg
2015-04-11 22:38 - 2015-04-11 22:38 - 00000000 ____D () C:\ProgramData\8e4bc38d4f574f909eeed50de05d990f
2015-04-11 22:38 - 2015-04-11 22:38 - 00000000 ____D () C:\ProgramData\3ff7d2bad2204a528b3e3c306225006a
2015-04-11 16:42 - 2015-04-11 16:41 - 00468480 _____ () C:\Users\Owner\Desktop\CKScanner.exe
2015-04-11 15:09 - 2015-04-11 15:09 - 00003194 _____ () C:\Windows\System32\Tasks\Web Protector Plus Server
2015-04-11 11:30 - 2015-04-11 15:30 - 00000000 ____D () C:\ProgramData\T122078ED
2015-04-09 23:17 - 2015-04-13 19:29 - 00000000 ____D () C:\ProgramData\{43a2cfbe-15dc-eff2-43a2-2cfbe15d3ef8}
2015-04-09 22:21 - 2015-04-09 22:28 - 00000000 ____D () C:\Users\Owner\Documents\Log Files
2015-04-09 22:03 - 2015-04-13 19:10 - 00000000 ___DC () C:\AdwCleaner
2015-04-09 22:03 - 2015-04-09 22:03 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BCMOFFICE-Windows-7-Home-Premium-(64-bit).dat
2015-04-09 22:03 - 2015-04-09 22:03 - 00000000 ___DC () C:\RegBackup
2015-04-09 22:02 - 2015-04-09 21:56 - 02686959 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-04-09 22:02 - 2015-04-09 21:56 - 02217984 _____ () C:\Users\Owner\Desktop\adwcleaner_4.201.exe
2015-04-09 20:21 - 2015-04-09 20:21 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Compete
2015-04-09 18:41 - 2015-04-14 15:09 - 00000000 ___DC () C:\FRST
2015-04-09 18:41 - 2015-04-13 19:18 - 02096640 ____C (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-04-09 18:01 - 2015-04-09 18:00 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2015-04-09 01:52 - 2015-04-09 01:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-08 15:09 - 2015-04-13 22:54 - 00003986 _____ () C:\Windows\System32\Tasks\LaunchPreSignup
2015-04-08 14:33 - 2015-04-08 14:33 - 00000000 ____D () C:\Users\Owner\.cache
2015-04-08 13:15 - 2015-04-13 19:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-08 13:15 - 2015-04-08 13:15 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-07 21:27 - 2015-04-07 21:27 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2015-04-07 19:23 - 2015-04-07 19:23 - 00006656 _____ () C:\Users\Owner\Documents\cc_20150407_192259.reg
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\ProgramData\CrashPlan
2015-04-05 10:28 - 2015-04-05 10:28 - 00000000 ____D () C:\Program Files (x86)\CrashPlan
2015-04-05 10:27 - 2015-04-05 10:27 - 47207976 _____ (Code 42 Software) C:\Users\Owner\Downloads\CrashPlan_3.7.0_Win.exe
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-05 03:00 - 2015-04-05 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 11:01 - 2015-04-09 17:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-14 14:56 - 2011-06-24 16:47 - 00000940 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job
2015-04-14 14:54 - 2014-10-27 03:31 - 01859475 _____ () C:\Windows\WindowsUpdate.log
2015-04-14 14:42 - 2012-06-13 20:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 22:42 - 2014-11-13 23:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 22:36 - 2009-07-14 01:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 22:35 - 2014-08-15 23:14 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-04-13 22:32 - 2013-12-16 01:07 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
2015-04-13 19:39 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 19:39 - 2009-07-14 00:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 19:30 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 19:29 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PLA
2015-04-13 19:20 - 2012-07-17 10:24 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Nitro PDF
2015-04-13 18:18 - 2011-06-24 16:40 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-13 18:15 - 2011-06-24 16:40 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-13 18:12 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-04-13 18:11 - 2012-03-26 20:52 - 00000000 ____D () C:\Program Files\Adobe
2015-04-13 15:56 - 2011-06-24 16:47 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job
2015-04-13 02:00 - 2014-09-01 12:01 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-04-11 11:38 - 2014-07-22 20:29 - 00001953 _____ () C:\Users\Public\Desktop\Sonos.lnk
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\Users\Owner\AppData\Local\Downloaded Installations
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Sonos,_Inc
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2015-04-11 11:38 - 2014-07-22 20:29 - 00000000 ____D () C:\Program Files (x86)\Sonos
2015-04-10 21:48 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-09 22:07 - 2012-04-29 09:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-09 19:16 - 2014-04-15 22:11 - 00104448 ___SH () C:\Users\Owner\Documents\Thumbs.db
2015-04-08 14:33 - 2012-03-26 15:24 - 00000000 ____D () C:\Users\Owner
2015-04-08 13:10 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-04-07 22:23 - 2012-03-26 20:40 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-07 21:38 - 2011-06-24 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-07 21:36 - 2012-03-26 21:39 - 00000000 ____D () C:\Program Files (x86)\DVDFab 8 Qt
2015-04-07 21:35 - 2013-05-15 20:51 - 00000000 ____D () C:\Program Files (x86)\NCH Software
2015-04-07 20:42 - 2013-12-31 19:57 - 00000000 ____D () C:\ProgramData\Canon
2015-04-07 20:42 - 2013-12-31 19:53 - 00000000 ____D () C:\Program Files\Canon
2015-04-07 19:33 - 2012-05-19 23:43 - 00000000 ____D () C:\Users\Owner\.ProMPIX
2015-04-07 19:19 - 2013-10-21 22:33 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Media Player Classic
2015-04-02 18:45 - 2015-02-19 20:40 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-02 18:45 - 2015-02-19 20:40 - 00000959 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-20 06:52 - 2014-08-15 23:11 - 00000000 ___DC () C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2014-12-30 19:25 - 2015-01-11 13:25 - 0099384 _____ () C:\Users\Owner\AppData\Roaming\inst.exe
2014-12-30 19:25 - 2015-01-11 13:25 - 0007859 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.cat
2014-12-30 19:25 - 2015-01-11 13:25 - 0001167 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.inf
2014-12-30 19:25 - 2015-01-11 13:25 - 0000055 _____ () C:\Users\Owner\AppData\Roaming\pcouffin.log
2014-12-30 19:25 - 2015-01-11 13:25 - 0082816 _____ (VSO Software) C:\Users\Owner\AppData\Roaming\pcouffin.sys
2015-02-28 13:54 - 2015-03-04 04:17 - 0006144 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-03-27 10:07 - 2012-03-27 10:07 - 0003178 _____ () C:\Users\Owner\AppData\Local\HWVendorDetection.log
2012-03-26 21:02 - 2012-03-26 21:07 - 0000834 _____ () C:\ProgramData\hpzinstall.log

