Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes found 2 threats


  • This topic is locked This topic is locked
9 replies to this topic

#1 Bubble10

Bubble10

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Race City USA
  • Local time:05:24 AM

Posted 30 June 2015 - 02:48 PM

Hi @ all!

I am running Windows 7 64-bit Home Edition
My Malwarebytes found 2 threats on my PC. It's been the second time it showed me those threats, even though I told the program to remove it.
I tried to uninstall it via the "Control Panel" - "Programs & Features", but it will not uninstall it. I attached a pic of the 2 threats.
I just want it removed from my PC

Toolbar_zpscdsuody9.jpg



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 01 July 2015 - 09:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


Wait for further instructions.

#3 Bubble10

Bubble10
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Race City USA
  • Local time:05:24 AM

Posted 01 July 2015 - 04:44 PM

# AdwCleaner v4.207 - Logfile created 01/07/2015 at 17:31:16
# Updated 21/06/2015 by Xplode
# Database : 2015-06-29.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : J F - FAMILY
# Running from : C:\Users\J F\Downloads\adwcleaner_4.207.exe
# Option : Scan

***** [ Services ] *****

Service Found : CouponPrinterService
Service Found : YahooAUService

***** [ Files / Folders ] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
File Found : C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage
File Found : C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_cmaiofennmphjldldcpphcechfnnohja_0.localstorage-journal
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Digital Coupon Printer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Found : C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Users\J F\AppData\LocalLow\Yahoo! Companion
Folder Found : C:\Users\J F\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\J F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\catalina – print savings

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\OCS
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\OCS
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Found : HKLM\SOFTWARE\GeekBuddyRSP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19E8EBBF-55F3-41FB-AC8E-373BA0436939}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2095A496-250E-4A1F-90AD-691246819A9A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8AC6566B-131F-4987-82DF-932CED9FCA23}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
Key Found : HKU\.DEFAULT\Software\GeekBuddyRSP
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.17377


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chrome v43.0.2357.130

[C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

-\\ Comodo Dragon v43.3.3.185

[C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=<DOI>&apn_dtid=%5E<MTRACK>%5EYY%5EUS&q={searchTerms}
[C:\Users\J F\AppData\Local\Comodo\Dragon\User Data\Default\Preferences] - Found [Extension] : cmaiofennmphjldldcpphcechfnnohja

*************************

AdwCleaner[R0].txt - [3854 bytes] - [07/05/2014 06:55:07]
AdwCleaner[R1].txt - [6634 bytes] - [16/10/2014 16:10:04]



#4 Bubble10

Bubble10
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Race City USA
  • Local time:05:24 AM

