Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spybot consistently getting two threats but folders are empty?


  • This topic is locked This topic is locked
7 replies to this topic

#1 coldchipsspoils

coldchipsspoils

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 08 July 2015 - 10:31 PM

So I did something stupid and tried to download an emulator from Coolrom without googling whether it was safe first and got myself a package of viruses. I think I got rid of most of them (my Ad-Aware detected and deleted a trojan right away) but I ran Spybot and Malware Bytes anyways and ran Symantec and cleaned everything out with CCleaner after a system restore just in case. Everything seems to be back to normal but Spybot is consistently getting two threats detected. 

First one is Win32.Downloader.gen 
Second one is Conduit.CommunityAlerts which I found the exact folder it was detecting in my Program Files but it's completely empty. 

--- Search result list --- 
Win32.Downloader.gen: [SBI $82F4FAFD] Data (File, nothing done) 
C:\END 
Conduit.CommunityAlerts: [SBI $CD21D057] Class ID (Registry key, fixing failed) 
HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-4... 

Anybody know what's going on? I swear if I get rid of this I won't ever attempt to pirate games again..



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 12 July 2015 - 08:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Wait for further instructions.

#3 coldchipsspoils

coldchipsspoils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 13 July 2015 - 11:58 AM

Hi nasdaq,

 

So sorry for the delay and thanks so much for the assistance.

 

Here is the results from adwcleaner.

 

# AdwCleaner v4.208 - Logfile created 13/07/2015 at 11:49:08
# Updated 09/07/2015 by Xplode
# Database : 2015-07-11.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : **** H - ****H-PC
# Running from : C:\Users\**** H\Downloads\adwcleaner_4.208.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\saVeRuoun
Folder Deleted : C:\ProgramData\4d09ce8d5400296d
[x] Not Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files (x86)\Toolbar Cleaner
Folder Deleted : C:\Program Files\FreeFixer
Folder Deleted : C:\Users\**** H\AppData\Local\FreeFixer
Folder Deleted : C:\Users\**** H\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\**** H\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\**** H\AppData\Roaming\FreeFixer
Folder Deleted : C:\Users\**** H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
Folder Deleted : C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\oauyt7aay@ma-yeaabxi.org
[x] Not Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Users\**** H\AppData\Local\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\**** H\AppData\Roaming\GDIPFONTCACHEV1.DAT
File Deleted : C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\searchplugins\bingp.xml
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
[x] Not Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[x] Not Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs]
[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17840
 
 
-\\ Mozilla Firefox v30.0 (en-GB)
 
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&CUI=UN23578582081602972&UM=&q=");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.smartbar.CTID", "CT3227982");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.smartbar.Uninstall", "0");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.smartbar.homepage", true);
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.smartbar.isHidden", true);
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("CT3227982.smartbar.toolbarName", "appbario8 ");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13&CUI=UN23578582081602972&UM=");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "appbario8 Customized Web Search");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&CUI=UN23578582081602972&UM=&q=");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3227982");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3227982");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13&CUI=UN23578582081602972&UM=");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&CUI=UN23578582081602972&UM=&q=,hxxp://search.conduit.com/ResultsExt.aspx?octi[...]
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3227982");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "7V15XDP31WKL6ZPLIIA84AO3EMPFOLVVEFAMK3+XCRT7FLAYHGYNVFHYPLLOPGCYWQS01IOJPUEBXBVHZTA/DQ");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=14196");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
[qsmty86s.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchEngine", "Google");
 
-\\ Google Chrome v43.0.2357.132
 
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.search.ask.com/web?p2=%5EAKE%5EOSJ000%5EYY%5ECA&gct=&o=APN10452&tpid=ORJ-V7&itbv=12.6.0.11&doi=2013-10-28&apn_uid=EBBD10A0-FF4C-42C8-B6E5-7353EC8BECCE&apn_ptnrs=AKE&apn_dtid=%5EOSJ000%5EYY%5ECA&apn_dbr=cr_30.0.1599.101&psv=&trgb=CR&q={searchTerms}
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://ca.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_28&param1=1&param2=f%3D4%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyE0EyCzy0AyCzzyC0DyEtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0DzyyD0CyDzztGtCtC0FyBtGyDyEyEtBtGyB0A0ByEtG0F0DyDzyyByC0F0Fzy0C0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyCzz0AyCyBtB0BtGtBtBzy0CtGyEtDyCtBtGzyzz0BtBtGtC0C0FyB0CyD0E0D0BtC0BtA2QtN0A0LzutB%26cr%3D390550754%26a%3Dwncy_ir_15_28%26os%3DWindows 7 Home Premium&p={searchTerms}
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : 93CE57A7A31BD62123122A5A6D276F7A5A9FF730952F5B7E229F4BA26660B456"},"software_reporter":{"prompt_reason":"7BB809EF668F57F531E6AEFBE5693468972310CDDE6C183CD013B2CFCD523AEA","prompt_seed":"7ACE5C89E2CBADA8AA96B8518F7D2381E872894D9FB2CEA3F5CB4AFB08A68413","prompt_version":"188285544BA8CDEAA08016405A42D511C4C2077FED6B96BFC18D42A088A4D333"},"sync":{"remaining_rollback_tries":"1666D1302B2BEA35E04200B7D29974E9F57AAC2C3E33080682A76DE19F405CCD"}},"super_mac":"3DEF95F92A5A12CF5DF757A0C49E0ACCC6E33E0EDB682940D0EC4DE2391AF0BA"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_28&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyE0EyCzy0AyCzzyC0DyEtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0DzyyD0CyDzztGtCtC0FyBtGyDyEyEtBtGyB0A0ByEtG0F0DyDzyyByC0F0Fzy0C0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyCzz0AyCyBtB0BtGtBtBzy0CtGyEtDyCtBtGzyzz0BtBtGtC0C0FyB0CyD0E0D0BtC0BtA2QtN0A0LzutB%26cr%3D390550754%26a%3Dwncy_ir_15_28%26os%3DWindows 7 Home Premium
 
