Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

whats wrong?


  • This topic is locked This topic is locked
15 replies to this topic

#1 lovenme_143

lovenme_143

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 16 May 2015 - 04:43 PM

build 7601 windows 7 professional not genuine

BC AdBot (Login to Remove)

 


m

#2 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:01 AM

Posted 16 May 2015 - 04:57 PM

We need more information about the issue you are having, please be more specific. Where are you seeing this message, is it new? How old is the computer, did it come with windows 7 on it from the manufacturer or did you install it/upgrade from another version of windows?


Edited by computerxpds, 16 May 2015 - 05:00 PM.
fixed some grammar

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#3 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 16 May 2015 - 05:21 PM

ComboFix 15-05-13.01 - Administrator 05/16/2015 16:01:40.1.1 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2038.1099 [GMT -4:00]
Running from: c:\users\Administrator\OneDrive\ComboFix.exe
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\FavIcon.ico
c:\windows\~GLC0000.TMP
c:\windows\system32\SET40CA.tmp
c:\windows\system32\SET45BA.tmp
c:\windows\system32\SETB628.tmp
c:\windows\system32\SETD1A3.tmp
.
.
((((((((((((((((((((((((( Files Created from 2015-04-16 to 2015-05-16 )))))))))))))))))))))))))))))))
.
.
2015-05-16 20:14 . 2015-05-16 20:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2015-05-16 20:14 . 2015-05-16 20:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2015-05-16 18:49 . 2015-05-16 18:49 -------- d-----w- c:\windows\LastGood
2015-05-16 18:49 . 2009-10-02 19:34 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2015-05-16 18:49 . 2009-10-02 19:34 141848 ----a-w- c:\windows\system32\igfxtray.exe
2015-05-16 18:49 . 2009-10-02 19:34 150552 ----a-w- c:\windows\system32\igfxpers.exe
2015-05-16 18:49 . 2009-10-02 19:34 173080 ----a-w- c:\windows\system32\igfxext.exe
2015-05-16 18:49 . 2009-10-02 19:34 672792 ----a-w- c:\windows\system32\igfxcfg.exe
2015-05-16 18:49 . 2009-10-02 19:34 173592 ----a-w- c:\windows\system32\hkcmd.exe
2015-05-16 18:49 . 2015-05-16 18:49 -------- d-----w- c:\programdata\IntelDLM
2015-05-16 18:47 . 2015-05-16 18:47 -------- d-----w- c:\users\Administrator\AppData\Local\Intel
2015-05-16 18:46 . 2015-05-16 18:46 -------- d-----w- c:\program files\Intel Driver Update Utility
2015-05-16 18:46 . 2015-05-16 18:46 -------- d-----w- c:\programdata\Package Cache
2015-05-16 18:43 . 2015-05-16 18:43 13368 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2015-05-16 18:43 . 2015-05-16 18:43 -------- d-----w- c:\users\Administrator\AppData\Local\SlimWare Utilities Inc
2015-05-16 18:43 . 2015-05-16 18:43 -------- d-----w- c:\program files\DriverUpdate
2015-05-16 12:54 . 2015-05-16 18:53 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF0CFC4-C92C-403D-8C10-1C905313586C}\offreg.dll
2015-05-16 12:52 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF0CFC4-C92C-403D-8C10-1C905313586C}\mpengine.dll
2015-05-14 20:57 . 2011-06-02 18:39 39736 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2015-05-14 20:57 . 2011-06-02 18:39 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2015-05-14 20:57 . 2015-05-14 20:57 -------- d-----w- c:\windows\ELAMBKUP
2015-05-14 20:57 . 2015-05-14 20:57 -------- d-----w- c:\program files\Common Files\InfoWatch
2015-05-14 20:57 . 2015-05-16 18:06 -------- d-----w- c:\programdata\Kaspersky Lab
2015-05-14 20:57 . 2015-05-14 20:57 -------- d-----w- c:\program files\Kaspersky Lab
2015-05-14 20:56 . 2015-05-15 00:22 74848 ----a-w- c:\windows\system32\drivers\klflt.sys
2015-05-14 20:55 . 2015-05-14 20:55 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2015-05-13 21:50 . 2015-05-13 21:50 -------- d-----w- c:\windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2015-05-13 21:43 . 2009-08-25 01:08 28160 ----a-w- c:\windows\system32\DfSdkBt.exe
2015-05-13 21:43 . 2015-05-13 21:55 -------- d-----w- c:\program files\Summitsoft
2015-05-11 17:26 . 2015-05-11 17:26 -------- d-----w- c:\program files\iPod
2015-05-11 17:26 . 2015-05-11 17:27 -------- d-----w- c:\program files\iTunes
2015-05-11 17:26 . 2015-05-11 17:26 -------- d-----w- c:\program files\Apple Software Update
2015-05-11 17:25 . 2015-05-11 17:25 -------- d-----w- c:\program files\Bonjour
2015-05-11 17:25 . 2015-05-11 17:26 -------- d-----w- c:\program files\Common Files\Apple
2015-05-06 21:16 . 2015-05-06 21:16 -------- d-----w- c:\users\Administrator\backup
2015-05-05 22:33 . 2015-05-05 22:33 -------- d-----w- c:\programdata\Malwarebytes
2015-05-05 18:29 . 2015-05-05 18:29 -------- d-----w- c:\users\Administrator\AppData\Local\GWX
2015-05-05 18:01 . 2015-05-05 18:01 -------- d-----w- c:\windows\Gateway Files
2015-05-04 22:47 . 2015-05-04 22:48 -------- d-----w- c:\users\Administrator\AppData\Roaming\FreeFixer
2015-05-04 22:47 . 2015-05-04 22:47 -------- d-----w- c:\users\Administrator\AppData\Local\FreeFixer
2015-05-04 22:46 . 2015-05-13 21:49 -------- d-----w- c:\program files\FreeFixer
2015-05-04 04:21 . 2015-05-04 05:42 -------- d-----w- c:\users\Deluxe-Pawn\AppData\Local\Adobe
2015-05-04 02:34 . 2015-05-04 02:34 -------- d-----w- c:\users\Deluxe-Pawn\AppData\Local\IsolatedStorage
2015-05-04 02:32 . 2015-05-04 02:32 -------- d-----w- c:\users\Deluxe-Pawn\AppData\Roaming\Intuit
2015-05-04 02:28 . 2015-05-04 02:29 -------- d-----w- c:\program files\Common Files\Intuit
2015-05-04 02:26 . 2015-05-04 02:26 -------- d-----w- c:\program files\TurboTax
2015-05-04 02:24 . 2015-05-04 02:29 -------- d-----w- c:\programdata\Intuit
2015-04-29 02:40 . 2015-04-29 02:40 -------- d-sh--w- c:\users\Deluxe-Pawn\AppData\Local\EmieUserList
2015-04-29 02:40 . 2015-04-29 02:40 -------- d-sh--w- c:\users\Deluxe-Pawn\AppData\Local\EmieSiteList
2015-04-29 02:40 . 2015-04-29 02:40 -------- d-sh--w- c:\users\Deluxe-Pawn\AppData\Local\EmieBrowserModeList
2015-04-28 17:14 . 2015-04-28 17:15 -------- d-----w- c:\users\Administrator\AppData\Local\FreeFileViewer
2015-04-24 16:49 . 2015-01-29 03:02 844288 ----a-w- c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2015-04-24 16:49 . 2015-01-29 03:02 2311168 ----a-w- c:\windows\system32\wpdshext.dll
2015-04-24 16:49 . 2015-03-14 03:04 67584 ----a-w- c:\windows\system32\dwmapi.dll
2015-04-24 16:49 . 2015-03-14 03:04 1372160 ----a-w- c:\windows\system32\dwmcore.dll
2015-04-20 17:10 . 2015-04-20 17:10 -------- d-----w- c:\programdata\APN
2015-04-20 17:08 . 2015-04-20 17:08 -------- d-----w- c:\program files\Common Files\Java
2015-04-20 17:08 . 2015-04-20 17:07 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-15 00:22 . 2013-11-12 02:18 145224 ----a-w- c:\windows\system32\drivers\kneps.sys
2015-05-15 00:22 . 2012-08-02 19:09 25696 ----a-w- c:\windows\system32\drivers\klim6.sys
2015-05-15 00:22 . 2013-11-12 02:18 135776 ----a-w- c:\windows\system32\drivers\kl1.sys
2015-05-09 19:38 . 2015-04-06 18:57 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2015-05-09 19:38 . 2015-04-06 18:57 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-04-18 23:46 . 2015-03-19 12:02 262144 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2015-04-10 20:33 . 2015-04-10 20:33 86016 ----a-w- c:\windows\system32\iesysprep.dll
2015-04-10 20:33 . 2015-04-10 20:33 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-04-10 20:33 . 2015-04-10 20:33 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-04-10 20:33 . 2015-04-10 20:33 645120 ----a-w- c:\windows\system32\jsIntl.dll
2015-04-10 20:33 . 2015-04-10 20:33 62464 ----a-w- c:\windows\system32\tdc.ocx
2015-04-10 20:33 . 2015-04-10 20:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-04-10 20:33 . 2015-04-10 20:33 36352 ----a-w- c:\windows\system32\imgutil.dll
2015-04-10 20:33 . 2015-04-10 20:33 24576 ----a-w- c:\windows\system32\licmgr10.dll
2015-04-10 20:33 . 2015-04-10 20:33 194048 ----a-w- c:\windows\system32\elshyph.dll
2015-04-10 20:33 . 2015-04-10 20:33 182272 ----a-w- c:\windows\system32\msls31.dll
2015-04-10 20:33 . 2015-04-10 20:33 151552 ----a-w- c:\windows\system32\iexpress.exe
2015-04-10 20:33 . 2015-04-10 20:33 139264 ----a-w- c:\windows\system32\wextract.exe
2015-04-10 20:33 . 2015-04-10 20:33 13312 ----a-w- c:\windows\system32\mshta.exe
2015-04-10 20:33 . 2015-04-10 20:33 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-04-10 20:32 . 2015-04-10 20:32 640512 ----a-w- c:\windows\system32\advapi32.dll
2015-04-10 20:32 . 2015-04-10 20:32 619520 ----a-w- c:\windows\system32\tdh.dll
2015-04-10 20:32 . 2015-04-10 20:32 231424 ----a-w- c:\windows\system32\mswsock.dll
2015-04-10 02:38 . 2015-04-10 02:38 49152 ----a-w- c:\windows\system32\taskhost.exe
2015-04-10 02:36 . 2015-04-10 02:36 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 906240 ----a-w- c:\windows\system32\FntCache.dll
2015-04-10 02:36 . 2015-04-10 02:36 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2015-04-10 02:36 . 2015-04-10 02:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2015-04-10 02:36 . 2015-04-10 02:36 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 293376 ----a-w- c:\windows\system32\dxgi.dll
2015-04-10 02:36 . 2015-04-10 02:36 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-04-10 02:36 . 2015-04-10 02:36 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-04-10 02:36 . 2015-04-10 02:36 220160 ----a-w- c:\windows\system32\d3d10core.dll
2015-04-10 02:36 . 2015-04-10 02:36 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2015-04-10 02:36 . 2015-04-10 02:36 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2015-04-10 02:36 . 2015-04-10 02:36 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2015-04-10 02:36 . 2015-04-10 02:36 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2015-04-10 02:36 . 2015-04-10 02:36 1080832 ----a-w- c:\windows\system32\d3d10.dll
2015-04-10 02:36 . 2015-04-10 02:36 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-04-10 02:33 . 2015-04-10 02:33 1505280 ----a-w- c:\windows\system32\d3d11.dll