Posted 01 July 2015 - 05:12 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by J F (administrator) on FAMILY on 01-07-2015 17:45:56
Running from C:\Users\J F\Downloads
Loaded Profiles: J F (Available Profiles: J F)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
() C:\Windows\SysWOW64\CSHelper.exe
(ASUSTeK Computer Inc.) C:\Windows\SysWOW64\AsHookDevice.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Creative Home) C:\Program Files (x86)\Sierra\Planner\PLNRnote.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Inmar, Inc.) C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe
() C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ehome\ehrec.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-24] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-24] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SKDaemon.exe] => C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe [318464 2009-06-16] ()
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2011-07-11] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [489512 2011-07-11] (ActivIdentity)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-10] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-23] (Apple Inc.)
HKLM-x32\...\Run: [RunAIShell] => C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [232064 2009-12-23] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ASUS VIBE] => C:\Program Files (x86)\ASUS\ASUS VIBE\ASUS VIBE.exe [102400 2010-03-01] (ecm)
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [ApproveItForOfficeSetup] => C:\Program Files (x86)\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe [155648 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyExcelKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [AprvRemoveLegacyWordKeys] => C:\Program Files (x86)\ApproveIt\Support\Tools\AprvClean.exe [73728 2010-01-26] (Silanis Technology Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-04-23] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-09] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MSN Toolbar] => C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\mswinext.exe [240992 2009-11-16] (Microsoft Corp.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [296520 2014-03-31] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-12] (Comodo Security Solutions, Inc.)
HKLM-x32\...\Run: [Digital Coupon Print Driver] => C:\Program Files (x86)\Digital Coupon Printer\DigitalCouponPrinter.exe [88000 2015-06-12] (Inmar, Inc.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe [130864 2015-06-15] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Run: [Logitech Vid] => "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -bootmode
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [48128 2015-02-24] ()
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\MountPoints2: J - J:\iLinker.exe
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\MountPoints2: K - K:\iLinker.exe
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\MountPoints2: {485a2e1f-93d9-11e2-969c-485b39d30e93} - J:\iLinker.exe
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\MountPoints2: {5a3822c9-23c0-11e0-86d1-485b39d30e93} - "J:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk [2011-02-19]
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk [2011-02-19]
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Event Planner Reminders Tray Icon.lnk [2012-11-04]
ShortcutTarget: Event Planner Reminders Tray Icon.lnk -> C:\Program Files (x86)\Sierra\Planner\PLNRnote.exe (Creative Home)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-02-13]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk [2014-01-26]
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-03-31]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-04-27]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk [2010-04-27]
ShortcutTarget: Best Buy Software Installer.lnk -> C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (Best Buy®)
Startup: C:\Users\J F\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk [2014-01-26]
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: PE_IE_Helper Class -> {0941C58F-E461-4E03-BD7D-44C27392ADE1} -> C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll [2010-02-01] (IBM Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: MSN Toolbar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-29] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{8FF9165B-AEFA-4A23-8710-FA655EDD6A30}: [DhcpNameServer] 8.8.8.8 8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\J F\AppData\Roaming\Mozilla\Firefox\Profiles\n11aa0ue.default-1413595833044
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Homepage: https://www.yahoo.com/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-23] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll [2009-02-02] (ArtistScope)
FF Plugin-x32: @artistscope.com/ArtistScope plugin 42,version=4.2.0.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll [2009-01-15] (ArtistScope)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-29] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll [2009-11-16] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=17.0.8.22 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-03-31] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.8.22 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-03-31] (RealPlayer Cloud)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\J F\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-04] (RocketLife, LLP)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2010-09-14] (Sony Media Software and Services Inc)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: @artistscope.com/ArtistScope DRM plugin 1,version=1.1.0.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScopeDRM11.dll [2009-02-02] (ArtistScope)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: @artistscope.com/ArtistScope plugin 42,version=4.2.0.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npArtistScope42.dll [2009-01-15] (ArtistScope)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\J F\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll [2010-08-04] (Yahoo! Inc.)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\JF~1\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [2013-06-06] (Catalina Marketing Corporation)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: hopster.com/CouponPrinterPlugin -> C:\Users\J F\AppData\Roaming\Hopster\CouponPrinterPlugin\2.0.2.0\npCouponPrinterPlugin.dll [2013-02-21] (Hopster)
FF Plugin HKU\S-1-5-21-4046771281-2696689483-3638236772-1000: revtrax.com/RevTraxPrintMyCoupon -> C:\Users\J F\AppData\Roaming\RevTrax\RevTraxPrintMyCoupon\1.0.0.0\npRevTraxPrintMyCoupon.dll [2014-10-15] (RevTrax)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\mfc71.dll [2003-03-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\msvcr71.dll [2003-02-21] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npArtistScope42.dll [2009-01-15] (ArtistScope)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npArtistScopeDRM11.dll [2009-02-02] (ArtistScope)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npmfv.dll [2010-02-01] (IBM Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-03-31] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-03-31] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-12-03] (Coupons, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox
FF Extension: MSN Toolbar - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0357.1\Firefox [2011-05-13]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-05-14]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-02-13]
FF HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Angry Birds) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-06-25]
CHR Extension: (Avira Browser Safety) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (SwagButton) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-03-01]
CHR Extension: (Google Wallet) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-09] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-09] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-04-23] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [208632 2015-06-15] (Avira Operations GmbH & Co. KG)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70848 2015-06-12] (Comodo Security Solutions, Inc.)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-10] (COMODO)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [179184 2015-03-02] (Coupons.com Inc.) <==== ATTENTION
R2 CSHelper; C:\Windows\SysWOW64\CSHelper.exe [266240 2010-09-15] () [File not signed]
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-27] (Comodo)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2015-06-12] (Comodo Security Solutions, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-05-21] (Hewlett-Packard Company)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-29] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
U2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-03-31] (RealNetworks, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132656 2015-06-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-29] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-07] (Avira Operations GmbH & Co. KG)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2014-06-26] (Windows ® Win 7 DDK provider) [File not signed]
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797256 2015-06-05] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45856 2015-06-05] (COMODO)
R1 HMD; C:\Windows\System32\DRIVERS\hmd.sys [14888 2014-06-26] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104584 2015-06-05] (COMODO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-29] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-29] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-15] ()
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 17:45 - 2015-07-01 17:47 - 00029692 _____ C:\Users\J F\Downloads\FRST.txt
2015-07-01 17:44 - 2015-07-01 17:46 - 00000000 ____D C:\FRST
2015-07-01 17:44 - 2015-07-01 17:44 - 02112512 _____ (Farbar) C:\Users\J F\Downloads\FRST64.exe
2015-07-01 17:36 - 2015-07-01 17:36 - 00004362 _____ C:\Users\J F\Documents\AdwCleaner[R4].txt
2015-07-01 17:28 - 2015-07-01 17:28 - 02244096 _____ C:\Users\J F\Downloads\adwcleaner_4.207.exe
2015-06-27 13:28 - 2015-06-27 13:28 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-06-25 20:32 - 2015-06-25 20:33 - 00000091 _____ C:\ProgramData\PS.log
2015-06-25 20:30 - 2015-06-25 20:37 - 00000000 ____D C:\Users\J F\AppData\Roaming\CyberLink
2015-06-25 20:23 - 2015-06-25 20:30 - 00000000 ____D C:\Users\J F\AppData\Roaming\PowerCinema
2015-06-25 20:19 - 2015-06-25 20:37 - 00000000 ____D C:\ProgramData\CyberLink
2015-06-25 20:19 - 2015-06-25 20:37 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-06-25 20:14 - 2015-06-25 20:16 - 150082384 _____ ( ) C:\Users\J F\Downloads\CyberLink_PCS090731-01.exe
2015-06-25 19:43 - 2015-06-25 19:44 - 06406256 _____ (Macrovision Corporation) C:\Users\J F\Downloads\EMB_201111Update.exe
2015-06-25 08:03 - 2015-06-25 08:03 - 00000000 ____D C:\Program Files (x86)\Valassis
2015-06-25 07:54 - 2015-06-25 07:55 - 02166416 _____ (Valassis) C:\Users\J F\Downloads\P@H_prod308-zQ4qEgut.exe
2015-06-23 13:36 - 2015-06-23 14:35 - 18411184 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-20 11:28 - 2015-07-01 11:32 - 00003512 _____ C:\Windows\System32\Tasks\ReclaimerUpdateXML_J F
2015-06-20 11:28 - 2015-06-30 11:32 - 00003518 _____ C:\Windows\System32\Tasks\ReclaimerUpdateFiles_J F