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\jue7944.exe
C:\Users\Owner\AppData\Local\Temp\jueB1F0.exe
C:\Users\Owner\AppData\Local\Temp\optprosetup.exe
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 00:11

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-04-2015
Ran by Owner at 2015-04-14 15:10:15
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
7-Zip 9.21 (HKLM-x32\...\{23170F69-40C1-2701-0921-000001000000}) (Version: 9.21.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.3 64-bit (HKLM\...\{D759947B-8C5A-4480-B0DB-FC391F061C85}) (Version: 4.3.1 - Adobe)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)
Advanced Scan to PDF Free 3.5.1 (HKLM-x32\...\Advanced Scan to PDF Free_is1) (Version:  - PDFChief Co., Ltd.)
AIO_Scan (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Akamai NetSession Interface (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\Akamai) (Version:  - Akamai Technologies, Inc)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 6 FREE v.6.80 (HKLM-x32\...\Ashampoo Burning Studio 6 FREE_is1) (Version: 6.8.0 - ashampoo GmbH & Co. KG)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
C7200 (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon MF Toolbox 4.9.1.1.mf14 (HKLM-x32\...\{6767DFEE-8909-453A-B553-C7693912B2EB}) (Version: 4.9.1.1.mf14 - CANON INC.)
Canon MF4700 Series (HKLM\...\{47A8DB42-4E21-4d55-9931-D4F44CC3F03B}) (Version: 4.1.0.1 - CANON INC.)
Cards_Calendar_OrderGift_DoMorePlugout (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{F42B8C14-63E5-4F8D-B848-12F010593AB8}) (Version: 28.7.0.15458 - Cisco WebEx LLC)
Consumer Input Update Helper (x32 Version: 1.3.25.307 - Compete Inc.) Hidden <==== ATTENTION
Copy (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Core FTP LE (HKLM-x32\...\CoreFTP) (Version:  - )
CrashPlan (HKLM-x32\...\{F5DF8435-7822-4D0C-88A9-604EC76D0B06}) (Version: 3.7.0 - Code 42 Software)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 100.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Eppink (HKLM-x32\...\Eppink) (Version: 1.0.0.0 - Eppink)
eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
Forward Desktop Background (HKLM-x32\...\SoftwareUpdater) (Version: 1.0.0.0 - Forward Desktop Background)
GPBaseService (x32 Version: 100.0.187.000 - Hewlett-Packard) Hidden
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Photosmart All-In-One Driver Software 10.0 Rel .2 (HKLM\...\{20B30DC1-E423-4939-B51D-05C58B0F9BBB}) (Version: 10.0 - HP)
HP Photosmart Essential 2.5 (HKLM\...\HP Photosmart Essential) (Version: 2.5 - HP)
HP Solution Center 10.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 10.0 - HP)
HP Update (HKLM-x32\...\{11B83AD3-7A46-4C2E-A568-9505981D4C6F}) (Version: 4.000.007.003 - Hewlett-Packard)
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
HPPhotoSmartPhotobookWebPack1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Icon Size (HKLM-x32\...\wincheck) (Version: 1.0.0.0 - Icon Size)
ImageMagick 6.8.8-0 Q16 (32-bit) (2014-01-01) (HKLM-x32\...\ImageMagick 6.8.8 Q16 (32-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
ImageMagick 6.8.8-1 Q16 (64-bit) (2014-01-01) (HKLM\...\ImageMagick 6.8.8 Q16 (64-bit)_is1) (Version: 6.8.8 - ImageMagick Studio LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.5.2.0 (HKLM\...\PROSetDX) (Version: 16.5.2.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.670 - Oracle)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Memorex exPressit Label Design Studio (HKLM-x32\...\MVApplication1) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
mpixpro ROES (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\mpixpro ROES) (Version:  - mpix)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Photo Creations (Mpix Press Edition) (HKLM-x32\...\{A33D675A-2833-45AF-855F-214FC549B944}) (Version: 7.8.4005 - Digilabs)
MyPC Backup  (HKLM-x32\...\OLBPre) (Version:  - MyPC Backup) <==== ATTENTION
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.3.1.7 - PCUtilities Software Limited) <==== ATTENTION
Oxelon Media Converter 1.1 (HKLM-x32\...\Oxelon Media Converter_is1) (Version:  - Oxelon)
PanoStandAlone (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Paragon Alignment Tool™ 3.0 (HKLM-x32\...\{4D83E500-4D0C-11DF-A750-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PhotoRescue Wizard PC 3.3.2.13314 (HKLM-x32\...\PhotoRescue Wizard PC_is1) (Version:  - DataRescue sa/nv)
PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.3.0 - Prolific Technology INC)
Presto! PageManager 7.15.38 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.38 - NewSoft Technology Corporation)
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
PS_AIO_02_ProductContext (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
PSSWCORE (x32 Version: 2.02.0000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6236 - Realtek Semiconductor Corp.)
RedSn0w Packages (HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\...\RedSn0w Packages) (Version:  - ) <==== ATTENTION
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.27.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.27.0 - Renesas Electronics Corporation) Hidden
Riva FLV Encoder 2.0 (HKLM-x32\...\Riva FLV Encoder 2.0_is1) (Version: 2.00.0005 - Rothenberger & Partner)
Scan (x32 Version: 10.1.0.0 - Hewlett-Packard) Hidden
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
SolutionCenter (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 28.1.86200 - Sonos, Inc.)
Status (x32 Version: 100.0.175.000 - Hewlett-Packard) Hidden
Sub-heading Line (HKLM-x32\...\ConvertAd) (Version: 1.0.0.0 - Sub-heading Line) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
Toolbox (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 10.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VideoToolkit01 (x32 Version: 100.0.128.000 - Hewlett-Packard) Hidden
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
VPS ROES (HKLM-x32\...\{7B990B7E-4B5B-47AA-8017-E490F5D48B36}) (Version: 2.1.0 - SoftWorks Systems, Inc.)
VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.0.0.74 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.3-3 - Wacom Technology Corp.)
WD SES Driver Setup (x32 Version: 1.0.3.3 - Western Digital) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
WinX DVD Ripper 5.6.0 (HKLM-x32\...\WinX DVD Ripper_is1) (Version:  - Digiarty Software, Inc.)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