2015-04-09 19:39 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2015-04-07 13:52 . 2015-02-09 19:39 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2015-04-07 13:52 . 2015-02-09 19:39 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2015-03-25 03:00 . 2015-04-11 16:08 3088384 ----a-w- c:\windows\system32\wucltux.dll
2015-03-25 03:00 . 2015-04-11 16:08 92672 ----a-w- c:\windows\system32\wudriver.dll
2015-03-25 03:00 . 2015-04-11 16:08 566784 ----a-w- c:\windows\system32\wuapi.dll
2015-03-25 03:00 . 2015-04-11 16:08 35328 ----a-w- c:\windows\system32\wups2.dll
2015-03-25 03:00 . 2015-04-11 16:08 29696 ----a-w- c:\windows\system32\wups.dll
2015-03-25 03:00 . 2015-04-11 16:08 2020864 ----a-w- c:\windows\system32\wuaueng.dll
2015-03-25 03:00 . 2015-04-11 16:08 173056 ----a-w- c:\windows\system32\wuwebv.dll
2015-03-25 03:00 . 2015-04-11 16:08 50176 ----a-w- c:\windows\system32\WinSetupUI.dll
2015-03-25 03:00 . 2015-04-11 16:08 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
2015-03-25 03:00 . 2015-04-11 16:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2015-03-25 03:00 . 2015-04-11 16:08 131584 ----a-w- c:\windows\system32\wuauclt.exe
2015-03-23 03:06 . 2015-04-10 20:26 576000 ----a-w- c:\windows\system32\generaltel.dll
2015-03-23 03:06 . 2015-04-10 20:26 630784 ----a-w- c:\windows\system32\invagent.dll
2015-03-23 03:06 . 2015-04-10 20:26 331264 ----a-w- c:\windows\system32\devinv.dll
2015-03-23 03:06 . 2015-04-10 20:26 860160 ----a-w- c:\windows\system32\appraiser.dll
2015-03-23 03:06 . 2015-04-10 20:26 26112 ----a-w- c:\windows\system32\acmigration.dll
2015-03-23 03:06 . 2015-04-10 20:26 159744 ----a-w- c:\windows\system32\aepic.dll
2015-03-23 03:06 . 2015-04-10 20:26 202752 ----a-w- c:\windows\system32\aepdu.dll
2015-03-23 02:59 . 2015-04-10 20:26 896000 ----a-w- c:\windows\system32\aeinv.dll
2015-03-23 00:00 . 2015-03-22 23:59 10326784 ----a-w- c:\windows\system32\the_seven_days.scr
2015-03-21 20:28 . 2012-07-17 18:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2015-03-20 19:33 . 2015-03-20 19:33 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2015-03-20 19:33 . 2015-03-20 19:33 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2015-03-17 05:01 . 2015-04-15 18:04 3920824 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-03-17 05:01 . 2015-04-15 18:04 3976632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2015-03-17 05:01 . 2015-04-15 18:04 137656 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-03-17 05:01 . 2015-04-15 18:04 67512 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2015-03-17 04:59 . 2015-04-15 18:04 1306112 ----a-w- c:\windows\system32\ntdll.dll
2015-03-17 04:57 . 2015-04-15 18:04 172032 ----a-w- c:\windows\system32\wdigest.dll
2015-03-17 04:57 . 2015-04-15 18:04 65536 ----a-w- c:\windows\system32\TSpkg.dll
2015-03-17 04:57 . 2015-04-15 18:04 400896 ----a-w- c:\windows\system32\srcore.dll
2015-03-17 04:57 . 2015-04-15 18:04 43008 ----a-w- c:\windows\system32\srclient.dll
2015-03-17 04:57 . 2015-04-15 18:04 15872 ----a-w- c:\windows\system32\sspisrv.dll
2015-03-17 04:57 . 2015-04-15 18:04 100352 ----a-w- c:\windows\system32\sspicli.dll
2015-03-17 04:57 . 2015-04-15 18:04 248832 ----a-w- c:\windows\system32\schannel.dll
2015-03-17 04:57 . 2015-04-15 18:04 22016 ----a-w- c:\windows\system32\secur32.dll
2015-03-17 04:57 . 2015-04-15 18:04 221184 ----a-w- c:\windows\system32\ncrypt.dll
2015-03-17 04:57 . 2015-04-15 18:04 259584 ----a-w- c:\windows\system32\msv1_0.dll
2015-03-17 04:57 . 2015-04-15 18:04 550912 ----a-w- c:\windows\system32\kerberos.dll
2015-03-17 04:57 . 2015-04-15 18:04 1061376 ----a-w- c:\windows\system32\lsasrv.dll
2015-03-17 04:56 . 2015-04-15 18:04 38912 ----a-w- c:\windows\system32\csrsrv.dll
2015-03-17 04:56 . 2015-04-15 18:04 17408 ----a-w- c:\windows\system32\credssp.dll
2015-03-17 04:56 . 2015-04-15 18:04 69632 ----a-w- c:\windows\system32\smss.exe
2015-03-17 04:56 . 2015-04-15 18:04 262656 ----a-w- c:\windows\system32\rstrui.exe
2015-03-17 04:56 . 2015-04-15 18:04 22528 ----a-w- c:\windows\system32\lsass.exe
2015-03-17 04:56 . 2015-04-15 18:04 50176 ----a-w- c:\windows\system32\auditpol.exe
2015-03-17 04:53 . 2015-04-15 18:04 60416 ----a-w- c:\windows\system32\msobjs.dll
2015-03-17 04:53 . 2015-04-15 18:04 146432 ----a-w- c:\windows\system32\msaudite.dll
2015-03-17 04:50 . 2015-04-15 18:04 6656 ----a-w- c:\windows\system32\apisetschema.dll
2015-03-17 04:50 . 2015-04-15 18:04 686080 ----a-w- c:\windows\system32\adtschema.dll
2015-03-13 03:42 . 2015-04-15 18:04 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2015-03-13 03:42 . 2015-04-15 18:04 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-05-14 14:05 1605832 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-05-14 14:05 1605832 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-05-14 14:05 1605832 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2015-05-14 23:11 458944 ----a-w- c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDD-Control Guard"="c:\program files\Summitsoft\HDD Control\SSHDDC_Guard.exe" [2012-01-06 3774464]
"Summitsoft SystemTech Live-Tuner"="c:\program files\Summitsoft\SystemTech\LiveTuner.exe" [2012-01-11 2826480]
"Summitsoft HDD Control Guard"="c:\program files\Summitsoft\HDD Control\SSHDDC_Guard.exe" [2012-01-06 3774464]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-12 356128]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-02 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-02 150552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2015-04-09 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\_disabledByAcp]
2009-09-23 23:49 218112 ----a-w- c:\windows\System32\igfxdev.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\System32\Drivers\VirtualBackplane.sys [x]
R2 SSHDDC;HDD Control Service;c:\program files\Summitsoft\HDD Control\SSHDDC_Service.exe [2012-01-06 1509888]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2013-07-23 6272]
R3 DfSdkS;Defragmentation-Service;c:\program files\Summitsoft\HDD Control\DfSdkS.exe [2009-08-25 406016]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2013-07-23 26240]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2013-07-23 21376]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2013-07-23 23936]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [x]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2015-05-16 13368]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2011-06-02 88632]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2011-06-02 39736]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2015-05-15 25696]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-11-12 44000]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2015-05-15 145224]
S2 ASST_LiveService;Summitsoft LiveTuner Service;c:\program files\Summitsoft\SystemTech\LiveTunerService.exe [2012-01-11 879856]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-06-28 14624]
S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files\Summitsoft\SystemTech\LiveTunerProcessMonitor32.sys [2011-03-08 12696]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2013-11-26 5120]
S3 CSObjectsSrv;CryptoStorage control service;c:\program files\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2013-09-25 818888]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2013-11-12 25696]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2013-11-12 25696]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc Mcx2Svc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ftpsvc REG_MULTI_SZ ftpsvc
ipripsvc REG_MULTI_SZ iprip
LPDService REG_MULTI_SZ LPDSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
CatWSWDHelper
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-06 19:39]
.
2015-05-16 c:\windows\Tasks\DriverUpdate Scan.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2015-04-02 13:07]
.
2015-05-16 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2015-04-02 13:07]
.
2015-05-16 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2015-03-23 22:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local;192.168.*.*
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
IE: Kaspersky PURE - c:\progra~1\KASPER~1\KASPER~1.0\KASPER~2\spIEBho.dll/616
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-RunOnce-WinSat - winsat dwm -xml results.xml
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8a,07,
6f,ce,85,47,0f,ab,e0,9f,9a,f3,9c,6f,5c
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1d,db,
c2,7b,f7,30,0a,a1,7f,d7,65,c3,80,ca,b6
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,85,be,81,84,d5,e7,42,b6,7d,20,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,0c,85,be,81,84,d5,e7,42,b6,7d,20,\
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.api\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cat\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.chk\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.db\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WORDPAD.EXE"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.drv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\FreeFileViewer.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="inffile"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.json\UserChoice]
@Denied: (2) (Administrator)
"Progid"="json_auto_file"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jsonlz4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="jsonlz4_auto_file"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MAPIMail\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ocx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ResmonCfg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sys\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\firefox.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ZFSendToTarget\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wordpad.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-05-16 16:18:09
ComboFix-quarantined-files.txt 2015-05-16 20:18
.
Pre-Run: 259,505,999,872 bytes free
Post-Run: 259,207,503,872 bytes free
.
- - End Of File - - A2ED050E3105E4B65E8EA5BD1184BC0F
A36C5E4F47E84449FF07ED3517B43A31