2015-06-20 11:28 - 2015-06-20 11:28 - 00003636 _____ C:\Windows\System32\Tasks\RNUpgradeHelperResumePrompt_J F
2015-06-20 11:28 - 2015-06-20 11:28 - 00003232 _____ C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_J F
2015-06-12 17:02 - 2015-06-12 17:02 - 00000000 ____D C:\Users\J F\AppData\Local\Hopster
2015-06-12 17:02 - 2015-06-12 17:02 - 00000000 ____D C:\Program Files (x86)\Digital Coupon Printer
2015-06-12 17:00 - 2015-06-12 17:01 - 00544768 _____ C:\Users\J F\Downloads\DigitalCouponPrinter-3.17.0.0.msi
2015-06-09 23:52 - 2015-05-25 14:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 23:52 - 2015-05-25 14:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 23:52 - 2015-05-25 14:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 23:52 - 2015-05-25 14:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 23:52 - 2015-05-25 14:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 23:52 - 2015-05-25 14:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 23:52 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 23:52 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 23:52 - 2015-05-25 14:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 23:52 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 23:52 - 2015-05-25 14:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 14:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 23:52 - 2015-05-25 14:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 23:52 - 2015-05-25 14:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 23:52 - 2015-05-25 14:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 23:52 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 23:52 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-09 23:52 - 2015-05-25 13:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 23:52 - 2015-05-25 13:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 23:52 - 2015-05-25 13:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 23:52 - 2015-05-25 13:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 23:52 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 23:52 - 2015-05-22 14:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 23:52 - 2015-05-22 14:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 23:52 - 2015-05-21 09:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 23:52 - 2015-04-29 14:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 23:52 - 2015-04-29 14:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 23:52 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 23:52 - 2015-04-29 14:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 23:52 - 2015-04-29 14:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 23:52 - 2015-04-29 14:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 23:52 - 2015-04-29 14:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 23:52 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 23:52 - 2015-04-29 14:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 23:52 - 2015-04-29 14:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 23:51 - 2015-05-27 22:04 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 23:51 - 2015-05-27 22:03 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 23:51 - 2015-05-27 22:03 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 23:51 - 2015-05-27 22:03 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 23:51 - 2015-05-27 22:02 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 23:51 - 2015-05-27 22:02 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 23:51 - 2015-05-27 22:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 23:51 - 2015-05-27 22:02 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 23:51 - 2015-05-27 22:01 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 23:51 - 2015-05-27 22:00 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 23:51 - 2015-05-27 20:45 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 23:51 - 2015-05-27 20:45 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 23:51 - 2015-05-27 20:45 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 23:51 - 2015-05-27 20:44 - 14383104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 23:51 - 2015-05-27 20:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 23:51 - 2015-05-27 20:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 23:51 - 2015-05-27 20:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 02865152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 23:51 - 2015-05-27 20:43 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 23:51 - 2015-05-27 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 23:51 - 2015-05-27 20:24 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 23:51 - 2015-05-27 20:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 23:51 - 2015-05-27 20:00 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 23:51 - 2015-05-27 19:55 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 23:51 - 2015-05-27 19:34 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-09 23:51 - 2015-05-27 19:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-09 23:51 - 2015-05-25 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 23:51 - 2015-05-25 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 14:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 23:51 - 2015-05-25 13:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 13:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 23:51 - 2015-05-25 13:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 23:51 - 2015-05-25 12:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 23:51 - 2015-05-25 12:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 23:51 - 2015-05-25 12:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 12:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 12:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 23:51 - 2015-05-25 12:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 23:51 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 23:51 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 23:50 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-02 20:45 - 2015-06-03 05:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-01 17:39 - 2010-10-14 06:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-01 17:38 - 2015-01-11 08:59 - 00027722 _____ C:\Windows\setupact.log
2015-07-01 17:38 - 2010-04-27 13:48 - 01296272 _____ C:\Windows\PFRO.log
2015-07-01 17:38 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-01 17:37 - 2015-02-13 16:46 - 00000444 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2015-07-01 17:37 - 2014-05-07 06:55 - 00000000 ____D C:\AdwCleaner
2015-07-01 17:37 - 2010-08-25 20:01 - 01326944 _____ C:\Windows\WindowsUpdate.log
2015-07-01 17:35 - 2013-09-21 12:02 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-01 17:26 - 2010-10-14 06:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-01 05:30 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 05:30 - 2009-07-14 00:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 17:02 - 2009-07-14 01:13 - 00897286 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-30 11:49 - 2014-06-28 10:38 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 16:20 - 2014-06-28 09:57 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 16:20 - 2014-06-28 09:57 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 16:20 - 2014-06-28 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 16:20 - 2014-06-28 09:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-29 16:20 - 2012-01-01 12:19 - 00001110 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 16:20 - 2010-09-17 07:10 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-29 16:02 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-29 08:48 - 2013-11-29 06:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-28 12:31 - 2010-09-23 12:29 - 00017782 _____ C:\Users\J F\AppData\Roaming\wklnhst.dat
2015-06-28 12:31 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-06-26 07:07 - 2009-07-14 00:45 - 00507544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-25 20:37 - 2010-04-27 13:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-25 20:30 - 2012-06-07 08:34 - 00158848 _____ C:\Users\J F\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-25 20:20 - 2014-12-20 10:38 - 00000000 ____D C:\ProgramData\TEMP
2015-06-23 14:36 - 2013-09-21 12:02 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-23 14:36 - 2013-09-21 12:02 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-23 14:36 - 2013-09-21 12:02 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-22 12:37 - 2015-02-01 11:47 - 00002106 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-20 07:41 - 2009-07-14 01:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-16 06:52 - 2013-05-25 09:36 - 00000000 ____D C:\ProgramData\Avira
2015-06-15 19:42 - 2014-08-12 18:19 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-15 19:41 - 2013-05-25 09:36 - 00000000 ____D C:\Program Files (x86)\Avira
2015-06-12 14:12 - 2014-10-22 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-06-12 08:06 - 2014-08-25 08:46 - 00000000 ____D C:\Users\J F\AppData\Local\Adobe
2015-06-10 14:05 - 2014-11-07 07:30 - 00041598 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-06-10 08:27 - 2014-10-22 09:44 - 00001947 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-06-10 03:43 - 2014-12-11 06:02 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 03:43 - 2014-05-06 21:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 03:21 - 2010-04-27 13:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 03:17 - 2013-07-27 22:01 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:01 - 2010-08-29 20:42 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-09 05:29 - 2013-05-25 09:36 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-09 05:29 - 2013-05-25 09:36 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-05 09:35 - 2014-04-16 22:12 - 00797256 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-06-05 09:35 - 2014-04-16 22:12 - 00104584 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-06-05 09:35 - 2014-04-16 22:12 - 00045856 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-06-05 09:35 - 2014-04-16 22:12 - 00020672 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-06-05 09:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-06-05 09:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-06-05 09:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-06-05 09:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-06-05 09:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-06-03 05:42 - 2014-10-16 16:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2011-10-07 16:14 - 2011-10-07 16:14 - 0000012 _____ () C:\Users\J F\AppData\Roaming\9109
2011-10-07 15:01 - 2013-08-27 13:47 - 0001183 _____ () C:\Users\J F\AppData\Roaming\StitchPrefs
2010-09-23 12:29 - 2015-06-28 12:31 - 0017782 _____ () C:\Users\J F\AppData\Roaming\wklnhst.dat
2013-07-29 14:32 - 2013-07-27 08:30 - 2162416 _____ (Catalina Marketing Corp) C:\Users\J F\AppData\Local\BcsKtYcHW.dll
2015-02-07 19:56 - 2015-02-09 10:36 - 0004608 _____ () C:\Users\J F\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-10-07 16:14 - 2011-10-07 16:14 - 0000012 _____ () C:\ProgramData\1303
2011-10-07 16:14 - 2011-10-07 16:14 - 0000012 _____ () C:\ProgramData\8286
2011-10-07 16:14 - 2011-10-07 16:14 - 0000012 _____ () C:\ProgramData\8712
2011-05-13 19:38 - 2015-02-13 16:43 - 0022347 _____ () C:\ProgramData\hpzinstall.log
2015-06-25 20:32 - 2015-06-25 20:33 - 0000091 _____ () C:\ProgramData\PS.log