-\\ Chromium v
 
[C:\Users\**** H\AppData\Local\Chromium\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_28&param1=1&param2=f%3D1%26b%3DIS Browser%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0A0CyBtBzzzyyE0EyCzy0AyCzzyC0DyEtN0D0Tzu0StCtBzztAtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StB0E0DzyyD0CyDzztGtCtC0FyBtGyDyEyEtBtGyB0A0ByEtG0F0DyDzyyByC0F0Fzy0C0CyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AyCzz0AyCyBtB0BtGtBtBzy0CtGyEtDyCtBtGzyzz0BtBtGtC0C0FyB0CyD0E0D0BtC0BtA2QtN0A0LzutB%26cr%3D390550754%26a%3Dwncy_ir_15_28%26os%3DWindows 7 Home Premium%26uref%3Dchmm
 
*************************
 
AdwCleaner[R0].txt - [14850 bytes] - [13/07/2015 11:19:07]
AdwCleaner[S0].txt - [9811 bytes] - [13/07/2015 11:49:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9870  bytes] ##########
 
Here are the FRST results
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-07-2015
Ran by **** H (administrator) on ****H-PC on 13-07-2015 12:45:46
Running from C:\Users\**** H\Downloads
Loaded Profiles: **** H (Available Profiles: **** H)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
() C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(PC Tools) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Windows\System32\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-21] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2055816 2011-05-30] ()
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-11-01] (Intel® Corporation)
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-05-30] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [ccApp] => C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe [115624 2011-06-23] (Symantec Corporation)
HKLM-x32\...\Run: [SSDMonitor] => C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-02-03] (PC Tools)
HKLM-x32\...\Run: [RMAlert] => C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe [1018328 2012-02-03] (PC Tools)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Ad-Aware Antivirus] => "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\...\Run: [Ida] => C:\Program Files (x86)\Ida\IdaLaunch.exe [27368 2012-07-30] (Queen's University - ITServices)
HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\...\Policies\system: [DisableLockWorkstation] 0
AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL File not found
AppInit_DLLs-x32: c:\progra~3\perfor~1\perfor~1.dll => "c:\progra~3\perfor~1\perfor~1.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-ca/?pc=UP97&ocid=UP97DHP
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-09-01] (Sun Microsystems, Inc.)
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-12-08] (RealPlayer)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-28] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-28] (Oracle Corporation)
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 130.15.126.54 130.15.126.52
Tcpip\..\Interfaces\{58BDB00A-947F-4F16-94F1-0C975CDA9DAF}: [DhcpNameServer] 130.15.126.54 130.15.126.52
 
FireFox:
========
FF ProfilePath: C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default
FF DefaultSearchEngine: Bing 
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll [2015-07-09] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll [2011-09-01] (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll [2015-07-09] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2011-07-29] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2012-12-08] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-2891569098-3881632051-4230430765-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\**** H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Plugin HKU\S-1-5-21-2891569098-3881632051-4230430765-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\**** H\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-09] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll [2012-12-08] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2012-12-08] (RealPlayer)
FF SearchPlugin: C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\searchplugins\Search Provided by Yahoo.xml [2015-07-07]
FF Extension: Lavasoft Search Plugin - C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-01]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-23]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-09-23]
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-12-08]
 