13-04-2015 18:18:26 Removed Adobe Community Help

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-04-14 07:59 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {057B8B8A-04CE-4DC4-94A8-90CD87D1D1CA} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {15698443-61A5-4593-98BF-5279922F7541} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe [2015-04-13] ()
Task: {18975B83-258B-4E8B-9C04-D889343672F3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {37D255EC-97A7-4680-9CA8-9AE04DC80FAA} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe
Task: {41EC191B-44F7-4D73-A733-E1EF0D51221A} - System32\Tasks\CMBNIUK => C:\ProgramData\a040bb4567e84331a76e603c9625e3a4\a040bb4567e84331a76e603c9625e3a4.exe [2015-04-13] ()
Task: {4778F49E-1D7E-4BCF-B83E-AADB273995A6} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {676E8370-39E8-4779-BFA5-33087EBF2D46} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro 3.79\OptProLauncher.exe [2015-04-08] () <==== ATTENTION
Task: {756ECE48-998F-4362-83A9-449C3F90A888} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {7E3AC824-CFF8-4FCA-A47B-5400563A240E} - System32\Tasks\{3B8739B0-2F92-4F37-8C74-670750C2740D} => pcalua.exe -a C:\Users\Owner\Desktop\oxelonplugins.exe -d C:\Users\Owner\Desktop
Task: {80262CC3-070F-4C8E-AA6E-994D9B8C478E} - System32\Tasks\{F93ACB3E-2519-405A-A9A6-6560CBC1D416} => pcalua.exe -a C:\Users\Owner\Downloads\setup.exe -d C:\Users\Owner\Downloads
Task: {8248372F-089A-446B-B25C-749B8DFCEE99} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {91944BE9-F7F2-453C-8AB6-62633D165C93} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {AB7FCA9E-AFFB-43EF-B8E0-E49CC7F54D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {B7BF62C9-8654-47EA-9B83-1016F2ACC3D5} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500Core.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4271207691-2682249754-1176388757-500UA.job => C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2012-07-17 10:21 - 2011-02-28 18:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2015-03-20 06:51 - 2015-01-27 11:29 - 08898720 ____C () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-26 20:59 - 2014-01-13 12:24 - 01356568 ____C () C:\Program Files\Tablet\Pen\libxml2.dll
2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-31 19:56 - 2006-09-20 09:35 - 00020480 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
2013-12-31 19:56 - 2006-10-30 17:59 - 00024576 _____ () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
2015-04-13 19:41 - 2015-04-13 19:41 - 00189952 _____ () C:\Users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp
2015-04-13 15:52 - 2015-04-13 15:52 - 00283648 _____ () C:\Users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF\bnso9713.exe
2015-04-13 19:43 - 2015-04-13 19:43 - 00121344 _____ () C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp
2015-04-13 19:44 - 2015-04-13 19:44 - 00120832 _____ () C:\Users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp
2015-04-13 14:47 - 2015-04-13 14:47 - 01966592 _____ () C:\Users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\ansaC9C7.exe
2015-04-13 19:54 - 2015-04-13 20:54 - 00330752 _____ () C:\ProgramData\FlashBeat\FlashBeat.exe
2015-04-13 20:18 - 2015-04-13 15:29 - 03982792 _____ () C:\Program Files (x86)\gmsd_us_443\gmsd_us_443.exe
2015-04-13 20:18 - 2015-04-13 15:29 - 03308488 _____ () C:\Users\Owner\AppData\Local\gmsd_us_443\upgmsd_us_443.exe
2015-04-13 19:57 - 2015-04-13 19:57 - 01283072 _____ () C:\Program Files (x86)\OLBPre\OLBPre.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-20 12:12 - 2014-11-20 12:12 - 00013312 _____ () C:\Program Files (x86)\CrashPlan\md5.dll
2014-11-20 12:14 - 2014-11-20 12:14 - 00200472 _____ () C:\Program Files (x86)\CrashPlan\cpnative.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Gambali => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-4271207691-2682249754-1176388757-500 - Administrator - Disabled)
Guest (S-1-5-21-4271207691-2682249754-1176388757-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-4271207691-2682249754-1176388757-1003 - Limited - Enabled)