Some files in TEMP:
====================
C:\Users\J F\AppData\Local\Temp\avgnt.exe
C:\Users\J F\AppData\Local\Temp\lowproc.exe
C:\Users\J F\AppData\Local\Temp\Quarantine.exe
C:\Users\J F\AppData\Local\Temp\sqlite3.dll
C:\Users\J F\AppData\Local\Temp\stubhelper.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-16 19:46

==================== End of log ============================



 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by J F at 2015-07-01 17:48:10
Running from C:\Users\J F\Downloads
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4046771281-2696689483-3638236772-500 - Administrator - Disabled)
Guest (S-1-5-21-4046771281-2696689483-3638236772-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4046771281-2696689483-3638236772-1003 - Limited - Enabled)
J F (S-1-5-21-4046771281-2696689483-3638236772-1000 - Administrator - Enabled) => C:\Users\J F

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 1.2.0 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
ActivClient CAC x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.190 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
AI Manager (HKLM-x32\...\{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}) (Version: 1.08.07 - ASUSTeK)
Amazon Kindle (HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ApproveIt Desktop (HKLM-x32\...\{4E01B649-0023-4EB5-9263-57DE317C3418}) (Version: 6.50.25.1000 - Silanis Technology Inc.)
ArtistScope Plugin FX (HKLM-x32\...\ArtistScope Plugin FX4.2.0.3) (Version: 4.2.0.3 - ArtistScope)
ASUS Backup Wizard (HKLM-x32\...\{124C9BD0-8C52-40AB-8238-0605703B1C28}) (Version: 1.00.07 - ASUSTeK Computer Inc.)
ASUS VIBE (HKLM-x32\...\ASUS VIBE) (Version: 1.0.182 - Ecareme, Inc.)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.17.17 - ASUSTeK Computer Inc.)
Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.16 - Atheros Communications Inc.)
Atheros Ethernet Utility (HKLM-x32\...\{FB686487-C637-4EEF-BCB1-C92463F2CC05}) (Version: 1.1.0.3 - Atheros Communications Inc.)
Avira (HKLM-x32\...\{0696cc37-db90-4000-be99-4a173ca7c8af}) (Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.39.17987 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0600}) (Version: 12.6.0.1898 - APN, LLC)
Best Buy Software Installer (HKLM-x32\...\Best Buy Software Installer) (Version: 2.3.0.1 - Best Buy)
Best Buy Software Installer (Version: 2.3.0.1 - Best Buy) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
C310 (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow (HKLM-x32\...\CameraWindowLauncher) (Version: 7.1.0.2 - Canon Inc.)
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (HKLM-x32\...\CameraWindowDVC6) (Version: 6.4.2.16 - Canon Inc.)
Canon Utilities Digital Photo Professional 3.4 (HKLM-x32\...\DPP) (Version: 3.4.0.0 - Canon Inc.)
Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.4.0.1 - Canon Inc.)
Canon Utilities MyCamera (HKLM-x32\...\MyCamera) (Version: 6.4.0.5 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.21.45 - Canon Inc.)
Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.3.0.0 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities WFT-E1/E2/E3 Utility (HKLM-x32\...\WFTK) (Version: 3.2.1.1 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.1.21 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.1.0.8 - Canon Inc.)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 43.3.3.185 - Comodo)
COMODO Firewall (HKLM\...\{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}) (Version: 7.0.55655.4142 - COMODO Security Solutions Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design onlineTV 10 (HKLM-x32\...\{DCAB9AAC-1D1C-4B94-99B7-AA7D2617BD64}_is1) (Version: 10.6.0.0 - concept/design GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DxO Optics Pro 6 (HKLM-x32\...\{A9A1FC33-C366-4B17-9ADB-52E52A0E04CC}) (Version: 6.6.0 - DxO Labs)
ebi.BookReader3J (HKLM-x32\...\{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}) (Version: 3.75.14 - eBOOK Initiative Japan Co., Ltd.)
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.01.02 - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Event Planner (HKLM-x32\...\{E5DA5A29-4FAF-4995-92A8-270C3C44F76A}) (Version: 1.00.000 - )
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
GeekBuddy (HKLM\...\{3DA2EB59-FB68-4383-9A3B-B348521367C7}) (Version: 4.19.137 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hallmark Card Studio 2005 Deluxe (HKLM-x32\...\{F033B55E-54FA-46AD-8B7E-3EF65A6E9D7A}) (Version: 6.0.0.0 - SierraHome)
HDR Projects platin (64-Bit) (HKLM\...\HDR Projects platin_is1) (Version: 1.23 - Franzis Verlag GmbH)
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\HP Photo Creations) (Version: 1.0.0.17422 - HP)
HP Photosmart Prem C310 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{4E484899-4F93-4086-88BA-56BDDF47A776}) (Version: 14.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IBM Lotus Forms Viewer 3.5.1 (HKLM-x32\...\{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}) (Version: 7.6.1.123 - IBM)
iClone v4.3 PRO (HKLM-x32\...\{7430B12A-3B67-4191-B0C5-59E57344CB1F}) (Version: 4.3.1929.1 - Reallusion Inc.)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2555 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KG-Chart LE for Cross Stitch 1.09.08 (HKLM-x32\...\{E9B25BD7-0743-47a5-8F2B-19EBCAFCEA63}_is1) (Version: 1.09.08 - Keiji Ikuta)
LightZone 4.0.0 (HKLM-x32\...\3263-1164-2624-0047) (Version: 4.0.0 - LightZone Project)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
MAGIX Foto & Grafik Designer 7 SE (HKLM-x32\...\MAGIX_{305A1AC7-0B5C-457D-9B6F-2A889766E3A0}) (Version: 7.1.2.26041 - MAGIX AG)