Chrome: 
=======
CHR Profile: C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2015-07-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-16]
CHR Extension: (Skype Click to Call) - C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-07-13]
CHR Extension: (Google Wallet) - C:\Users\**** H\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-12-08]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-06-23] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108456 2011-06-23] (Symantec Corporation)
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE [3093944 2011-05-26] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()
R2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-02-03] (PC Tools)
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3289032 2011-12-19] (GFI Software)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3262240 2011-09-29] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [428976 2011-09-29] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [1851224 2011-09-29] (Symantec Corporation)
R2 TabletServiceWacom; C:\windows\system32\Wacom_Tablet.exe [3647272 2009-03-26] (Wacom Technology, Corp.)
R2 ZcfgSvc7; C:\Program Files\Intel\WiFi\bin\ZCfgSvc7.exe [994064 2011-11-01] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-15] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-13] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\eng64.sys [129752 2014-12-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Definitions\VirusDefs\20150105.019\ex64.sys [2137304 2014-12-15] (Symantec Corporation)
R1 SBRE; C:\windows\SysWOW64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [453240 2011-09-07] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWOW64\Drivers\SRTSP64.SYS [453240 2011-09-07] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [482424 2011-09-07] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWOW64\Drivers\SRTSPL64.SYS [482424 2011-09-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32376 2011-09-07] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWOW64\Drivers\SRTSPX64.SYS [32376 2011-09-07] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-29] (Symantec Corporation)
U4 WinDefend; No ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 12:45 - 2015-07-13 12:47 - 00026264 _____ C:\Users\**** H\Downloads\FRST.txt
2015-07-13 12:45 - 2015-07-13 12:45 - 00000000 ____D C:\FRST
2015-07-13 12:05 - 2015-07-13 12:05 - 02248704 _____ C:\Users\**** H\Downloads\adwcleaner_4.208 (2).exe
2015-07-13 11:55 - 2015-07-13 11:55 - 02133504 _____ (Farbar) C:\Users\**** H\Downloads\FRST64.exe
2015-07-13 11:53 - 2015-07-13 11:53 - 00126528 _____ C:\Users\**** H\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-13 11:38 - 2015-07-13 11:38 - 02248704 _____ C:\Users\**** H\Downloads\adwcleaner_4.208 (1).exe
2015-07-13 11:18 - 2015-07-13 12:10 - 00000000 ____D C:\AdwCleaner
2015-07-13 11:18 - 2015-07-13 11:18 - 02248704 _____ C:\Users\**** H\Downloads\adwcleaner_4.208.exe
2015-07-09 10:59 - 2015-07-13 12:11 - 00000168 _____ C:\windows\setupact.log
2015-07-09 10:59 - 2015-07-09 10:59 - 00000000 _____ C:\windows\setuperr.log
2015-07-09 01:34 - 2015-07-09 01:36 - 00362652 _____ C:\Users\**** H\Documents\cc_20150709_013358.reg
2015-07-09 00:34 - 2015-07-09 00:35 - 00039226 _____ C:\Users\**** H\Downloads\Result.txt
2015-07-09 00:34 - 2015-07-09 00:34 - 00892928 _____ (Farbar) C:\Users\**** H\Downloads\MiniToolBox.exe
2015-07-09 00:28 - 2015-07-09 00:28 - 00004605 _____ C:\Users\**** H\Downloads\FSS.txt
2015-07-09 00:26 - 2015-07-09 00:26 - 00415232 _____ (Farbar) C:\Users\**** H\Downloads\FSS.exe
2015-07-09 00:04 - 2015-07-09 00:04 - 00852676 _____ C:\Users\**** H\Downloads\SecurityCheck.exe
2015-07-08 16:25 - 2015-07-08 16:25 - 00001264 _____ C:\Users\**** H\Desktop\Spybot - Search & Destroy.lnk
2015-07-08 16:25 - 2015-07-08 16:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-07-08 16:24 - 2015-07-09 10:59 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-07-08 16:24 - 2015-07-09 01:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-07-08 16:20 - 2015-07-08 16:21 - 16409960 _____ (Safer Networking Limited ) C:\Users\**** H\Downloads\spybotsd162.exe
2015-07-08 16:17 - 2015-07-13 12:43 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-08 16:16 - 2015-07-08 16:16 - 00001108 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-08 16:16 - 2015-07-08 16:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-08 16:16 - 2015-07-08 16:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-08 16:16 - 2015-07-08 16:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-08 16:16 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-07-08 16:16 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-07-08 16:16 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-07-08 16:12 - 2015-07-08 16:13 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\**** H\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-08 11:04 - 2015-07-08 11:06 - 186551576 _____ (Microsoft Corporation) C:\Users\**** H\Downloads\msert (4).exe
2015-07-08 11:04 - 2015-07-08 11:05 - 17825792 _____ C:\Users\**** H\Downloads\msert (5).exe
2015-07-08 09:12 - 2015-07-08 09:12 - 03145728 _____ C:\Users\**** H\Downloads\msert (3).exe
2015-07-08 09:12 - 2015-07-08 09:12 - 01048576 _____ C:\Users\**** H\Downloads\msert (2).exe
2015-07-08 09:12 - 2015-07-08 09:12 - 00537032 _____ C:\Users\**** H\Downloads\msert (1).exe
2015-07-08 09:07 - 2015-07-08 09:07 - 17825792 _____ C:\Users\**** H\Downloads\msert.exe
2015-07-07 23:43 - 2015-07-07 23:45 - 52822240 _____ (Microsoft Corporation) C:\Users\**** H\Downloads\Windows-KB890830-x64-V5.25.exe