Owner (S-1-5-21-4271207691-2682249754-1176388757-1001 - Administrator - Enabled) => C:\Users\Owner
Sonos (S-1-5-21-4271207691-2682249754-1176388757-1005 - Administrator - Enabled)

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/13/2015 07:32:38 PM) (Source: WTabletServiceCon) (EventID: 1) (User: )
Description: Prefs: Failed to get user path

Error: (04/13/2015 07:32:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Pen_Tablet.exe, version: 5.3.3.3, time stamp: 0x52d4123e
Faulting module name: Pen_Tablet.exe, version: 5.3.3.3, time stamp: 0x52d4123e
Exception code: 0xc0000005
Fault offset: 0x000000000019b9f3
Faulting process id: 0xa2c
Faulting application start time: 0xPen_Tablet.exe0
Faulting application path: Pen_Tablet.exe1
Faulting module path: Pen_Tablet.exe2
Report Id: Pen_Tablet.exe3

Error: (04/13/2015 07:31:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/14/2015 07:59:38 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/14/2015 07:56:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/13/2015 10:35:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The OptimizerPro Monitoring service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/13/2015 10:35:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/13/2015 07:32:32 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user BCMOFFICE\Owner (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (04/13/2015 07:32:27 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (04/13/2015 07:30:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (04/13/2015 07:30:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 25%
Total physical RAM: 8091.41 MB
Available physical RAM: 5993.39 MB
Total Pagefile: 16181.02 MB
Available Pagefile: 13948.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:109.94 GB) (Free:4.52 GB) NTFS
Drive f: (Data) (Fixed) (Total:465.76 GB) (Free:446.3 GB) NTFS
Drive i: (FreeAgent Drive) (Fixed) (Total:465.76 GB) (Free:93.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 84AFD1A8)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: E4FCA7A1)
Partition 1: (Active) - (Size=1.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=109.9 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 465.8 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Performance update:

 

The desktop pop ups are back. Including one called "Anywhereaccess Setup Wizard" that does not give me the option to close, only install and click next.  I'm also receiving what I think are false message about updating my Flash player and such.

 

Thank you

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:06 AM

Posted 14 April 2015 - 03:54 PM

Thank you. Please take a screen shot of the Anywhere Access popup and attach it to your reply. In addition, complete these steps for me.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode Using Attached File

--------------------
  • Please download and save it in the same location as FRST.exe (example, Desktop, USB device) <<< Important
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Combofix log
  • Attached screen shot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Tericab

Tericab
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:06 AM

Posted 14 April 2015 - 06:58 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-04-2015
Ran by Owner at 2015-04-14 17:15:29 Run:4
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available profiles: Owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4271207691-2682249754-1176388757-1001 -> No Name - {C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} -  No File
Task: {3D0160A5-31F6-4F0B-9E52-13904B5B309F} - System32\Tasks\Web Protector Plus Server => C:\Program Files (x86)\WebProtectorPlus\server64\WebProtectorPlusServer.exe [2015-02-24] ()
Task: {D100CB77-95AC-40D6-A7A6-575940E3D33C} - System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Wscript.exe //B "C:\ProgramData\PastaLeadsAgent\startprocess.js" pastaleadss.exe /invoke /f:check_services /l:0
















