# AdwCleaner v4.204 - Logfile created 16/05/2015 at 16:50:11
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : Administrator - DELUXE-PAWN-PC
# Running from : C:\Users\Administrator\OneDrive\adwcleaner_4.204.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Driver Support
Folder Found : C:\Program Files\DriverTuner
Folder Found : C:\Program Files\FreeFixer
Folder Found : C:\Program Files\ParetoLogic
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Driver Support
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
Folder Found : C:\ProgramData\ParetoLogic
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\ProgramData\SparkTrust
Folder Found : C:\Users\Administrator\AppData\Local\FileTypeAssistant
Folder Found : C:\Users\Administrator\AppData\Local\FreeFixer
Folder Found : C:\Users\Administrator\AppData\Local\PC_Drivers_Headquarters
Folder Found : C:\Users\Administrator\AppData\Local\SecTaskMan
Folder Found : C:\Users\Administrator\AppData\Local\speed browser
Folder Found : C:\Users\Administrator\AppData\Roaming\FreeFixer
Folder Found : C:\Users\Administrator\AppData\Roaming\ParetoLogic
Folder Found : C:\Users\Administrator\AppData\Roaming\Systweak
Folder Found : C:\Users\Deluxe-Pawn\AppData\Local\DriverTuner
Folder Found : C:\Users\Deluxe-Pawn\AppData\Local\FileTypeAssistant
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Local\FileTypeAssistant
Folder Found : C:\Windows\system32\config\systemprofile\AppData\Local\speed browser