2015-07-07 14:33 - 2015-07-07 14:35 - 00000000 ____D C:\windows\SysWOW64\directx
2015-07-07 14:24 - 2015-07-07 14:33 - 00000000 ____D C:\Users\**** H\AppData\Local\Chromium
2015-07-07 14:22 - 2015-07-07 14:36 - 00000000 ____D C:\Users\**** H\AppData\Roaming\Nico Mak Computing
2015-07-03 22:10 - 2015-07-07 23:15 - 00000000 ____D C:\Users\**** H\Documents\rice
2015-07-01 02:29 - 2015-07-07 23:15 - 00000000 ____D C:\Users\**** H\Documents\car paint
2015-06-23 14:55 - 2015-06-23 14:55 - 00000000 ____D C:\Users\**** H\Desktop\BBQ
2015-06-16 13:00 - 2015-06-16 13:01 - 02424599 _____ C:\Users\**** H\Downloads\Thesis Presentation (1).pptx
2015-06-15 22:20 - 2015-06-15 22:20 - 00000000 ____D C:\Users\**** H\Desktop\YanSimJune3rd
2015-06-15 14:49 - 2015-06-15 14:50 - 02273168 _____ C:\Users\**** H\Downloads\Thesis Presentation.pptx
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-07-13 12:43 - 2015-01-21 22:02 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-13 12:43 - 2014-05-27 01:33 - 00000000 ____D C:\Users\**** H\AppData\Roaming\WTablet
2015-07-13 12:43 - 2011-09-01 18:48 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-07-13 12:43 - 2011-09-01 18:48 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-07-13 12:43 - 2011-09-01 18:38 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-07-13 12:21 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-13 12:21 - 2009-07-14 00:45 - 00028576 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-13 12:16 - 2014-06-28 14:37 - 01321467 _____ C:\windows\WindowsUpdate.log
2015-07-13 12:14 - 2011-09-01 18:27 - 00000000 ____D C:\ProgramData\Sonic
2015-07-13 12:11 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-07-13 12:10 - 2015-01-21 22:02 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-13 11:56 - 2013-11-09 20:46 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-07-13 11:41 - 2012-05-03 17:30 - 00000932 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001UA.job
2015-07-13 08:43 - 2011-09-01 18:25 - 00000000 ____D C:\ProgramData\Temp
2015-07-13 03:02 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-07-13 03:02 - 2015-04-05 03:01 - 00000000 ___SD C:\windows\system32\GWX
2015-07-12 20:32 - 2012-05-03 17:30 - 00000910 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001Core.job
2015-07-12 14:16 - 2011-10-02 22:58 - 00000408 ____H C:\windows\Tasks\Norton Security Scan for **** H.job
2015-07-09 01:56 - 2013-11-09 20:46 - 00778416 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-07-09 01:56 - 2013-11-09 20:46 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-07-09 01:56 - 2012-01-05 17:09 - 00142512 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-09 00:19 - 2011-12-02 23:03 - 00000000 ____D C:\Users\**** H\AppData\Roaming\BitTorrent
2015-07-09 00:19 - 2011-10-07 01:16 - 00000000 ____D C:\Users\**** H\AppData\Roaming\Media Player Classic
2015-07-09 00:16 - 2012-07-15 21:00 - 00000000 ____D C:\windows\Minidump
2015-07-08 23:42 - 2014-12-03 14:34 - 00000000 __SHD C:\Users\**** H\AppData\Local\EmieBrowserModeList
2015-07-08 23:42 - 2014-07-30 20:48 - 00000000 __SHD C:\Users\**** H\AppData\Local\EmieUserList
2015-07-08 23:42 - 2014-07-30 20:48 - 00000000 __SHD C:\Users\**** H\AppData\Local\EmieSiteList
2015-07-08 18:06 - 2014-07-23 11:04 - 00000000 ____D C:\Users\**** H\Desktop\QGCS
2015-07-08 18:05 - 2014-02-21 15:36 - 00000000 ____D C:\Users\**** H\Desktop\school
2015-07-08 05:13 - 2015-01-21 22:03 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-07 23:21 - 2011-09-08 10:40 - 00000000 ____D C:\Users\**** H
2015-07-07 23:18 - 2015-05-05 15:01 - 00000000 ____D C:\Users\**** H\Downloads\http%3a%2f%2fbox-soft.com%2f
2015-07-07 23:18 - 2015-01-21 22:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-07 23:18 - 2013-09-09 11:59 - 00000000 ____D C:\Users\**** H\Downloads\mtben16243ac
2015-07-07 23:18 - 2013-02-11 19:38 - 00000000 ____D C:\Users\**** H\Downloads\Inuyasha OST 1
2015-07-07 23:18 - 2012-10-19 14:49 - 00000000 ____D C:\Users\**** H\Downloads\MicroSoft Office 2007 With Key by [TORRENTMAFIA.IN]
2015-07-07 23:18 - 2012-01-11 01:06 - 00000000 ____D C:\Users\**** H\Downloads\Walk Off The Earth - Somebody That I Used To Know (Gotye Cover) Mp3 2012 [FAP]
2015-07-07 23:18 - 2011-09-01 20:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-07 23:18 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2015-07-07 23:17 - 2013-12-10 01:20 - 00000000 ____D C:\Users\**** H\Downloads\MSEX4SD
2015-07-07 23:16 - 2015-05-05 15:37 - 00000000 ____D C:\Users\**** H\Downloads\http%3a%2f%2fcygwin.mirror.constant.com%2f
2015-07-07 23:16 - 2015-05-05 15:03 - 00000000 ____D C:\Users\**** H\Downloads\ftp%3a%2f%2fmirrors-usa.go-parts.com%2fcygwin%2f
2015-07-07 23:16 - 2013-02-11 19:38 - 00000000 ____D C:\Users\**** H\Downloads\Inuyasha OST 2
2015-07-07 23:15 - 2014-07-01 23:24 - 00000000 ____D C:\Users\**** H\Documents\figuresoes
2015-07-07 23:15 - 2013-08-04 00:21 - 00000000 ____D C:\Users\**** H\Downloads\06387CC.fOOt
2015-07-07 14:33 - 2011-09-01 17:54 - 00000000 ___HD C:\windows\msdownld.tmp
2015-07-03 13:08 - 2011-09-08 11:34 - 00000000 ____D C:\Users\L**** H\AppData\Roaming\Skype
2015-06-29 15:23 - 2013-09-18 11:29 - 00000000 ____D C:\Users\**** H\Desktop\phd thesis
2015-06-24 17:37 - 2014-12-24 21:56 - 00003886 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-22 22:25 - 2011-09-08 16:07 - 00054272 _____ C:\Users\**** H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-20 10:52 - 2015-06-04 13:42 - 00000000 ____D C:\Users\**** H\Documents\PCA for paint flakes
 