*****************

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key not found.
HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} => Key not found.
HKU\S-1-5-21-4271207691-2682249754-1176388757-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} => value deleted successfully.
HKCR\CLSID\{C7ED5196-A23D-4ADD-94FC-96CE1E2F3207} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3D0160A5-31F6-4F0B-9E52-13904B5B309F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D0160A5-31F6-4F0B-9E52-13904B5B309F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Web Protector Plus Server => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Web Protector Plus Server" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D100CB77-95AC-40D6-A7A6-575940E3D33C} => Key not found.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__3831323633313236352d554a374134342d2a326c5b5a => Key not found.

==== End of Fixlog 17:15:29 ====

 

ComboFix 15-04-14.01 - Owner 04/14/2015  17:21:10.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8091.5760 [GMT -4:00]
Running from: c:\users\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\3ff7d2bad2204a528b3e3c306225006a
c:\programdata\3ff7d2bad2204a528b3e3c306225006a\3ff7d2bad2204a528b3e3c306225006a.exe
c:\programdata\a040bb4567e84331a76e603c9625e3a4
c:\programdata\a040bb4567e84331a76e603c9625e3a4\a040bb4567e84331a76e603c9625e3a4.exe
c:\users\Owner\AppData\Roaming\Eppink
c:\users\Owner\AppData\Roaming\Eppink\Eppink.exe
c:\users\Owner\AppData\Roaming\Eppink\Uninstall.exe
c:\users\Owner\AppData\Roaming\inst.exe
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
c:\windows\TEMP\jna8004055662010253882.dll
I:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2015-03-14 to 2015-04-14  )))))))))))))))))))))))))))))))
.
.
2015-04-14 21:24 . 2015-04-14 21:24    --------    d-----w-    c:\users\Default\AppData\Local\temp
2015-04-14 21:14 . 2015-04-14 21:14    --------    d-----w-    c:\programdata\Windows VXM
2015-04-14 13:00 . 2015-04-14 13:00    --------    d-----w-    c:\programdata\Optimizer
2015-04-14 02:54 . 2015-04-14 02:54    --------    d-----w-    c:\program files (x86)\OLBPre
2015-04-13 23:52 . 2015-04-13 23:52    --------    d-----w-    c:\programdata\8e5233129da0415fbe27bfb648f69f2c
2015-04-13 23:45 . 2015-04-13 23:45    --------    d-----w-    c:\users\Owner\AppData\Roaming\Optimizer Pro
2015-04-13 23:45 . 2015-04-13 23:45    --------    d-----w-    c:\program files (x86)\Optimizer Pro 3.79
2015-04-13 23:45 . 2015-04-14 02:48    --------    d-----w-    c:\programdata\{8df39f9f-f999-bdcb-8df3-39f9ff997e7f}
2015-04-13 23:44 . 2015-04-14 02:48    --------    d-----w-    c:\users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF
2015-04-13 23:43 . 2015-04-13 23:43    --------    d-----w-    c:\users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF
2015-04-13 23:41 . 2015-04-13 23:41    --------    d-----w-    c:\users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF
2015-04-13 23:40 . 2015-04-13 23:41    --------    d-----w-    c:\users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF
2015-04-13 02:18 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B01FA53D-4917-4707-8E0D-60BE5B55FF4C}\mpengine.dll
2015-04-12 02:38 . 2015-04-12 02:38    --------    d-----w-    c:\programdata\8e4bc38d4f574f909eeed50de05d990f
2015-04-12 02:21 . 2015-03-14 10:02    12002392    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-04-11 15:30 . 2015-04-11 19:30    --------    d-----w-    c:\programdata\T122078ED
2015-04-10 03:17 . 2015-04-13 23:29    --------    d-----w-    c:\programdata\{43a2cfbe-15dc-eff2-43a2-2cfbe15d3ef8}
2015-04-10 02:03 . 2015-04-10 02:03    --------    dc----w-    C:\RegBackup
2015-04-10 02:03 . 2015-04-13 23:10    --------    dc----w-    C:\AdwCleaner
2015-04-10 00:21 . 2015-04-10 00:21    --------    d-----w-    c:\users\Owner\AppData\Roaming\Compete
2015-04-09 22:41 . 2015-04-14 21:15    --------    dc----w-    C:\FRST
2015-04-08 18:33 . 2015-04-08 18:33    --------    d-----w-    c:\users\Owner\.cache
2015-04-08 01:27 . 2015-04-08 01:27    --------    d-sh--w-    c:\users\Owner\AppData\Local\EmieBrowserModeList
2015-04-05 14:28 . 2015-04-05 14:28    --------    d-----w-    c:\users\Owner\AppData\Roaming\CrashPlan
2015-04-05 14:28 . 2015-04-05 14:28    --------    d-----w-    c:\programdata\CrashPlan
2015-04-05 14:28 . 2015-04-05 14:28    --------    d-----w-    c:\program files (x86)\CrashPlan
2015-04-05 07:00 . 2015-04-05 07:00    --------    d-s---w-    c:\windows\system32\GWX
2015-04-05 07:00 . 2015-04-05 07:00    --------    d-s---w-    c:\windows\SysWow64\GWX