***** [ Scheduled tasks ] *****

Task Found : driverupdate startup
Task Found : ProgramRefresh-ATFST
Task Found : ProgramUpdateCheck

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local;192.168.*.*
Key Found : HKCU\Software\Bitberry
Key Found : HKCU\Software\FileTypeAssistant
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Key Found : HKLM\SOFTWARE\ParetoLogic
Key Found : HKLM\SOFTWARE\systweak
Key Found : HKLM\SOFTWARE\Uniblue

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [;Start Page] - hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17728&apn_uid=7C3705E9-8A11-48D7-8681-0A9513161AF4&itbv=12.24.1.51&doi=2015-04-20&psv=&pt=tb

-\\ Mozilla Firefox v


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [3614 bytes] - [16/05/2015 16:50:11]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [3673 bytes] ##########






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.7.2 (05.15.2015:1)
OS: Windows 7 Professional x86
Ran by Administrator on Sat 05/16/2015 at 17:20:07.48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\Windows\System32\tasks\DriverUpdate Startup
Successfully deleted: [Task] C:\Windows\tasks\DriverUpdate Startup.job



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\DRIVER_FLASH_MEDIA_25421B.EXE-86EC6F81.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERUPDATE-SETUP.EXE-6F3DF41F.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERUPDATE.EXE-CD772C24.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERUPDATEUI.EXE-5E1C563A.pf



~~~ Folders

Successfully deleted: [Folder] C:\Program Files\driver support
Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\driver support
Successfully deleted: [Folder] C:\ProgramData\sparktrust
Successfully deleted: [Folder] C:\Users\Administrator\AppData\Roaming\systweak
Successfully deleted: [Folder] C:\Users\Administrator\local settings\application data\filetypeassistant
Successfully deleted: [Folder] C:\Users\Administrator\local settings\application data\pc_drivers_headquarters
Successfully deleted: [Folder] C:\Users\Administrator\local settings\application data\speed browser





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/16/2015 at 17:23:15.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#4 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 16 May 2015 - 05:38 PM

I hope this helps

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,696 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:01 AM

Posted 17 May 2015 - 12:00 AM

Because you've run Combofix and posted that log, I'm moving this topic to the Virus, Trojan, Spyware, and Malware Removal Logs forum.  Please do not do anything further with the machine unless instructed by a member of the malware removal team.  It may take a few days before your topic is picked up.  If HelpBot replies, please be sure to follow step one in its instructions so it knows you still need assistance.  I'd suggest checking your topic once a day for a reply as the e-mail notification system is not completely reliable.

 

Orange Blossom ~ forum moderator


Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#6 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 17 May 2015 - 10:40 AM

ok

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 21 May 2015 - 07:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running?
Wait for further instructions.

#8 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 24 May 2015 - 12:23 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-05-2015 01
Ran by Administrator (administrator) on DELUXE-PAWN-PC on 24-05-2015 13:17:03
Running from C:\Users\Administrator\OneDrive
Loaded Profiles: Administrator (Available Profiles: Deluxe-Pawn & Administrator & Guest & DefaultAppPool)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Farbar) C:\Users\Administrator\OneDrive\FRST.exe1.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKU\S-1-5-21-3109044109-2673652320-1513855555-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6278424 2015-04-23] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2015-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll [2015-05-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll [2014-02-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\buShell.dll [2014-02-27] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3109044109-2673652320-1513855555-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Internet Explorer\Main,;Start Page = http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17728&apn_uid=7C3705E9-8A11-48D7-8681-0A9513161AF4&itbv=12.24.1.51&doi=2015-04-20&psv=&pt=tb
SearchScopes: HKLM -> DefaultScope value is missing
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?FORM=INCOH1&PC=IC02&q={searchTerms}
SearchScopes: HKLM -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL =
SearchScopes: HKU\S-1-5-21-3109044109-2673652320-1513855555-500 -> {39118170-7B07-4BC5-8B47-C62B1DC1DC99} URL =
SearchScopes: HKU\S-1-5-21-3109044109-2673652320-1513855555-500 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-3109044109-2673652320-1513855555-500 -> {EBDE4DFC-4E07-44B5-AE15-FA4D1E7AC0C6} URL = https://www.google.com/search?q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL [2014-08-25] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-05-23] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-23] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3109044109-2673652320-1513855555-500 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll [2014-09-20] (Symantec Corporation)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\7og9k8bv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-05-09] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2015-05-23]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-05-24]

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-06]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-06]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-06]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfogidghaigoomjdeacndafapdijmiid [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2015-03-30]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-03-25]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhkmoheomjbkfloacpgllgjcamhihfaj [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2015-03-25]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2015-03-30]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (No Name) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-05-23]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [29696 2009-07-13] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150519.001\BHDrvx86.sys [1172184 2015-05-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360\1506000.020\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2015-05-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2015-05-22] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150521.003\IDSvix86.sys [505048 2015-05-21] (Symantec Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [26240 2013-07-23] (Motorola)
S3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150523.001\NAVENG.SYS [95704 2015-05-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150523.001\NAVEX15.SYS [1636696 2015-05-22] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360\1506000.020\SRTSP.SYS [664792 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\1506000.020\SRTSPX.SYS [32984 2014-08-25] (Symantec Corporation)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) []
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13368 2015-05-16] (SlimWare Utilities, Inc.)
R0 SymDS; C:\Windows\System32\drivers\N360\1506000.020\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\1506000.020\SYMEFA.SYS [936152 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2015-05-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\1506000.020\SYMNETS.SYS [447704 2014-08-25] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 tifm21; C:\Windows\System32\drivers\tifm21.sys [168448 2006-07-06] (Texas Instruments) []