==================== Files in the root of some directories =======
 
2013-02-13 11:49 - 2013-02-13 11:49 - 4126720 _____ () C:\Program Files (x86)\GUT661.tmp
2011-09-08 16:07 - 2015-06-22 22:25 - 0054272 _____ () C:\Users\**** H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-10 14:57 - 2011-12-10 14:57 - 0000000 _____ () C:\Users\**** H\AppData\Local\{A5E29E35-58FA-4301-8398-7AC7CD5DC7C3}
2011-09-11 19:05 - 2011-09-11 19:06 - 0000347 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\**** H\AppData\Local\Temp\Quarantine.exe
C:\Users\**** H\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-07-13 12:41
 
==================== End of log ============================

 

Here is the Addition log.

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by **** H at 2015-07-13 12:48:26
Running from C:\Users\**** H\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2891569098-3881632051-4230430765-500 - Administrator - Disabled)
Guest (S-1-5-21-2891569098-3881632051-4230430765-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2891569098-3881632051-4230430765-1002 - Limited - Enabled)
**** H (S-1-5-21-2891569098-3881632051-4230430765-1001 - Administrator - Enabled) => C:\Users\**** H
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Ad-Aware Antivirus (HKLM-x32\...\{6a4b0a4f-58d0-430c-becc-aa50733cd761}) (Version: 10.3.45.3935 - Lavasoft)
Ad-Aware Security Add-on (HKLM-x32\...\adawaretb) (Version: 2.2.0.11 - Lavasoft)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.191 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{5AF0B1A8-1EF7-0FF7-5504-4983FB76F914}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{B3575D00-27EF-49C2-B9E0-14B3D954E992}) (Version: 1.5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{439760BC-7737-4386-9B1D-A90A3E8A22EA}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.5.0 - BitTorrent Inc.)
Bonjour (HKLM\...\{CA0D2F09-F811-48D4-843E-C87696C6A9D9}) (Version: 3.0.0.2 - Apple Inc.)
Bootstrapper (x32 Version: 1.1.3.0 - Minitab, Inc.) Hidden
Bootstrapper (x32 Version: 1.2.2.0 - Minitab, Inc.) Hidden
Castle Crashers (HKLM-x32\...\Castle Crashers_is1) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Combined Community Codec Pack 2011-07-30 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.07.30.0 - CCCP Project)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 9.4.60 - Dell Inc.)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.60 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{0EEBAFB5-CB0F-4E1A-A33F-4ECAF15CE2F9}) (Version: 1.5.1249.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{39D06E77-8921-4056-8901-36D0035BAECA}) (Version: 1.5.420.0 - Fingertapps)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage  (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage  (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.46 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)
EndNote X7 (HKLM-x32\...\{86B3F2D6-AC2B-0017-8AE1-F2F77F781B0C}) (Version: 17.1.0.7705 - Thomson Reuters)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.132 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
Ida (HKLM-x32\...\{B629BDF8-6DAC-478B-A194-6C356AA4A311}) (Version: 2.1.0.51 - Queen's University - ITServices)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6341.0 - IDT)
ImageJ 1.48v (HKLM\...\ImageJ_is1) (Version:  - NIH)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{2ABA2E8D-23CF-418F-BC8F-2EC99FA51A3F}) (Version: 1.2.1.0608 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{D61E4101-9E15-4D0E-ABD1-1ABD36B43330}) (Version: 14.03.0000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}) (Version: 10.4.1.10 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java™ 6 Update 24 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416024FF}) (Version: 6.0.240 - Oracle)
Java™ 6 Update 27 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216027FF}) (Version: 6.0.270 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LiveUpdate 3.3 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.3.0.107 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Manga Studio EX 4.0 (HKLM-x32\...\Manga Studio EX 4.0) (Version:  - )
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office XP Media Content (HKLM-x32\...\{90300409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2619.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (HKLM-x32\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Minitab 16 (HKLM-x32\...\Minitab16) (Version: 16.2.4 - Minitab, Inc.)
Minitab 17 (HKLM-x32\...\Minitab17) (Version: 17.2.1 - Minitab, Inc.)
Minitab Software Update Manager (HKLM-x32\...\MinitabSoftwareManager) (Version: 1.2.0.0 - Minitab, Inc.)
Minitab16 (x32 Version: 16.2.4.3 - Minitab Inc) Hidden
Minitab16 (x32 Version: 16.2.4.3 - Minitab, Inc.) Hidden
Minitab17 (x32 Version: 17.2.1.0 - Minitab Inc) Hidden
Minitab17 (x32 Version: 17.2.1.0 - Minitab, Inc.) Hidden