2015-03-31 15:48 . 2015-03-26 15:51    1187344    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AAF7F91-19C8-4212-8156-B59F53627CC3}\gapaengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-14 02:42 . 2014-11-14 03:40    129752    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-26 15:51 . 2012-06-13 07:33    1187344    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-03-12 07:01 . 2011-06-24 20:08    122905848    ----a-w-    c:\windows\system32\MRT.exe
2015-03-06 05:56 . 2015-03-11 10:37    95680    ----a-w-    c:\windows\system32\drivers\ksecdd.sys
2015-03-06 05:56 . 2015-03-11 10:37    155576    ----a-w-    c:\windows\system32\drivers\ksecpkg.sys
2015-03-06 05:42 . 2015-03-11 10:37    210944    ----a-w-    c:\windows\system32\wdigest.dll
2015-03-06 05:42 . 2015-03-11 10:37    86528    ----a-w-    c:\windows\system32\TSpkg.dll
2015-03-06 05:42 . 2015-03-11 10:37    29184    ----a-w-    c:\windows\system32\sspisrv.dll
2015-03-06 05:42 . 2015-03-11 10:37    136192    ----a-w-    c:\windows\system32\sspicli.dll
2015-03-06 05:42 . 2015-03-11 10:37    341504    ----a-w-    c:\windows\system32\schannel.dll
2015-03-06 05:42 . 2015-03-11 10:37    28160    ----a-w-    c:\windows\system32\secur32.dll
2015-03-06 05:42 . 2015-03-11 10:37    314880    ----a-w-    c:\windows\system32\msv1_0.dll
2015-03-06 05:42 . 2015-03-11 10:37    309760    ----a-w-    c:\windows\system32\ncrypt.dll
2015-03-06 05:42 . 2015-03-11 10:37    728064    ----a-w-    c:\windows\system32\kerberos.dll
2015-03-06 05:42 . 2015-03-11 10:37    1461760    ----a-w-    c:\windows\system32\lsasrv.dll
2015-03-06 05:42 . 2015-03-11 10:37    22016    ----a-w-    c:\windows\system32\credssp.dll
2015-03-06 05:41 . 2015-03-11 10:37    31232    ----a-w-    c:\windows\system32\lsass.exe
2015-03-06 05:41 . 2015-03-11 10:37    64000    ----a-w-    c:\windows\system32\auditpol.exe
2015-03-06 05:39 . 2015-03-11 10:37    60416    ----a-w-    c:\windows\system32\msobjs.dll
2015-03-06 05:38 . 2015-03-11 10:37    146432    ----a-w-    c:\windows\system32\msaudite.dll
2015-03-06 05:36 . 2015-03-11 10:37    686080    ----a-w-    c:\windows\system32\adtschema.dll
2015-03-06 05:10 . 2015-03-11 10:37    172032    ----a-w-    c:\windows\SysWow64\wdigest.dll
2015-03-06 05:10 . 2015-03-11 10:37    65536    ----a-w-    c:\windows\SysWow64\TSpkg.dll
2015-03-06 05:10 . 2015-03-11 10:37    248832    ----a-w-    c:\windows\SysWow64\schannel.dll
2015-03-06 05:10 . 2015-03-11 10:37    22016    ----a-w-    c:\windows\SysWow64\secur32.dll
2015-03-06 05:10 . 2015-03-11 10:37    259584    ----a-w-    c:\windows\SysWow64\msv1_0.dll
2015-03-06 05:10 . 2015-03-11 10:37    221184    ----a-w-    c:\windows\SysWow64\ncrypt.dll
2015-03-06 05:10 . 2015-03-11 10:37    550912    ----a-w-    c:\windows\SysWow64\kerberos.dll
2015-03-06 05:10 . 2015-03-11 10:37    17408    ----a-w-    c:\windows\SysWow64\credssp.dll
2015-03-06 05:09 . 2015-03-11 10:37    50176    ----a-w-    c:\windows\SysWow64\auditpol.exe
2015-03-06 05:09 . 2015-03-11 10:37    96768    ----a-w-    c:\windows\SysWow64\sspicli.dll
2015-03-06 05:07 . 2015-03-11 10:37    60416    ----a-w-    c:\windows\SysWow64\msobjs.dll
2015-03-06 05:07 . 2015-03-11 10:37    146432    ----a-w-    c:\windows\SysWow64\msaudite.dll
2015-03-06 05:06 . 2015-03-11 10:37    686080    ----a-w-    c:\windows\SysWow64\adtschema.dll
2015-03-03 13:17 . 2010-11-21 03:27    295552    ------w-    c:\windows\system32\MpSigStub.exe
2015-02-26 03:25 . 2015-03-11 10:37    3204096    ----a-w-    c:\windows\system32\win32k.sys
2015-02-24 03:15 . 2015-03-11 10:37    389800    ----a-w-    c:\windows\system32\iedkcs32.dll
2015-02-21 01:16 . 2015-03-11 10:37    25021440    ----a-w-    c:\windows\system32\mshtml.dll
2015-02-20 23:58 . 2015-03-11 10:37    92160    ----a-w-    c:\windows\system32\mshtmled.dll
2015-02-20 04:41 . 2015-03-11 10:38    41984    ----a-w-    c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-11 10:38    100864    ----a-w-    c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-11 10:38    14336    ----a-w-    c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-11 10:38    46080    ----a-w-    c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-11 10:38    70656    ----a-w-    c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-11 10:38    10240    ----a-w-    c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-11 10:38    34304    ----a-w-    c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-11 10:38    25600    ----a-w-    c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-11 10:38    372224    ----a-w-    c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-11 10:38    299008    ----a-w-    c:\windows\SysWow64\atmfd.dll
2015-02-20 03:06 . 2015-03-11 10:37    2724864    ----a-w-    c:\windows\system32\mshtml.tlb