MAGIX Foto & Grafik Designer 7 SE (Version: 7.1.2.26041 - MAGIX AG) Hidden
MAGIX Foto Manager 9 (HKLM-x32\...\MAGIX Foto Manager 9 D) (Version: 7.0.4.131 - MAGIX AG)
MAGIX Online Druck Service (HKLM-x32\...\MAGIX Online Druck Service D) (Version: 3.4.3.0 - MAGIX AG)
MAGIX Online Print Service (HKLM-x32\...\{87F8B2D6-FF7F-4884-9F80-6FC1C6FCE0F2}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Photo Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.1.143 - MAGIX AG)
MAGIX Photo Manager 10 (x32 Version: 8.0.1.143 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM-x32\...\{805F1B80-F6AA-46FC-AE26-EB178E405184}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Screenshare (HKLM-x32\...\MAGIX Screenshare D) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Xtreme Foto & Grafik Designer 5 Download-Version 5.0.405.1305 (D) (HKLM-x32\...\MAGIX Xtreme Foto & Grafik Designer 5 Download-Version D) (Version: 5.0.405.1305 - MAGIX AG)
MAGIX Xtreme Grafik Designer 5 Download-Version (HKLM-x32\...\{5A546C16-7231-424C-907B-0BE17EA6F633}) (Version: 5.1.2.13495 - MAGIX AG)
MAGIX Xtreme Photo & Graphic Designer 5 (Silver) (HKLM-x32\...\MAGIX_MSI_XtremeGrafik5_Silver) (Version: 5.1.2.15876 - MAGIX AG)
MAGIX Xtreme Photo & Graphic Designer 5 (Silver) (x32 Version: 5.1.2.15876 - MAGIX AG) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Media Go (HKLM-x32\...\{C6AC04F5-5916-4A02-BC36-AF5BC0A3CBD4}) (Version: 1.6.508 - Sony)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM-x32\...\{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM-x32\...\{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM-x32\...\{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{D285FC5F-3021-32E9-9C59-24CA325BDC5C}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM-x32\...\WMV9_VCM) (Version:  - )
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Mise à jour Microsoft Office Excel 2007 Help  (KB963678) (HKLM-x32\...\{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B761869A-B85C-40E2-994C-A1CE78AC8F2C}) (Version:  - Microsoft)
Mise à jour Microsoft Office Powerpoint 2007 Help  (KB963669) (HKLM-x32\...\{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{C3DCA38E-005E-41BA-A52A-7C3429F351C3}) (Version:  - Microsoft)
Mise à jour Microsoft Office Word 2007 Help  (KB963665) (HKLM-x32\...\{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{81536A04-DBFB-4DB3-978F-0F284590C223}) (Version:  - Microsoft)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla)
MSN Toolbar Platform (x32 Version: 4.0.0357.1 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
msxml4SP2 (HKLM-x32\...\InstallShield_{24F009D2-7A41-4534-BA08-160E1E7E0DDB}) (Version: 1.00.0000 - Sierra Entertainment, Inc.)
msxml4SP2 (x32 Version: 1.00.0000 - Sierra Entertainment, Inc.) Hidden
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Octoshape add-in for Adobe Flash Player (HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera 10.63 (HKLM-x32\...\{2E190C8E-682A-409D-9329-539E24C9D1C1}) (Version: 10.63 - Opera Software ASA)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)
PCStitch 10 (HKLM-x32\...\{7D389358-56D0-4988-BAAC-5ACE907CCEBD}) (Version: 10.00.23 - M&R Technologies, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
PlayStation®Network Downloader (HKLM-x32\...\{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}) (Version: 2.04.00651 - Sony Computer Entertainment Inc.)
PlayStation®Store (HKLM-x32\...\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}) (Version: 4.0.14.10643 - Sony Computer Entertainment Inc.)
PS_AIO_07_C310_SW_Min (x32 Version: 140.0.304.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
RealPlayer Cloud (HKLM-x32\...\RealPlayer 17.0) (Version: 17.0.8 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5859 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version:  - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.4 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.4.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Touch Manager (HKLM\...\{5AFA78B0-D9BE-4EBE-ACE4-358F14A32044}) (Version: 1.0.1.1 - )
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 9.0.6030.1 - TuneUp Software) Hidden
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.9.2 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0413-0000-0000000FF1CE}_HOMESTUDENTR_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0413-0000-0000000FF1CE}_HOMESTUDENTR_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0413-0000-0000000FF1CE}_HOMESTUDENTR_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Viewer_armyifx (HKLM-x32\...\Viewer_armyifx) (Version: 3.5.1 - )
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
WinStitch Demo (HKLM-x32\...\{1CAA080A-BA86-4DE3-AE34-DB1B0F0529A6}) (Version: 6.71 - Ursa Software)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
Yahoo! BrowserPlus 2.9.8 (HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4046771281-2696689483-3638236772-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\J F\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4046771281-2696689483-3638236772-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\J F\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4046771281-2696689483-3638236772-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\J F\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-4046771281-2696689483-3638236772-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> No File path
CustomCLSID: HKU\S-1-5-21-4046771281-2696689483-3638236772-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\J F\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