Mozilla Firefox 30.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Octave (HKLM-x32\...\Octave-3.8.2) (Version: 3.8.2 - )
PC Tools Registry Mechanic 11.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 11.0 - PC Tools)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Python 3.3.0 (HKLM-x32\...\{526b1417-92c1-3737-8247-4abc49ccc8e4}) (Version: 3.3.150 - Python Software Foundation)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
R for Windows 3.2.0 (HKLM\...\R for Windows 3.2.0_is1) (Version: 3.2.0 - R Core Team)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
ResearchSoft Direct Export Helper (HKLM-x32\...\ResearchSoft Direct Export Helper) (Version:  - Thomson Reuters)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Secure Download Manager (HKLM-x32\...\{B4E55DB1-CABE-49B3-B5B4-C9761A78455D}) (Version: 3.1.20 - Kivuto Solutions Inc.)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.102 - Skype Technologies S.A.)
SoftwareManager (x32 Version: 1.2.0.0 - Minitab, Inc.) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
SpinWorks_3 (HKLM-x32\...\{4DDAF49F-500E-404F-9894-D5F005B8FA4E}) (Version: 3.1.6 - University of Manitoba)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{5C8BE867-CC84-452B-940C-1C18200277E5}) (Version: 11.0.7101.1056 - Symantec Corporation)
System Checkup 3.3 (HKLM-x32\...\{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1) (Version: 3.3.0.37 - iolo technologies, LLC)
Unity Web Player (HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
XLSTAT 2013 (HKLM-x32\...\{68B36FA5-E276-4C03-A56C-EC25717E1668}) (Version: 15.2.03.514 - Addinsoft)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
05-07-2015 19:18:13 Windows Backup
07-07-2015 23:05:37 Restore Operation
13-07-2015 00:39:27 Windows Backup
13-07-2015 03:00:15 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {086D8930-A16A-435B-AB68-5CCA2301D31A} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2891569098-3881632051-4230430765-1001
Task: {09F1FCEF-0B4F-41E8-A1FB-6C5551D7DAC2} - System32\Tasks\Norton Security Scan for **** H => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-11-03] (Symantec Corporation)
Task: {1973A185-AAFC-4C71-90AE-C595AED87D94} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001UA => C:\Users\**** H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {298BADA0-DD47-41B5-8E1E-31FC73C03C70} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {2BF3EBF2-475F-47C0-8206-B5E069D00847} - System32\Tasks\RMSmartUpdate => C:\Program Files (x86)\PC Tools Registry Mechanic\update.exe [2012-02-03] (PC Tools)
Task: {3325BFCD-644F-45C8-8F29-39FA7A472883} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe [2012-09-20] (Lavasoft Limited)
Task: {3C6E1D7B-4A03-4990-A311-A4D953208E1D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {4F8386FD-048F-4A72-81B7-8B5DE9903E84} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2891569098-3881632051-4230430765-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {596D82D7-0CDB-4C03-BE52-74C9F8667B0C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-09] (Adobe Systems Incorporated)
Task: {5DD03C51-B588-427D-B02C-946E21C7F5EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-21] (Google Inc.)
Task: {5FA8DF26-49B7-4020-A4EE-34D53C92D989} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {81BEE0D4-0312-4D57-9719-1719ECE82BDA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001Core => C:\Users\**** H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {A13DC7A4-EF4F-489A-928F-A6CF0951D3ED} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2891569098-3881632051-4230430765-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {B132FCE9-8A4B-4A61-B53C-8B86B7834C87} - System32\Tasks\{1E10C743-1599-482D-A859-C6AC8FB81A19} => Chrome.exe http://ui.skype.com/ui/0/6.21.0.104/en/go/help.faq.installer?LastError=1601
Task: {C588A842-60E8-4E23-9496-6FB4DABAE55A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {D388476A-53BC-41E2-AEA3-3F5054C5D534} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F5C3C6DA-0505-4716-8C4E-72AEDD332E4D} - System32\Tasks\{0ABAED4A-5C9C-4DF8-AC55-C3576C074248} => pcalua.exe -a "C:\Users\**** H\Downloads\jxpiinstall.exe" -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {FB1E10C6-C36F-4855-8886-F432D74D525D} - System32\Tasks\Minitab\Minitab Software Update Manager => C:\Program Files (x86)\Common Files\Minitab Shared\Software Manager\SoftwareManager.exe [2013-12-04] (Minitab)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001Core.job => C:\Users\**** H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2891569098-3881632051-4230430765-1001UA.job => C:\Users\**** H\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Norton Security Scan for **** H.job => 0x01060100790A020E2A126F48B7D23BE75008796D4600660100000000D0020100200000000074B7012413048000130400D0228021DF07070000000C000E0010001C00A20000002D0043003A005C00500052004F004700520041007E0032005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400310030007E0031002E00320038005C004E00730073002E00650078006500000017002F007300630061006E002D0071007500690063006B0020002F007300630068006500640075006C00650064000000250043003A005C00500052004F004700520041007E0032005C004E004F00520054004F004E007E0032005C0045006E00670069006E0065005C003400310030007E0031002E0032003800000007004C0069006C00790020004800000015004E006F00720074006F006E0020005300650063007500720069007400790020005300630061006E000000000008000000000000000000010030000000DE070B0015000000000000000F0032000000000000000000000000000200000001007F000000000000000000