2015-02-20 03:05 . 2015-03-11 10:37    4096    ----a-w-    c:\windows\system32\ieetwcollectorres.dll
2015-02-20 02:50 . 2015-03-11 10:37    66560    ----a-w-    c:\windows\system32\iesetup.dll
2015-02-20 02:49 . 2015-03-11 10:37    48640    ----a-w-    c:\windows\system32\ieetwproxystub.dll
2015-02-20 02:49 . 2015-03-11 10:37    584192    ----a-w-    c:\windows\system32\vbscript.dll
2015-02-20 02:48 . 2015-03-11 10:37    2886144    ----a-w-    c:\windows\system32\iertutil.dll
2015-02-20 02:47 . 2015-03-11 10:37    88064    ----a-w-    c:\windows\system32\MshtmlDac.dll
2015-02-20 02:41 . 2015-03-11 10:37    54784    ----a-w-    c:\windows\system32\jsproxy.dll
2015-02-20 02:40 . 2015-03-11 10:37    34304    ----a-w-    c:\windows\system32\iernonce.dll
2015-02-20 02:36 . 2015-03-11 10:37    633856    ----a-w-    c:\windows\system32\ieui.dll
2015-02-20 02:35 . 2015-03-11 10:37    144384    ----a-w-    c:\windows\system32\ieUnatt.exe
2015-02-20 02:35 . 2015-03-11 10:37    114688    ----a-w-    c:\windows\system32\ieetwcollector.exe
2015-02-20 02:34 . 2015-03-11 10:37    814080    ----a-w-    c:\windows\system32\jscript9diag.dll
2015-02-20 02:32 . 2015-03-11 10:37    6035456    ----a-w-    c:\windows\system32\jscript9.dll
2015-02-20 02:26 . 2015-03-11 10:37    968704    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
2015-02-20 02:22 . 2015-03-11 10:37    2724864    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2015-02-20 02:22 . 2015-03-11 10:37    490496    ----a-w-    c:\windows\system32\dxtmsft.dll
2015-02-20 02:13 . 2015-03-11 10:37    77824    ----a-w-    c:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-20 02:09 . 2015-03-11 10:37    503296    ----a-w-    c:\windows\SysWow64\vbscript.dll
2015-02-20 02:08 . 2015-03-11 10:37    62464    ----a-w-    c:\windows\SysWow64\iesetup.dll
2015-02-20 02:08 . 2015-03-11 10:37    199680    ----a-w-    c:\windows\system32\msrating.dll
2015-02-20 02:08 . 2015-03-11 10:37    47616    ----a-w-    c:\windows\SysWow64\ieetwproxystub.dll
2015-02-20 02:06 . 2015-03-11 10:37    64000    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2015-02-20 02:05 . 2015-03-11 10:37    316928    ----a-w-    c:\windows\system32\dxtrans.dll
2015-02-20 01:56 . 2015-03-11 10:37    115712    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
2015-02-20 01:56 . 2015-03-11 10:37    620032    ----a-w-    c:\windows\SysWow64\jscript9diag.dll
2015-02-20 01:49 . 2015-03-11 10:37    718848    ----a-w-    c:\windows\system32\ie4uinit.exe
2015-02-20 01:49 . 2015-03-11 10:37    801280    ----a-w-    c:\windows\system32\msfeeds.dll
2015-02-20 01:47 . 2015-03-11 10:37    1359360    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2015-02-20 01:46 . 2015-03-11 10:37    2125824    ----a-w-    c:\windows\system32\inetcpl.cpl
2015-02-20 01:43 . 2015-03-11 10:37    14398976    ----a-w-    c:\windows\system32\ieframe.dll
2015-02-20 01:41 . 2015-03-11 10:37    60416    ----a-w-    c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2015-02-20 01:30 . 2015-03-11 10:37    4300288    ----a-w-    c:\windows\SysWow64\jscript9.dll
2015-02-20 01:28 . 2015-03-11 10:37    2358784    ----a-w-    c:\windows\system32\wininet.dll
2015-02-20 01:24 . 2015-03-11 10:37    2052608    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
2015-02-20 01:23 . 2015-03-11 10:37    1155072    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2015-02-20 01:16 . 2015-03-11 10:37    1548288    ----a-w-    c:\windows\system32\urlmon.dll
2015-02-20 01:03 . 2015-03-11 10:37    800768    ----a-w-    c:\windows\system32\ieapfltr.dll
2015-02-20 01:01 . 2015-03-11 10:37    1888256    ----a-w-    c:\windows\SysWow64\wininet.dll
2015-02-17 20:04 . 2015-02-17 20:04    1202848    ----a-w-    c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-11 10:38    14177280    ----a-w-    c:\windows\system32\shell32.dll
2015-02-10 10:36 . 2014-08-16 03:14    627912    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-05 18:42 . 2012-04-02 22:33    701616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-05 18:42 . 2011-06-24 20:42    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-04 03:16 . 2015-03-11 10:37    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2015-02-04 03:16 . 2015-02-10 19:02    609280    ----a-w-    c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-10 19:02    762368    ----a-w-    c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-10 19:02    414720    ----a-w-    c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-10 19:02    894976    ----a-w-    c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-10 19:02    227328    ----a-w-    c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-10 19:02    192000    ----a-w-    c:\windows\system32\aepic.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-16 03:18    222920    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-16 03:18    222920    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-16 03:18    222920    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 15:55    158056    ----a-w-    c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-14 43816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