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 RSSERIAL; \SystemRoot\SYSTEM32\RSSERIAL.SYS [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]
U3 VSS; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: CatWSWDHelper -> No Registry Path.

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:16 - 2015-05-24 13:17 - 00000000 ____D () C:\FRST
2015-05-24 13:00 - 2015-05-24 13:01 - 00002198 _____ () C:\Users\Administrator\Documents\cc_20150524_130038.reg
2015-05-23 23:11 - 2015-05-23 23:11 - 00002774 _____ () C:\Users\Administrator\Documents\cc_20150523_231107.reg
2015-05-23 14:39 - 2015-05-23 14:39 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-23 14:37 - 2015-05-23 14:37 - 00002747 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-23 14:37 - 2015-05-23 14:37 - 00002747 _____ () C:\ProgramData\Desktop\Sophos Virus Removal Tool.lnk
2015-05-23 14:37 - 2015-05-23 14:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-23 14:37 - 2015-05-23 14:37 - 00000000 ____D () C:\Program Files\Sophos
2015-05-23 14:27 - 2015-05-23 14:32 - 00000000 ____D () C:\ProgramData\F-Secure
2015-05-23 14:27 - 2015-05-23 14:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\F-Secure
2015-05-23 14:22 - 2015-05-23 14:22 - 00000000 ____D () C:\Windows\Sun
2015-05-23 14:22 - 2015-05-23 14:22 - 00000000 ____D () C:\Program Files\Common Files\Java
2015-05-23 14:21 - 2015-05-23 14:21 - 00096352 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-05-23 14:21 - 2015-05-23 14:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-23 13:30 - 2015-05-24 12:41 - 00002362 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-05-23 13:30 - 2015-05-24 12:41 - 00002362 _____ () C:\ProgramData\Desktop\Norton Security Suite.lnk
2015-05-23 13:30 - 2015-05-23 14:02 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-05-23 13:30 - 2015-05-23 13:30 - 00142936 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2015-05-23 13:30 - 2015-05-23 13:30 - 00008194 _____ () C:\Windows\system32\Drivers\SYMEVENT.CAT
2015-05-23 13:29 - 2015-05-24 12:42 - 00000000 ____D () C:\Windows\system32\Drivers\N360
2015-05-23 13:29 - 2015-05-24 12:41 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-05-23 13:29 - 2015-05-23 13:29 - 00000000 ____D () C:\Program Files\Norton Security Suite
2015-05-23 13:28 - 2015-05-23 13:28 - 00001234 _____ () C:\Users\Administrator\Desktop\Norton Installation Files.lnk
2015-05-22 18:10 - 2015-05-22 18:10 - 00092863 _____ () C:\Windows\system32\services.msc1.msc
2015-05-22 17:34 - 2015-05-22 17:34 - 00000000 ____D () C:\Users\Administrator\Documents\root
2015-05-22 14:49 - 2015-05-22 14:49 - 00000000 ____D () C:\Users\Administrator\Documents\msmq
2015-05-22 07:21 - 2015-05-22 07:22 - 00013088 _____ () C:\Users\Administrator\Documents\cc_20150522_072153.reg
2015-05-20 15:35 - 2015-05-20 15:35 - 00001706 _____ () C:\Users\Administrator\Documents\startup.txt
2015-05-20 15:31 - 2015-05-22 07:14 - 00000000 ____D () C:\Program Files\CCleaner
2015-05-20 15:31 - 2015-05-20 15:31 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-05-20 15:31 - 2015-05-20 15:31 - 00000965 _____ () C:\ProgramData\Desktop\CCleaner.lnk
2015-05-20 15:31 - 2015-05-20 15:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-19 13:44 - 2015-05-19 13:44 - 00001450 _____ () C:\Users\Administrator\Desktop\Free PDF To Word.lnk
2015-05-19 13:44 - 2015-05-19 13:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FMSoftwareStudio
2015-05-19 13:44 - 2015-05-19 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Software Studio
2015-05-19 13:44 - 2015-05-19 13:44 - 00000000 ____D () C:\Program Files\FM Software Studio
2015-05-19 12:40 - 2015-05-19 12:40 - 00000000 ____D () C:\Users\Administrator\Documents\TurboTax
2015-05-19 12:40 - 2015-05-19 12:40 - 00000000 ____D () C:\Users\Administrator\AppData\Local\IsolatedStorage
2015-05-19 12:39 - 2015-05-19 12:39 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intuit
2015-05-19 09:38 - 2015-05-19 09:38 - 00015000 _____ () C:\Windows\system32\results.xml
2015-05-18 20:49 - 2009-10-02 15:34 - 00252952 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-05-16 18:11 - 2015-05-16 18:11 - 00000701 _____ () C:\Users\Administrator\Desktop\checkup.txt
2015-05-16 17:23 - 2015-05-16 17:23 - 00001887 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-05-16 17:20 - 2015-05-16 17:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DELUXE-PAWN-PC-Windows-7-Professional-(32-bit).dat
2015-05-16 17:20 - 2015-05-16 17:20 - 00000000 ____D () C:\RegBackup
2015-05-16 16:49 - 2015-05-22 10:47 - 00000000 ____D () C:\AdwCleaner
2015-05-16 16:47 - 2015-05-16 16:47 - 00039916 _____ () C:\Users\Administrator\Desktop\combo fix.txt
2015-05-16 15:57 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-16 15:57 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-16 15:57 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-16 15:57 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-16 15:57 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-16 15:57 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-16 15:57 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-16 15:57 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-16 15:55 - 2015-05-16 16:18 - 00000000 ____D () C:\Qoobox
2015-05-16 14:49 - 2015-05-16 14:49 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-05-16 14:49 - 2009-10-02 15:34 - 08198680 _____ (Intel® Corporation) C:\Windows\system32\TVWSetup.exe
2015-05-16 14:49 - 2009-10-02 15:34 - 00672792 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2015-05-16 14:49 - 2009-10-02 15:34 - 00173592 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-05-16 14:49 - 2009-10-02 15:34 - 00173080 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-05-16 14:49 - 2009-10-02 15:34 - 00150552 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-05-16 14:49 - 2009-10-02 15:34 - 00141848 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-05-16 14:47 - 2015-05-16 14:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Intel
2015-05-16 14:46 - 2015-05-16 14:46 - 00001128 _____ () C:\Users\Public\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-05-16 14:46 - 2015-05-16 14:46 - 00001128 _____ () C:\ProgramData\Desktop\Intel® Driver Update Utility 2.0.lnk
2015-05-16 14:46 - 2015-05-16 14:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-16 14:46 - 2015-05-16 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-05-16 14:46 - 2015-05-16 14:46 - 00000000 ____D () C:\Program Files\Intel Driver Update Utility
2015-05-16 14:43 - 2015-05-16 14:43 - 00013368 _____ (SlimWare Utilities, Inc.) C:\Windows\system32\Drivers\SWDUMon.sys
2015-05-16 14:43 - 2015-05-16 14:43 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-05-16 14:43 - 2015-05-16 14:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SlimWare Utilities Inc
2015-05-16 14:43 - 2015-05-16 14:43 - 00000000 ____D () C:\ProgramData\Documents\Downloaded Installers
2015-05-14 18:59 - 2015-05-20 14:51 - 00000000 ___SD () C:\Users\Administrator\Documents\Passwords Database
2015-05-14 16:55 - 2015-05-14 16:55 - 00000000 ____D () C:\ProgramData\Kaspersky Lab Setup Files
2015-05-14 10:55 - 2015-05-14 10:55 - 00001107 _____ () C:\Users\Administrator\AppData\Videos - Shortcut.lnk
2015-05-13 17:50 - 2015-05-13 17:50 - 00000000 ____D () C:\Windows\A16BBEABAAEF434ABFDD297708709FCC.TMP
2015-05-11 13:27 - 2015-05-11 13:27 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-05-11 13:27 - 2015-05-11 13:27 - 00001753 _____ () C:\ProgramData\Desktop\iTunes.lnk
2015-05-11 13:27 - 2015-05-11 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-05-11 13:26 - 2015-05-20 19:22 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-05-11 13:26 - 2015-05-20 19:22 - 00000000 ____D () C:\Program Files\Apple Software Update
2015-05-11 13:26 - 2015-05-11 13:27 - 00000000 ____D () C:\Program Files\iTunes
2015-05-11 13:26 - 2015-05-11 13:26 - 00000000 ____D () C:\Program Files\iPod
2015-05-11 13:25 - 2015-05-11 13:26 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-05-11 13:25 - 2015-05-11 13:25 - 00000000 ____D () C:\Program Files\Bonjour