10-06-2015 03:00:32 Windows Update
12-06-2015 17:01:31 Installed Digital Coupon Printer
25-06-2015 20:18:21 Installed Suite
25-06-2015 20:31:48 Configured PowerCinema

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {070BDA16-3FFB-4ABB-8FBD-C5B147992DC9} - System32\Tasks\Google Updater and Installer => C:\Users\J F\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0AAC71DD-3F68-440F-A833-F4E1C40BF2FE} - System32\Tasks\RNUpgradeHelperLogonPrompt_J F => C:\Users\J F\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-20] (RealNetworks, Inc.)
Task: {0F1E273F-B0F2-4382-8672-8BED91D49196} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-06-10] (COMODO)
Task: {1393CC0D-0513-4FA7-8CE2-DD63D5981791} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {15FE25F3-1FA2-4AAD-9CE4-5907FFB17B50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {279B52DF-DCA0-4567-A704-D783FF3882C6} - System32\Tasks\{42C0AB88-881A-433A-8B85-E8696745692A} => Firefox.exe http://ui.skype.com/ui/0/6.3.0.105/en/go/help.faq.installer?LastError=1618
Task: {284EA874-5126-4A9D-9FAD-25AF23F2E303} - System32\Tasks\{88EE665E-85F4-40B0-9A80-D3EB9B1344C4} => Firefox.exe http://ui.skype.com/ui/0/6.21.59.104/en/go/help.faq.installer?LastError=1618
Task: {28932AAC-A830-4545-81B0-4BDD7BFB1E7E} - System32\Tasks\{9D44760F-178F-4F45-A258-919EBED1555B} => pcalua.exe -a "C:\Users\J F\Downloads\AdobeAIRInstaller.exe" -d "C:\Users\J F\Downloads"
Task: {305354AE-BAD4-4C00-B112-D2353C30F531} - System32\Tasks\ReclaimerUpdateFiles_J F => C:\Users\J F\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-20] (RealNetworks, Inc.)
Task: {31BDECC4-FCDC-4FA7-8908-09B659D17C7C} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.97\AsLoader.exe [2009-12-24] (ASUSTeK Computer Inc.)
Task: {36CEEB0F-3C43-4F01-91E3-7977B2A86C53} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2013-05-30] (Hewlett-Packard)
Task: {39B9F149-DC64-4C0A-9650-53E3E7B85FEE} - System32\Tasks\RNUpgradeHelperResumePrompt_J F => C:\Users\J F\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-20] (RealNetworks, Inc.)
Task: {3A025978-DD04-4C91-97DE-59C82FC55A92} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CF43832-FF92-4FF7-ACF4-45209177577E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {5059FF3E-05EB-4BF0-ABAF-6CAA53AA77C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {6C389A13-0F7D-44E8-802C-FAE2DC13A607} - System32\Tasks\HP Photo Creations Communicator => C:\Users\J F\AppData\Roaming\HP Photo Creations\Communicator.exe [2015-02-13] ()
Task: {6E0857AE-5AB3-42E8-B446-C78B327ED9EB} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2009-11-17] (ASUSTeK Computer Inc.)
Task: {787CEC27-E5A0-4B59-A8A4-4CFC7D0193EE} - System32\Tasks\ReclaimerUpdateXML_J F => C:\Users\J F\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\13.00\agent\rnupgagent.exe [2015-06-20] (RealNetworks, Inc.)
Task: {81F4E07B-E0E6-448C-BE5C-229C44BF3596} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-23] (Adobe Systems Incorporated)
Task: {8883A9FA-DE19-45E1-924E-1D4F3B71758C} - System32\Tasks\{EEAE5CB8-4374-4BF7-A675-C3A2B14EED8C} => pcalua.exe -a "C:\Users\J F\Downloads\InstallRoot_v3.13A - Effective 3 FEB 2010(2).exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {93D863B4-02DE-44B5-A354-99502ED197BF} - System32\Tasks\{A6017247-6EEE-4C2A-92F1-C341019871D5} => pcalua.exe -a "C:\Users\J F\Desktop\OOo_3.3.0_Win_x86_install-wJRE_en-US.exe" -d "C:\Users\J F\Desktop"
Task: {9CCC8125-AE52-43FB-A884-3AF33243E658} - System32\Tasks\{E70C4A05-3BB4-4206-8049-16719A0B4F07} => pcalua.exe -a "C:\Users\J F\Downloads\Silverlight_x64.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B4AFA2E9-B9FB-457F-B31E-871687E96888} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {BAD4471D-DC16-4D27-ADAC-B80F0F3FC69B} - System32\Tasks\{62140AA3-C09A-4E29-AECF-E1370F58B69C} => Firefox.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?LastError=1618
Task: {BB7D959F-3C85-434E-8177-C252FB44518C} - System32\Tasks\{E58616E1-FB4F-401F-B9BA-DB12BF435405} => pcalua.exe -a "C:\Users\J F\Downloads\InstallRoot_v3.13A.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BF5F6332-443A-4900-BA88-00F70339F58D} - System32\Tasks\{002DCD2C-751F-4D59-A660-616DD53251DE} => pcalua.exe -a "C:\Program Files (x86)\Java\jre6\bin\javacpl.exe" -d C:\Windows\system32
Task: {D37B2018-00CE-41C6-8117-992AA01854C0} - System32\Tasks\ASUS\AsBackupWizard_Run => C:\Program Files (x86)\ASUS\AsBackupWizard\AsRunBkWizardHelper.exe [2010-04-23] (ASUSTeK Computer Inc.)
Task: {D7E375A0-5243-4FA2-809A-054D0211D3A3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2015-04-29] (Oracle Corporation)
Task: {E02D40FC-D334-4E09-B472-A5F4ABE61A4D} - System32\Tasks\{C0EB4A7C-DABF-47A6-894F-79EB92DBD426} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {E8297461-E2C0-4B83-AA93-FA89C19F4373} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-06-10] (COMODO)
Task: {FCDEC1F7-B4BB-454C-BBE9-24276B1C1906} - System32\Tasks\{FF6EEE97-0F43-495D-82A2-4E5586AA377F} => Firefox.exe http://ui.skype.com/ui/0/6.20.0.104/en/go/help.faq.installer?source=lightinstaller&amp;LastError=1618
Task: {FDBA42C5-B474-401E-B4CD-FCBE5195236A} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-04-14] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\Users\J F\AppData\Roaming\HP Photo Creations\Communicator.exe