"WinCheck"="c:\users\Owner\AppData\Local\60CE3C2D-1428954086-E111-94AB-38607704F3BF\bnso9713.exe" [2015-04-13 283648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files (x86)\CrashPlan\CrashPlanTray.exe [2014-11-20 213272]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R2 WinAudioSrv_R1;Windows Audio Services (R1);c:\program files (x86)\Windows Audio\R1\AudioSrv.exe;c:\program files (x86)\Windows Audio\R1\AudioSrv.exe [x]
R2 WindowsVNT_R5;Windows Virtual Network (WVN5);c:\program files (x86)\Windows Network Accelerater\v5\winvxm.exe;c:\program files (x86)\Windows Network Accelerater\v5\winvxm.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S2 5d9df4c6;OptimizerPro Monitoring;c:\windows\system32\rundll32.exe;c:\windows\SYSNATIVE\rundll32.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CrashPlanService;CrashPlan Backup Service;c:\program files (x86)\CrashPlan\CrashPlanService.exe;c:\program files (x86)\CrashPlan\CrashPlanService.exe [x]
S2 gofiwudy;Single Click Text Box;c:\users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp;c:\users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp [x]
S2 moruxefo;Network Connection Communication;c:\users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp;c:\users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 vujofilo;Application Free Up;c:\users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp;c:\users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-04-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-08-16 03:18    261832    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-08-16 03:18    261832    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-08-16 03:18    261832    ----a-w-    c:\users\Owner\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-02-10 11:52    2334928    -c--a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-02-10 11:52    2334928    -c--a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-02-10 11:52    2334928    -c--a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 15:55    190312    ----a-w-    c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-03 11548264]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 1332296]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
TCP: DhcpNameServer = 192.168.1.254
DPF: {16F67783-7E72-4C39-99C4-4780A8335484} - hxxp://www.syncmyride.com/Own/Modules/UpdateCenter/applets/sync.cab
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0m1zdpha.default-1343610594345\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-NinjaLoader - c:\program files (x86)\Ninja Loader\Ninja Loader.exe
SafeBoot-tammgF119.sys
SafeBoot-tammgR119.sys
HKLM_Wow6432Node-ActiveSetup-installed components - c:\program files (x86)\Crossbrowse\Crossbrowse\Application\39.4.2171.95\Installer\chrmstp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Eppink - c:\users\Owner\AppData\Roaming\Eppink\Uninstall.exe
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{C6829A37-2437-4FB1-BA29-7FAAC442ACC3}\WeatherBugSetup.exe
AddRemove-mpixpro ROES - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gofiwudy]
"ImagePath"="c:\users\Owner\AppData\Local\60CE3C2D-1428954246-E111-94AB-38607704F3BF\snsa7EE.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\moruxefo]
"ImagePath"="c:\users\Owner\AppData\Roaming\60CE3C2D-1428968432-E111-94AB-38607704F3BF\jnst1830.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vujofilo]
"ImagePath"="c:\users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\cnsfCD41.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\Optimizer Pro 3.79\OptProSmartScan.exe
c:\program files (x86)\Optimizer Pro 3.79\OptProReminder.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\users\Owner\AppData\Local\60CE3C2D-1428954231-E111-94AB-38607704F3BF\ansaC9C7.exe
c:\program files\Tablet\Pen\WacomHost.exe
.
**************************************************************************
.
Completion time: 2015-04-14  17:29:26 - machine was rebooted
ComboFix-quarantined-files.txt  2015-04-14 21:29
.
Pre-Run: 4,680,011,776 bytes free
Post-Run: 4,613,627,904 bytes free
.
- - End Of File - - B2FBE587C45796A74F5C24B3DECB8181
A36C5E4F47E84449FF07ED3517B43A31
 

 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users