2015-05-09 15:27 - 2015-05-09 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-06 17:16 - 2015-05-06 17:16 - 00000000 ____D () C:\Users\Administrator\backup
2015-05-05 19:52 - 2015-05-05 19:52 - 00000000 ____H () C:\Users\Administrator\Documents\Default.rdp
2015-05-05 18:33 - 2015-05-05 18:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-05 14:29 - 2015-05-05 14:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\GWX
2015-05-05 14:01 - 2015-05-05 14:01 - 00000000 ____D () C:\Windows\Gateway Files
2015-05-04 18:47 - 2015-05-04 18:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\FreeFixer
2015-05-04 18:47 - 2015-05-04 18:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FreeFixer
2015-05-04 18:46 - 2015-05-13 17:49 - 00000000 ____D () C:\Program Files\FreeFixer
2015-05-04 00:21 - 2015-05-04 01:42 - 00000000 ____D () C:\Users\Deluxe-Pawn\AppData\Local\Adobe
2015-05-03 22:34 - 2015-05-04 20:34 - 00000000 ____D () C:\Users\Deluxe-Pawn\Documents\TurboTax
2015-05-03 22:34 - 2015-05-03 23:22 - 00000286 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-03 22:34 - 2015-05-03 22:34 - 00000000 ____D () C:\Users\Deluxe-Pawn\AppData\Local\IsolatedStorage
2015-05-03 22:32 - 2015-05-03 22:32 - 00000000 ____D () C:\Users\Deluxe-Pawn\AppData\Roaming\Intuit
2015-05-03 22:29 - 2015-05-03 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013
2015-05-03 22:28 - 2015-05-03 22:29 - 00000000 ____D () C:\Program Files\Common Files\Intuit
2015-05-03 22:26 - 2015-05-03 22:26 - 00000000 ____D () C:\Program Files\TurboTax
2015-05-03 22:24 - 2015-05-03 22:33 - 00060560 _____ () C:\Users\Deluxe-Pawn\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-03 22:24 - 2015-05-03 22:29 - 00000000 ____D () C:\ProgramData\Intuit
2015-04-28 22:40 - 2015-04-28 22:40 - 00000000 __SHD () C:\Users\Deluxe-Pawn\AppData\Local\EmieUserList
2015-04-28 22:40 - 2015-04-28 22:40 - 00000000 __SHD () C:\Users\Deluxe-Pawn\AppData\Local\EmieSiteList
2015-04-28 22:40 - 2015-04-28 22:40 - 00000000 __SHD () C:\Users\Deluxe-Pawn\AppData\Local\EmieBrowserModeList
2015-04-28 13:14 - 2015-04-28 13:15 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FreeFileViewer
2015-04-28 13:12 - 2015-05-24 13:12 - 00000394 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2015-04-28 13:12 - 2015-04-28 13:12 - 00001037 _____ () C:\Users\Administrator\Desktop\FreeFileViewer.lnk
2015-04-28 12:35 - 2015-04-28 12:35 - 00000000 ____D () C:\Users\Administrator\Documents\Fax
2015-04-24 12:49 - 2015-03-13 23:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-04-24 12:49 - 2015-03-13 23:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-04-24 12:49 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-24 13:17 - 2015-03-21 16:16 - 00000000 ___RD () C:\Users\Administrator\OneDrive
2015-05-24 13:01 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-05-24 12:51 - 2015-03-21 16:39 - 01897923 ____N () C:\Windows\WindowsUpdate.log
2015-05-24 12:41 - 2009-07-14 00:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-23 23:38 - 2015-04-06 14:57 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-23 14:22 - 2015-01-08 12:32 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-23 14:02 - 2015-04-10 23:06 - 00000000 ____D () C:\ProgramData\Norton
2015-05-23 14:02 - 2015-03-25 17:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-05-22 17:57 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-22 17:07 - 2009-07-14 00:37 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-05-22 10:47 - 2015-04-11 10:46 - 00000000 ____D () C:\d762191032e88f0979088957bb788c48
2015-05-22 07:19 - 2015-03-26 11:42 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-05-22 07:19 - 2015-02-10 12:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Notepad++
2015-05-22 07:19 - 2014-11-17 09:33 - 00000000 ____D () C:\Windows\Panther
2015-05-20 18:21 - 2014-11-17 09:53 - 00838374 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-20 17:21 - 2015-04-04 13:42 - 00000000 ____D () C:\Users\Administrator\New folder (3)
2015-05-20 14:35 - 2015-04-07 11:52 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-05-20 14:31 - 2015-03-28 19:47 - 00000291 _____ () C:\Users\Administrator\Desktop\grocery list.txt
2015-05-19 12:32 - 2015-02-25 23:27 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Apps\2.0
2015-05-19 11:41 - 2015-04-06 15:18 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-16 16:18 - 2009-07-13 22:37 - 00000000 __RHD () C:\Users\Default
2015-05-16 16:18 - 2009-07-13 22:37 - 00000000 ___RD () C:\Users\Public
2015-05-16 16:16 - 2015-03-12 16:56 - 00000000 ____D () C:\Windows\ERDNT
2015-05-16 16:14 - 2009-07-13 22:04 - 00000215 _____ () C:\Windows\system.ini
2015-05-16 14:49 - 2014-11-20 13:16 - 00000000 ____D () C:\Windows\system32\Lang
2015-05-14 10:05 - 2015-03-21 16:16 - 00002186 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-05-13 21:52 - 2015-03-21 16:35 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-13 17:52 - 2015-03-27 12:24 - 00000000 ____D () C:\ProgramData\SecTaskMan
2015-05-12 21:59 - 2009-07-13 22:03 - 41943040 _____ () C:\Windows\system32\config\software.esg.bak
2015-05-12 21:59 - 2009-07-13 22:03 - 17301504 _____ () C:\Windows\system32\config\system.esg.bak
2015-05-12 21:59 - 2009-07-13 22:03 - 00524288 _____ () C:\Windows\system32\config\default.esg.bak
2015-05-12 21:59 - 2009-07-13 22:03 - 00061440 _____ () C:\Windows\system32\config\sam.esg.bak
2015-05-12 21:59 - 2009-07-13 22:03 - 00028672 _____ () C:\Windows\system32\config\security.esg.bak
2015-05-12 15:57 - 2015-02-10 08:32 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2015-05-11 13:39 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-05-11 13:27 - 2015-03-02 05:56 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-05-11 13:25 - 2015-01-12 00:44 - 00000000 ____D () C:\ProgramData\Apple
2015-05-09 15:38 - 2015-04-06 14:57 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-05-09 15:38 - 2015-04-06 14:57 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-05-09 15:27 - 2015-04-11 12:25 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-07 13:14 - 2009-07-13 22:37 - 00000000 __RSD () C:\Windows\Media
2015-05-07 09:19 - 2015-03-25 17:57 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NPE
2015-05-07 09:12 - 2015-03-25 18:05 - 00000000 ____D () C:\NPE
2015-05-06 17:16 - 2015-02-06 21:23 - 00000000 ____D () C:\Users\Administrator
2015-05-06 16:59 - 2015-02-10 12:48 - 00000000 ____D () C:\Program Files\Notepad++
2015-04-30 10:42 - 2015-03-13 12:39 - 00000000 ___RD () C:\Users\Administrator\Dropbox
2015-04-29 15:05 - 2009-07-13 22:03 - 29884416 _____ () C:\Windows\system32\config\components.esg.bak
2015-04-28 13:12 - 2015-03-23 17:23 - 00001043 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk
2015-04-28 13:12 - 2015-03-23 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
2015-04-28 13:12 - 2015-01-15 02:33 - 00000000 ____D () C:\Program Files\FreeFileViewer
2015-04-28 11:19 - 2014-11-20 12:54 - 00000000 ____D () C:\Users\Deluxe-Pawn\AppData\Local\VirtualStore
2015-04-28 11:03 - 2015-03-26 11:14 - 00000000 ____D () C:\Users\Administrator\New folder (2)
2015-04-24 12:51 - 2009-07-13 22:37 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers

==================== Files in the root of some directories =======

2015-03-21 17:58 - 2015-04-06 13:30 - 0000053 _____ () C:\Users\Administrator\AppData\Roaming\LogFile.txt
2015-03-19 14:15 - 2015-03-24 12:10 - 0007607 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-05-03 22:34 - 2015-05-03 23:22 - 0000286 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-14 08:33

==================== End of log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-05-2015 01
Ran by Administrator at 2015-05-24 13:18:05
Running from C:\Users\Administrator\OneDrive
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3109044109-2673652320-1513855555-500 - Administrator - Enabled) => C:\Users\Administrator
Deluxe-Pawn (S-1-5-21-3109044109-2673652320-1513855555-1000 - Administrator - Enabled) => C:\Users\Deluxe-Pawn