==================== Loaded Modules (Whitelisted) ==============

2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-09-15 07:20 - 2010-09-15 07:20 - 00266240 _____ () C:\Windows\SysWOW64\CSHelper.exe
2009-06-16 11:06 - 2009-06-16 11:06 - 00318464 _____ () C:\Program Files\LTONHIS\Touch Manager\SKDaemon.exe
2008-01-16 09:18 - 2008-01-16 09:18 - 00260096 _____ () C:\Program Files\LTONHIS\Touch Manager\SKHooks.dll
2015-02-24 08:04 - 2015-02-24 08:04 - 00048128 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe
2015-02-24 08:04 - 2015-02-24 08:04 - 01158656 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll
2015-02-24 08:04 - 2015-02-24 08:04 - 00260096 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll
2015-02-24 08:04 - 2015-02-24 08:04 - 00109056 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
2010-04-27 13:25 - 2009-01-15 17:55 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
2010-08-25 23:33 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerInstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\avnetflt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\GEARAspiWDM.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID
AlternateDataStreams: C:\ProgramData\Microsoft:KF501mO3jnfc0CjX4RYXFC4NlLV1
AlternateDataStreams: C:\ProgramData\Microsoft:kZ56VgECgpRDoiEEhxg
AlternateDataStreams: C:\Users\J F\Local Settings:VETlbnFC9L0LLIG03q61hfIxVe
AlternateDataStreams: C:\Users\J F\Downloads\09.04.2015=100 Geb. Oma(1).zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\09.04.2015=100 Geb. Oma(1).zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\09.04.2015=100 Geb. Oma.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\09.04.2015=100 Geb. Oma.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\11393219_10153362907789393_5472642819094772568_n.jpg:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\11393219_10153362907789393_5472642819094772568_n.jpg:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\1OFF-COUPON-GoodFood-exp-4-30-15.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\24.12.2014=Heilig Abend.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\24.12.2014=Heilig Abend.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\25.12.2014=1.Feiertag.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\25.12.2014=1.Feiertag.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\2697DE_P.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\adwcleaner_4.207.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\adwcleaner_4.207.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\ChromeSetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\ChromeSetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\CouponPrinterCPS.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\CyberLink_PCS090731-01.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\CyberLink_PCS090731-01.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\DD Form 2870.pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\DD Form 2870.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\DigitalCouponPrinter-3.17.0.0.msi:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\DigitalCouponPrinter-3.17.0.0.msi:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\DRE 098 Hybrid lab #2.docx:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\DRE 098 Hybrid lab #2.docx:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\EMB_201111Update.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\EMB_201111Update.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Eric & Corey Camp Bilder.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Eric & Corey Camp Bilder.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Eric & Corey Schwimmunterricht.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Eric & Corey Schwimmunterricht.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\hasbro_schedule_favor.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\HopsterCouponPrinter.msi:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\HopsterCouponPrinter.msi:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\HPSupportSolutionsFramework-en-11.51.0048(3).msi:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\HPSupportSolutionsFramework-en-11.51.0048.msi:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\hpusetup(2).exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\hpusetup(2).exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\IE11-Windows6.1(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\IE11-Windows6.1(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\IE11-Windows6.1.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\IE11-Windows6.1.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\iTunes6464Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\iTunes6464Setup.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\jre-8u45-windows-i586-iftw.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\jre-8u45-windows-i586-iftw.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(1).exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(1).exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(2).exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(2).exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(3).exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall(3).exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\jxpiinstall.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Klöße und Lende mit Sosse.docx:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Konfirmation.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Konfirmation.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\OMRON_Alvita-Goals.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Online Confirmation(1).pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Online Confirmation(1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prod308-zQ4qEgut.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prod308-zQ4qEgut.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-8mV01uBt.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-8mV01uBt.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-bQXVOVPM.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-JlmoRx1z.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-JlmoRx1z.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-nQ7j2J0S.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-nQ7j2J0S.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-PBcqUxdJ.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-PBcqUxdJ.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-piiFSHmK.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-piiFSHmK.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-QGMQhkEx.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-QGMQhkEx.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-qNANeBIv.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-qNANeBIv.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-swqy4Vpv.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-swqy4Vpv.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\P@H_prodcand-x6MBHG1p.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\PartyPlanning_Guide (1).pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\PS_AIO_07_C310_FSW_Full_Win_WW_140_246-4.exe:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\PS_AIO_07_C310_FSW_Full_Win_WW_140_246-4.exe:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Resume+Equipment+Operator+Truck+Driver1.doc:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Resume+Equipment+Operator+Truck+Driver1.doc:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\RevTraxPrintMyCoupon.msi:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\RevTraxPrintMyCoupon.msi:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Security Resume6.wps:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Security Resume6.wps:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\standard-form-180.pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\standard-form-180.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Student Data Files Lesson 02-04.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Student Data Files Lesson 02-04.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\Tabea Konfirmation.zip:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\Tabea Konfirmation.zip:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\transcript_Mar06_2015_0351PM.htm:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\truwhip_coupon_6_2015.pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\truwhip_coupon_6_2015.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\USAAOnlineAgreement_fix_view.pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\USAAOnlineAgreement_fix_view.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\Downloads\USAAPrivacyPromise_fix_view.pdf:$CmdTcID
AlternateDataStreams: C:\Users\J F\Downloads\USAAPrivacyPromise_fix_view.pdf:$CmdZnID
AlternateDataStreams: C:\Users\J F\AppData\Local:VETlbnFC9L0LLIG03q61hfIxVe
AlternateDataStreams: C:\Users\J F\AppData\Local\Application Data:VETlbnFC9L0LLIG03q61hfIxVe
AlternateDataStreams: C:\Users\J F\AppData\Local\Temp:8z3HJ6OaIOMAyYR1QJfqWUbYj

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\J F\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{952B52CA-D9F3-406B-B3D9-8E282C77C3A0}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{149AEB2B-86FD-485A-B6C7-0484B88E89F8}] => (Allow) svchost.exe
FirewallRules: [{EB1609E4-5528-4196-AA1A-B50B86132978}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B029240C-37CF-446C-9DDD-9A6A780EC036}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4B497467-C5CE-469A-A9BB-4E47AA8CE1F2}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{6D8B797C-6C86-4CE1-BD6A-A871268F09AB}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [UDP Query User{2F2D2444-0AF1-4231-B983-557FEF3F49C2}C:\program files (x86)\logitech\logitech vid\vid.exe] => (Block) C:\program files (x86)\logitech\logitech vid\vid.exe
FirewallRules: [{28E57D5E-DAA9-4922-89B8-E24602C538BA}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{947615E8-2A61-4B54-B14D-DBD053D7D033}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BA44992D-4CB9-44C2-B852-F65C4F0262A6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2E196D26-1C98-4618-8E8A-44A8310A0A28}] => (Allow) LPort=2869
FirewallRules: [{3B3295E0-29C4-4F70-B593-7C9BCB4EBD61}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{094229D4-AA05-484F-AD27-C9C99FD6D322}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{4A41290C-BDBC-4D10-9D91-095EB25C6392}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{3D308C0C-A518-4119-A356-B59439FE63BC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{735291E4-9CFA-499F-9E1E-8916826C965A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{2DA10080-BE6C-4AFA-8989-0E9BB075C93B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{F8D0C78C-0283-41F6-ABF2-5BEA3BC6146F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{66C55443-5E9F-4CF1-8DEA-8891C55CFB63}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{00605C89-7549-4DED-8C03-61028B238402}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AE3F9C98-3368-48F8-A7ED-50671BE1BE37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E651AF68-2725-459C-953A-999CBF6B6C4D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{34CE551F-FFCC-4F81-996A-26D195FC4E79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B20C1B5F-16B0-4F6D-98B0-6D963C3E10D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{97BDC9D9-0310-48B6-AE0C-7271B9FDD015}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{1C5382AF-CFA9-4258-9B1C-62A9C207475A}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{3C7CB9D9-24E1-4645-AD49-EC0ABF4D9714}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{5FB6C830-940E-473A-81AE-219C40ABC670}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5D970237-6CEB-4CEC-AA19-E3EBC5EB0B7F}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{7485C31F-E574-4986-B574-1A8302B12EA1}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{4A6E3093-4B7B-4F3C-B439-710C0A4C091E}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{D5D60FDF-2108-4061-9980-D4D1B8CFD661}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{F585F7D8-678E-451D-AA73-1B264968C8E3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{1D022773-4395-4FD0-8545-47C72BB1A746}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{02702C98-1256-463A-8691-3D4FEF43264C}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{8CDD7325-51A4-4F97-A420-1C4675CE6287}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 10\onlineTV.exe
FirewallRules: [{A377C1FC-23B0-4EC3-846C-DCE8BC585C11}] => (Allow) C:\Program Files (x86)\concept design\onlineTV 10\onlineTV.exe
FirewallRules: [{B01430B4-9F6F-440B-B37D-9A3952A11EF1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{72702DB5-81EB-4B50-9313-0D0A22327E15}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8ADF10A3-0EE5-4533-93A0-7FC81EC9513F}] => (Allow) C:\Users\J F\AppData\Local\Temp\7zS0EEB\HPDiagnosticCoreUI.exe
FirewallRules: [{0A600831-342A-4EAF-B2FF-D5A1A3AC8858}] => (Allow) C:\Users\J F\AppData\Local\Temp\7zS0EEB\HPDiagnosticCoreUI.exe
FirewallRules: [TCP Query User{D0F0413A-FA0E-4F58-91F2-6D4ADFE7C5E8}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{652FBDBA-E373-48BF-8FBE-9BA920E9EB6B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5C788129-3998-4896-847F-B16CACC9ECAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4C264CFE-5FDA-47EC-93DF-AF656E3EFA7E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{036CEB56-DA36-4852-8395-1BC45036D2CE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B65D8BA8-C05A-40E9-A129-9FB19D2B394C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{94D6835F-8E16-46AC-9A9B-427285942B9B}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{81E8DF81-4089-4972-9F75-0AFF6836DB30}] => (Allow) LPort=15600
FirewallRules: [{BA024892-CEC3-4BC7-8F14-BCBB47C0E68F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Photosmart Prem C310 series
Description: Photosmart Prem C310 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 06:43:36 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TWC.Win7.exe, version: 2.2.0.0, time stamp: 0x54ec22e3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1324
Faulting application start time: 0xTWC.Win7.exe0
Faulting application path: TWC.Win7.exe1
Faulting module path: TWC.Win7.exe2
Report Id: TWC.Win7.exe3