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-11-01 12:58 - 2011-11-01 12:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-09-01 20:34 - 2011-04-10 14:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-17 11:35 - 2010-11-17 11:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2011-05-30 10:30 - 2011-05-30 10:30 - 00885760 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
2011-09-01 18:38 - 2011-08-18 11:05 - 02751808 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
2014-10-16 04:30 - 2014-10-16 04:30 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-09-01 17:58 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-09-15 13:56 - 2014-12-19 06:01 - 00192376 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libBase64.dll
2012-09-15 13:56 - 2014-12-19 06:01 - 00180088 _____ () C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
2010-11-24 23:44 - 2010-11-24 23:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 07938048 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
2011-05-30 10:25 - 2011-05-30 10:25 - 02225664 _____ () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
2015-07-08 05:12 - 2015-07-06 23:49 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libglesv2.dll
2015-07-08 05:12 - 2015-07-06 23:49 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\libegl.dll
2015-07-08 05:13 - 2015-07-06 23:49 - 16285512 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.132\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\**** H\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 130.15.126.54 - 130.15.126.52
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{5E36AC49-169B-4D30-AAEB-6ABCEBA4730E}] => (Allow) C:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{5E7E35A3-BD56-40C9-994A-531ADCB685B4}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{BC4DF964-8A03-4337-960F-FC9F02A90FF4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{695156A2-F196-44CE-962F-A9A7A78240C9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4A64EB57-566C-4C08-83CF-B5E31AE52B65}] => (Allow) LPort=2869
FirewallRules: [{CC9B457D-9836-4A8E-A754-4120C61652EC}] => (Allow) LPort=1900
FirewallRules: [{5E81FB4F-2218-4DA7-9902-19D012D75342}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{3CC7251B-0A08-42C5-A393-DD2552F486C2}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{6DB2063C-6769-4BDB-BC0F-6773C7E085F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A1F05720-D4D6-4960-97C8-10085B8490F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{67C46184-A5A4-43BE-AA30-0347B7624A75}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{56D61326-88BF-4920-86F1-587098852746}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{9A8C62CE-C7C3-4954-9B62-830D09D12AED}] => (Allow) C:\Program Files (x86)\FrostWire 5\FrostWire.exe
FirewallRules: [{DE49A864-65FA-4954-972F-5CAC4F95034E}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{E439973D-73A9-454F-BCAA-F64D21D17927}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
FirewallRules: [{5C995C98-FA6E-40AF-A042-3CD99151CC84}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{8EE1CE38-9D5B-4193-A3F0-63722100043D}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
FirewallRules: [{E2A456FE-45B1-4B3F-97D9-CC96DA726154}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{30BD61DD-BAA0-4219-A27A-FEA8201E23EC}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE
FirewallRules: [{148F243C-8549-4E78-8310-E83B9D9DA2C1}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
FirewallRules: [{D98947A5-07B3-4BD4-802D-B8480C425DC0}] => (Allow) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter #3
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/13/2015 12:16:50 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (07/13/2015 12:12:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 11:58:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (07/13/2015 11:56:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WLANExt.exe, version: 6.1.7600.16385, time stamp: 0x4a5bcc33
Faulting module name: IWMSSvc.dll, version: 14.3.0.0, time stamp: 0x4eb057b8
Exception code: 0xc0000005
Fault offset: 0x0000000000120555
Faulting process id: 0x6a8
Faulting application start time: 0xWLANExt.exe0
Faulting application path: WLANExt.exe1
Faulting module path: WLANExt.exe2
Report Id: WLANExt.exe3
 