Guest (S-1-5-21-3109044109-2673652320-1513855555-501 - Limited - Enabled) => C:\Users\Guest.Deluxe-Pawn-PC
HomeGroupUser$ (S-1-5-21-3109044109-2673652320-1513855555-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 17 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.05 - Piriform)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION
Free PDF To Word Converter 1.82 (HKLM\...\Free PDF To Word Converter_is1) (Version: 1.82 - )
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3109044109-2673652320-1513855555-500\...\OneDriveSetup.exe) (Version: 17.3.5849.0427 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Windows Debugging Symbols (HKLM\...\{8DD62FB6-083D-40B9-9D7D-48449FDDDED5}) (Version: 7601 - Microsoft)
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Device Manager (HKLM\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{BA562260-B4FA-4D87-ADC5-963783028C68}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NewFreeScreensaver nfsChristIsRisen (HKLM\...\nfsChristIsRisen New Free Screensaver_is1) (Version: - Gekkon Ltd.)
Norton Security Suite (HKLM\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.14.0 - SAMSUNG Electronics Co., Ltd.)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
the_seven_days.scr (HKLM\...\the_seven_days.scr) (Version: - )
TIPCI (Version: 1.23.0000 - Texas Instruments Inc.) Hidden
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{5999E1EE-711E-48D2-9884-851A709F543D}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{A3CA1CF4-5F3E-4AC0-91B9-0D3716E1EAC3}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3109044109-2673652320-1513855555-500_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.5849.0427\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points =========================

Check "winmgmt" service or repair WMI.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-01-10 21:22 - 2015-05-16 16:14 - 00000027 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0556070E-9D02-4532-9B2D-DA1DA836609D} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {0F11AC07-0D2B-4394-A555-20009EC65907} - System32\Tasks\{64605F83-0629-43E4-ACC1-F63D332F8289} => pcalua.exe -a "C:\Users\Administrator\Downloads\driver_flash_media_25421B (2).exe" -d C:\Users\Administrator\Downloads
Task: {15D57A35-D504-4F37-ABAE-09D8EE00166D} - System32\Tasks\{03C981C3-1A44-4804-9EC3-7E85ECEF3EDD} => pcalua.exe -a F:\drv\WModem_Driver_Installer_v2.19.0.0.exe -d F:\drv
Task: {199D4CA4-4327-46A7-9379-775EAB26910E} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {2A05B7D3-4514-4FCD-9C0B-38C2FB656D6A} - System32\Tasks\{7DB36E56-E7E3-4A69-A65D-0E37D703FFDB} => Firefox.exe
Task: {2C151A9F-93CB-48DB-8FCE-0659D6D51E8D} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {2CE0FBC2-80F2-4C78-B735-23BF3BC74CAE} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {2E83086C-E6E6-4364-8F05-ACF7E501736B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-09] (Adobe Systems Incorporated)
Task: {3F86A55B-E7F9-40AD-A012-5CE1D5D1CA30} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)
Task: {47124807-3744-4510-A4DF-7AFF2F61BC37} - System32\Tasks\Motorola Device Manager Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {5119D6EC-F83C-449F-8C61-93C392A7F881} - System32\Tasks\{0B7C7AB6-CC7E-444A-820B-3D763D01555F} => C:\Users\Administrator\Downloads\driver_cardreader_ti_25844A.exe [2015-02-25] ()
Task: {60854EBA-7F92-4827-9925-A2084DBC27EA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3109044109-2673652320-1513855555-500
Task: {63A621BF-B53A-45D6-BBCE-7ADF03B65F58} - System32\Tasks\{3F187DE9-E9E3-4533-B53E-E05228AF5CEA} => Chrome.exe
Task: {6E7C33B6-D28A-47EB-9687-4A8030EABA6C} - System32\Tasks\{9B21C469-08A6-491A-ABA8-71325379CFD7} => Chrome.exe
Task: {81A55829-10C8-40A8-86E8-EED804070A4B} - System32\Tasks\{9C741B6F-A9AD-43C9-B294-1C6F16D4270B} => pcalua.exe -a "C:\Program Files\HTC\WModem_Installer\DeleteInstall.exe" -d "C:\Program Files\HTC\WModem_Installer"
Task: {83B84C9C-C9A4-44FE-9670-B2FCB3BB74F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {918F4503-BB0C-4F95-9D56-D5B7FA637909} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {9FE2693F-F5C6-47C9-934C-7DB8C666F1F0} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {B1918321-7FBE-4647-B3B8-B751AF2D1CC6} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {B5991B4B-D7A2-430B-9175-DB412FB81855} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C64F9877-92DD-4BC2-85E1-8280FB3E710B} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {CAF32E07-BBC3-40C5-832B-76E0A89F2AEC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-04-23] (Piriform Ltd)
Task: {CB08CA82-37CE-4DCC-BBB0-0C9A7566D3F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)
Task: {E0652086-9B65-436F-998A-4DB3B818BA60} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {E44D0186-CAE5-42A0-976E-96009021316D} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {E51DA347-FFE9-4E04-9EC3-1D008B719969} - \Tuneup Pro No Task File <==== ATTENTION
Task: {EC64E495-7A2F-4A31-83D4-3F32D657983F} - System32\Tasks\{A39E6BBD-1B4D-447A-8E9C-54C42EA74BCF} => Chrome.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2014-12-20 14:47 - 2011-06-21 03:42 - 00024064 _____ () C:\Windows\System32\sst3cl3.dll
2014-12-20 14:47 - 2011-06-20 22:23 - 00540672 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\sst3cdu.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-12 05:49 - 2014-05-12 05:49 - 00260608 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2015-05-22 07:14 - 2015-05-22 07:14 - 00055576 _____ () C:\Program Files\CCleaner\branding.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3109044109-2673652320-1513855555-500\...\samsungsetup.com -> hxxp://www.samsungsetup.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3109044109-2673652320-1513855555-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER Error getting ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{6D1966AF-9FAA-44A2-859F-38316CB76515}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9BFB96A-DFB0-46C2-B669-86CAA4CCA846}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{ADD5BEED-BAED-4EAE-A908-32C6CEA6994A}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{FF910675-D73B-427D-9F74-3B903883FDEC}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{A7E05756-0FB9-4D53-82C8-64E40DDBC330}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{DDB7FE0D-8F7A-431E-A59F-D70476E03701}] => (Allow) C:\Windows\system32\recdisc.exe
FirewallRules: [{BE3B8A84-3217-41BE-97F0-55222CC83D5E}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{C59ED66F-B477-41F7-9B35-5698ED17A14B}] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{D155F443-F8E3-4EA9-A092-BE60F27C025F}] => (Allow) C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe
FirewallRules: [{AC8A00DD-0EFE-4B7B-90C4-6F3664C56A31}] => (Allow) G:\FFVCheckForUpdates.exe
FirewallRules: [{DF4CD428-D62B-439B-A3DC-02C62CD45BE9}] => (Allow) G:\FFVCheckForUpdates.exe
FirewallRules: [{035001A6-6F81-4902-8950-3C1573E11E2F}] => (Allow) G:\FFVCheckForUpdates.exe
FirewallRules: [{C26AB813-DEBC-4AF7-8437-F1DC5085A4BB}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{B518067A-65FF-494E-9701-2C18E56EC372}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{26F352F1-825D-45CD-9966-674885F644AD}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BC5C21AA-EA4A-48D9-9B50-6A30C0AEBADB}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{CC4B2056-83F4-4B4D-BA62-E2D53E9A5C64}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{3A05CF14-BE8C-4796-B769-36A83C7A6736}] => (Allow) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

==================== Faulty Device Manager Devices =============

Name: Mass Storage Controller
Description: Mass Storage Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80070424, The specified service does not exist as an installed service.
.


Operation:
Instantiating VSS server

Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x80070424, The specified service does not exist as an installed service.
]


Operation:
Instantiating VSS server

Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS). hr = 0x80070424, The specified service does not exist as an installed service.
.


Operation:
Initialize For Backup

Error: (05/24/2015 01:13:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (05/24/2015 01:11:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (05/24/2015 01:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:18:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:18:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:18:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:18:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:18:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:16:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297

Error: (05/24/2015 01:16:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error:
%%1297


Microsoft Office:
=========================
Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070424, The specified service does not exist as an installed service.


Operation:
Instantiating VSS server

Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 13) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070424, The specified service does not exist as an installed service.


Operation:
Instantiating VSS server

Error: (05/24/2015 01:18:06 PM) (Source: VSS) (EventID: 8193) (User: )
Description: OpenService (shSCManager, 'VSS', SERVICE_QUERY_STATUS)0x80070424, The specified service does not exist as an installed service.


Operation:
Initialize For Backup

Error: (05/24/2015 01:13:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\SysTray.exe

Error: (05/24/2015 01:11:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll

Error: (05/24/2015 01:11:26 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll

Error: (05/24/2015 01:11:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll

Error: (05/24/2015 01:11:24 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll

Error: (05/24/2015 01:11:23 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll

Error: (05/24/2015 01:11:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"C:\Program Files\Samsung\Easy Printer Manager\IDSAlertConfig.dll


CodeIntegrity Errors:
===================================
Date: 2015-04-08 16:44:49.641
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\90fa5f6b825cd001ad090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:49.625
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\90fa5f6b825cd001ad090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:49.610
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\90fa5f6b825cd001ad090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:49.594
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\90fa5f6b825cd001ad090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:47.363
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\2f995d6b825cd001ab090000bc01800b_appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:47.348
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\2f995d6b825cd001ab090000bc01800b_appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:47.332
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\2f995d6b825cd001ab090000bc01800b_appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:47.317
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\2f995d6b825cd001ab090000bc01800b_appidapi.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:46.240
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\0440246d825cd001e2090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-04-08 16:44:46.225
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\winsxs\Temp\715ace63825cd00173090000bc01800b\0440246d825cd001e2090000bc01800b_appid.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 540 @ 1.86GHz
Percentage of memory in use: 48%
Total physical RAM: 2038.43 MB
Available physical RAM: 1046.87 MB
Total Pagefile: 4076.85 MB
Available Pagefile: 3045.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1885.48 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.99 GB) (Free:246 GB) NTFS
Drive d: (My DVD) (CDROM) (Total:1.94 GB) (Free:0 GB) UDF
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 23619282)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End of log ============================

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 25 May 2015 - 07:34 AM


Remove this program in bold using the Add/Remove programs applet.
Free File Viewer 2014 (HKLM\...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software) <==== ATTENTION


If not already done please run the AdwCleaner tool and clean all that is found.

===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-3109044109-2673652320-1513855555-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-3109044109-2673652320-1513855555-500\Software\Microsoft\Internet Explorer\Main,;Start Page = http://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17728&apn_uid=7C3705E9-8A11-48D7-8681-0A9513161AF4&itbv=12.24.1.51&doi=2015-04-20&psv=&pt=tb
SearchScopes: HKU\S-1-5-21-3109044109-2673652320-1513855555-500 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 RSSERIAL; \SystemRoot\SYSTEM32\RSSERIAL.SYS [X]
S0 sptd; System32\Drivers\sptd.sys [X]
S1 VirtualBackplane; \SystemRoot\System32\Drivers\VirtualBackplane.sys [X]
U3 VSS; No ImagePath
Task: {0556070E-9D02-4532-9B2D-DA1DA836609D} - \ProgramRefresh-ATFST No Task File <==== ATTENTION
Task: {199D4CA4-4327-46A7-9379-775EAB26910E} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {2C151A9F-93CB-48DB-8FCE-0659D6D51E8D} - \ProPCCleaner_Popup No Task File <==== ATTENTION
Task: {9FE2693F-F5C6-47C9-934C-7DB8C666F1F0} - \ProPCCleaner_Start No Task File <==== ATTENTION
Task: {E44D0186-CAE5-42A0-976E-96009021316D} - \ProgramUpdateCheck No Task File <==== ATTENTION
Task: {E51DA347-FFE9-4E04-9EC3-1D008B719969} - \Tuneup Pro No Task File <==== ATTENTION
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#10 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 25 May 2015 - 02:11 PM

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST" => key Removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{199D4CA4-4327-46A7-9379-775EAB26910E} => key not found.
C:\Windows\System32\Tasks\FreeFileViewerUpdateChecker not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C151A9F-93CB-48DB-8FCE-0659D6D51E8D}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C151A9F-93CB-48DB-8FCE-0659D6D51E8D}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Popup" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9FE2693F-F5C6-47C9-934C-7DB8C666F1F0}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9FE2693F-F5C6-47C9-934C-7DB8C666F1F0}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E44D0186-CAE5-42A0-976E-96009021316D}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E44D0186-CAE5-42A0-976E-96009021316D}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E51DA347-FFE9-4E04-9EC3-1D008B719969}" => key Removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E51DA347-FFE9-4E04-9EC3-1D008B719969}" => key Removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tuneup Pro => key not found.
C:\Windows\Tasks\FreeFileViewerUpdateChecker.job not found.


The system needed a reboot.

#11 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 25 May 2015 - 02:31 PM

still unable to update error 8024402c and 80070424

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 26 May 2015 - 06:53 AM

Do the recommended fix on these Microsoft pages.


Windows Update error 80070424
http://windows.microsoft.com/en-ca/windows/windows-update-error-80070424#1TC=windows-7


Windows Update error 8024402C
http://windows.microsoft.com/en-ca/windows/windows-update-error-8024402c#1TC=windows-7

Is the problem persisting?

#13 lovenme_143

lovenme_143
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:01 AM

Posted 28 May 2015 - 01:59 PM

these did not work



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 29 May 2015 - 06:21 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:01 AM

Posted 03 June 2015 - 08:15 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users