Error: (07/01/2015 06:43:29 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TWC.Win7.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Runtime.CompilerServices.AsyncServices.<ThrowAsync>b__1(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (06/30/2015 05:35:07 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (06/30/2015 05:35:07 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (06/30/2015 05:02:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: hpqgpc01.exe, version: 130.0.14.16, time stamp: 0x49dd90d9
Faulting module name: hpqgpc01.exe, version: 130.0.14.16, time stamp: 0x49dd90d9
Exception code: 0xc0000005
Fault offset: 0x0000a267
Faulting process id: 0x1960
Faulting application start time: 0xhpqgpc01.exe0
Faulting application path: hpqgpc01.exe1
Faulting module path: hpqgpc01.exe2
Report Id: hpqgpc01.exe3

Error: (06/30/2015 03:30:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

Error: (06/29/2015 11:21:59 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17377 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10e0

Start Time: 01d0b27ab4ded81a

Termination Time: 331

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (06/29/2015 06:48:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TWC.Win7.exe, version: 2.2.0.0, time stamp: 0x54ec22e3
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556366fd
Exception code: 0xe0434352
Fault offset: 0x000000000000b3dd
Faulting process id: 0x1098
Faulting application start time: 0xTWC.Win7.exe0
Faulting application path: TWC.Win7.exe1
Faulting module path: TWC.Win7.exe2
Report Id: TWC.Win7.exe3

Error: (06/29/2015 06:48:49 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: TWC.Win7.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at System.Runtime.CompilerServices.AsyncServices.<ThrowAsync>b__1(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()

Error: (06/28/2015 07:00:21 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location K:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).


System errors:
=============
Error: (07/01/2015 05:41:35 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (07/01/2015 05:41:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The RealPlayer Cloud Service service hung on starting.

Error: (07/01/2015 05:38:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ZoneAlarm Privacy Service service failed to start due to the following error:
%%2

Error: (07/01/2015 05:37:25 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/01/2015 05:36:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/01/2015 05:36:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/01/2015 05:36:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Coupon Printer Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/01/2015 05:36:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GeekBuddyRSP Server service failed to start due to the following error:
%%1053

Error: (07/01/2015 05:36:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the GeekBuddyRSP Server service to connect.

Error: (07/01/2015 05:36:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (02/19/2011 09:08:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/19/2011 09:08:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 10:52:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/18/2011 10:52:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5 seconds with 0 seconds of active time.  This session ended with a crash.


CodeIntegrity Errors:
===================================
  Date: 2014-10-12 09:48:07.366
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 09:48:07.364
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 09:48:07.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 09:48:05.048
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 09:48:05.045
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-12 09:48:05.043
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-02 06:58:49.678
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-02 06:58:49.675
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-02 06:58:49.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x86\win8\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-10-02 06:58:47.036
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\CheckPoint\ZoneAlarm\avsys\install\instdrivers\kl1\x64\win8\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5500 @ 2.80GHz
Percentage of memory in use: 49%
Total physical RAM: 3837.12 MB
Available physical RAM: 1947.38 MB
Total Pagefile: 7672.44 MB
Available Pagefile: 5119.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (WIN7) (Fixed) (Total:372.6 GB) (Free:211.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:544.72 GB) (Free:544.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CB5BD2B2)
Partition 1: (Not Active) - (Size=14.2 GB) - (Type=1B)
Partition 2: (Active) - (Size=372.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544.7 GB) - (Type=07 NTFS)

==================== End of log ============================


Edited by Bubble10, 01 July 2015 - 05:13 PM.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 02 July 2015 - 07:26 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (No File)
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avira Browser Safety) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (SwagButton) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm 

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now.

#6 Bubble10

Bubble10
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Race City USA
  • Local time:05:24 AM

Posted 02 July 2015 - 02:46 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by J F at 2015-07-02 13:54:55 Run:1
Running from C:\Users\J F\Downloads
Loaded Profiles: J F (Available Profiles: J F)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\...409d6c4515e9\InprocServer32: [Default-shell32]  <==== ATTENTION!
ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe (No File)
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Avira Browser Safety) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-08-13]
CHR Extension: (SwagButton) - C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-03-01]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
S2 ZAPrivacyService; "C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" [X]
U3 tmlwf; No ImagePath
U3 tmwfp; No ImagePath
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp" => key removed successfully
"HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}" => key removed successfully
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe not found.
C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-4046771281-2696689483-3638236772-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => moved successfully.
C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm => moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
ZAPrivacyService => Service removed successfully
tmlwf => Service removed successfully
tmwfp => Service removed successfully
usbbus => Service removed successfully
"C:\Users\J F\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm" => File/Folder not found.
EmptyTemp: => 19.7 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 14:11:11 ====



PC runs ok. Just the browser sometimes stop working (Not responding). I just started Malwarebytes.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 03 July 2015 - 06:56 AM

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

How is it now?

#8 Bubble10

Bubble10
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Race City USA
  • Local time:05:24 AM

Posted 03 July 2015 - 06:24 PM

Thanks everything is fine now. Malwarebytes didn't find anything now.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 04 July 2015 - 08:00 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:24 AM

Posted 10 July 2015 - 09:36 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users