Error: (07/13/2015 11:52:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (07/13/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/13/2015 11:13:43 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/13/2015 12:39:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/13/2015 12:39:53 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
Error: (07/12/2015 10:49:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0)
 
 
System errors:
=============
Error: (07/13/2015 12:43:50 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
 
Error: (07/13/2015 12:14:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/13/2015 12:12:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (07/13/2015 12:12:07 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.
 
Error: (07/13/2015 12:12:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (07/13/2015 12:11:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (07/13/2015 12:11:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (07/13/2015 12:11:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\System32\IWMSSvc.dll
 
Error: (07/13/2015 12:11:01 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
 
Module Path: C:\windows\System32\IWMSSvc.dll
 
Error: (07/13/2015 12:10:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
Microsoft Office:
=========================
Error: (04/29/2015 07:13:20 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6718.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 760 seconds with 600 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 06:47:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 223 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 06:42:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 55 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 06:41:43 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1078 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error: (04/20/2015 06:23:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 286179 seconds with 2040 seconds of active time.  This session ended with a crash.
 
Error: (02/09/2015 03:49:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/09/2015 03:49:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/09/2015 03:48:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/09/2015 03:48:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 35 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/09/2015 03:47:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6712.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 74%
Total physical RAM: 4004.25 MB
Available physical RAM: 1027.51 MB
Total Virtual: 8006.71 MB
Available Virtual: 4077.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:283.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8D87AD84)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 14 July 2015 - 07:14 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL File not found
AppInit_DLLs-x32: c:\progra~3\perfor~1\perfor~1.dll => "c:\progra~3\perfor~1\perfor~1.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-2891569098-3881632051-4230430765-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\**** H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Lavasoft Search Plugin - C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-01]
U4 WinDefend; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

How is the computer running now?

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.


How is the computer running now?

#5 coldchipsspoils

coldchipsspoils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 14 July 2015 - 10:01 AM

Hi nasdaq,

 
Thanks so much for replying so fast!

 

Here is the fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-07-2015
Ran by **** H at 2015-07-14 10:38:32 Run:1
Running from C:\Users\**** H\Downloads
Loaded Profiles: **** H &  (Available Profiles: **** H)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
AppInit_DLLs: C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL => C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL File not found
AppInit_DLLs-x32: c:\progra~3\perfor~1\perfor~1.dll => "c:\progra~3\perfor~1\perfor~1.dll" File not found
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
BHO: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} ->  No File
BHO-x32: No Name -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} ->  No File
Toolbar: HKLM-x32 - No Name - {8dcb7100-df86-4384-8842-8fa844297b3f} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No File
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll No File
FF Plugin HKU\S-1-5-21-2891569098-3881632051-4230430765-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\**** H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
FF Extension: Lavasoft Search Plugin - C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2012-09-01]
U4 WinDefend; No ImagePath
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\PROGRA~3\PERFOR~1\PERFOR~2.DLL" => value data removed successfully.
"c:\progra~3\perfor~1\perfor~1.dll" => value data removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKCR\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}" => key removed successfully
HKCR\Wow6432Node\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}" => key removed successfully
HKCR\Wow6432Node\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} => value removed successfully
HKCR\Wow6432Node\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\MozillaPlugins\wacom.com/WacomTabletPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@nexon.net/NxGame" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\wacom.com/WacomTabletPlugin" => key removed successfully
"HKU\S-1-5-21-2891569098-3881632051-4230430765-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully
C:\Users\**** H\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll not found.
C:\Users\**** H\AppData\Roaming\Mozilla\Firefox\Profiles\qsmty86s.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack not found.
WinDefend => Service removed successfully
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
EmptyTemp: => 687.4 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 10:44:56 ====
 
 
I actually never had much of a problem with my laptop before and after that incident actually, no browser hijacking and no slowing down of my laptop, it was just very suspicious with the two threats detected so I suspected they were running behind the scenes or something.
 
How does the log look? My Spybot has since stopped detecting the two threats, do you think they have been completely removed now? I'm a little concerned that Chromium v still showed up in the adwcleaner since I thought I got rid of it when it was downloaded with that package from the game.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 15 July 2015 - 07:30 AM

-\\ Chromium v

[C:\Users\**** H\AppData\Local\Chromium\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-
etc...

What ever was found on Chromium it was deleted.

===


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 coldchipsspoils

coldchipsspoils
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:48 AM

Posted 15 July 2015 - 08:29 AM

Thank you nasdaq.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,746 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:48 AM

Posted 15 July 2015 - 12:03 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users