Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Window 7 Ultimate(64 bit) taking minutes to do almost everything


  • This topic is locked This topic is locked
12 replies to this topic

#1 flyerfred

flyerfred

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 06 November 2015 - 10:12 AM

I am running Windows 7 ultimate 64 bit on a quad core AMD processor with 8GB of ram. For the last week or so it is taking minutes to go from one message to the next in Outlook 2007, change from one directory to another in Windows Explorer and almost everything else I do. When I log in it takes 10-15 minutes to finish the log in process. Task manager shows less than 1% CPU utilization, less than 3 GB ram in use and little to no disk activity. Bitdefender, MalwareBytes and Spybot Search and Destroy all show no malware on the system. I am completely stumped as to how to proceed. I am pasting the hijackthis log I ran last night as well as uploading it.
 
Any help anyone can provide will be greatly appreciated.
 
Fred Magee
flyerfred[at]@earthlink.net
fmagee[at]cabq.gov
 
=========================================
hijackthis.log
=========================================
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:10:56 PM, on 11/5/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
 
FIREFOX: 41.0.2 (x86 en-US)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Users\Fred\AppData\Roaming\VERIZON\UA_ar\UA.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
K:\HijackThis.exe
C:\Users\Fred\Downloads\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eweb.cabq.gov/default.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [WebStorage] C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe /startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [ACSW18EN] "C:\Program Files (x86)\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe"
O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe"
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKCU\..\Run: [ACDSeeCommander18] C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
O4 - HKCU\..\Run: [ACDSeeCommanderUltimate8] C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: BdBkpFolder
O4 - Startup: Verizon Wireless Software Utility Application for Android – Samsung.lnk = Fred\AppData\Roaming\VERIZON\UA_ar\UA.exe
O4 - Global Startup: NETGEAR WNA1100 Genie.lnk = C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{5680A151-4E57-4EA8-9700-81840415ECC3}: NameServer = 76.73.7.78,50.7.75.29
O17 - HKLM\System\CCS\Services\Tcpip\..\{665E2182-5F5C-4E0F-ACD8-55CF31F58A5A}: NameServer = 76.73.7.78,50.7.75.29
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
O23 - Service: Bitdefender Desktop Parental Control (BdDesktopParental) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
 
--
End of file - 14177 bytes
=========================================
End of hijackthis.log
=========================================

Attached Files


Edited by nasdaq, 11 November 2015 - 02:16 PM.
e-mal addresses obfuscated. Never post your e-mal address in a topic.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 08 November 2015 - 11:15 AM


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===


How is the computer running now?
Wait for further instructions.

Edited by nasdaq, 08 November 2015 - 11:16 AM.


#3 flyerfred

flyerfred
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 09 November 2015 - 11:17 AM

Thank you for the suggestions. Unfortunately, several attempts to run malwarebytes failed when the program would not start. When I either double click the icon or right click the icon and select either run or run as administrator I get the box asking if I want to let malwarebytes make changes to my system. When I click yes, the window closes and the program never starts. I'm going to reboot to safe mode and try again. If that fails, I will uninstall malwarebytes and reinstall off a cd.

 

Any other suggestions? How much risk is there in hitting the reset button instead of rebooting? It is sometimes taking hours for the system to go down and trying to catch the right moment to hit "F8" may be very problematical.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 09 November 2015 - 01:55 PM

Forget about the Malwarebyte run. Continue with the other 2 tools.

#5 flyerfred

flyerfred
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 11 November 2015 - 09:54 AM

Good morning. My computer is working better but still has some issues with intermittent freezes. I'm including the logs you requested below.

 

========================================

MalWareBytes

========================================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/10/2015
Scan Time: 10:28 PM
Logfile: malwarebytes-20151110.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.11.01
Rootkit Database: v2015.11.04.02
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Fred

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 548306
Time Elapsed: 16 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

========================================

End of MalWareBytes

========================================

ADWCleaner log

========================================

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 07:20:03
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Fred - PERRIN
# Running from : C:\Users\Fred\Desktop\adwcleaner_5.019.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Windows\SysNative\Tasks\ninja VOD Updater

***** [ Files ] *****


***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [641 bytes] ##########
 

========================================

End of ADW Cleaner log

========================================

 

========================================

Farbar Log

========================================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Fred (administrator) on PERRIN (10-11-2015 22:53:46)
Running from K:\MalWareBytes
Loaded Profiles: Fred (Available Profiles: Fred & Fredz & Sharon & Patricia)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\psxss.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\DAODx.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
() C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
() C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
(Dropbox, Inc.) C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SAMSUNG Electornics Co., Ltd.) C:\Users\Fred\AppData\Roaming\VERIZON\UA_ar\UA.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(ACD Systems) C:\Program Files (x86)\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dropbox, Inc.) C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1695744 2015-06-23] (Bitdefender)
HKLM\...\Run: [ACUW08EN] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\acdIDInTouch2.exe [1814800 2015-02-03] (ACD Systems)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSPanel.exe [5099840 2013-06-26] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2014-11-22] (RealNetworks, Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-09] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [1596096 2009-08-05] (Leader Technologies Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [ACSW18EN] => C:\Program Files (x86)\ACD Systems\ACDSee\18.0\acdIDInTouch2.exe [1470224 2014-09-17] (ACD Systems)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-23] (Bitdefender)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [ACDSeeCommander18] => C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe [1968136 2014-12-17] ()
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2054664 2015-02-03] ()
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [Dropbox Update] => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-23] (Siber Systems)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\MountPoints2: O - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\MountPoints2: {13736d3d-7443-11e4-9c4a-806e6f6e6963} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\MountPoints2: {4c73ae58-718b-11e4-a627-806e6f6e6963} - I:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-06-23] (Bitdefender)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ACDSeeCommander18] => C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe [1968136 2014-12-17] ()
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ACDSeeCommanderUltimate8] => C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe [2054664 2015-02-03] ()
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-22] (Dropbox, Inc.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-09-23] (Siber Systems)
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: O - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {13736d3d-7443-11e4-9c4a-806e6f6e6963} - O:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {4c73ae58-718b-11e4-a627-806e6f6e6963} - I:\.\Bin\ASSETUP.exe
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [477696 2010-11-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-10-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll [2014-07-04] (Bitdefender)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2014-06-27] (Carbonite, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA1100 Genie.lnk [2015-09-26]
ShortcutTarget: NETGEAR WNA1100 Genie.lnk -> C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe ()
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BdBkpFolder [2015-11-05] ()
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-11-07]
ShortcutTarget: Dropbox.lnk -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnk [2015-10-05]
ShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Fred\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{5680A151-4E57-4EA8-9700-81840415ECC3}: [NameServer] 76.73.7.78,50.7.75.29
Tcpip\..\Interfaces\{665E2182-5F5C-4E0F-ACD8-55CF31F58A5A}: [NameServer] 76.73.7.78,50.7.75.29
Tcpip\..\Interfaces\{665E2182-5F5C-4E0F-ACD8-55CF31F58A5A}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2644614685-2435514142-472855821-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eweb.cabq.gov/default.aspx
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eweb.cabq.gov/default.aspx
HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-2644614685-2435514142-472855821-1000 -> DefaultScope {DE086B10-3777-43E6-990D-E02BAA3D0553} URL =
SearchScopes: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {DE086B10-3777-43E6-990D-E02BAA3D0553} URL =
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-23] (Siber Systems Inc.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2014-11-22] (RealPlayer)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-23] (Siber Systems Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-28] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-28] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-23] (Siber Systems Inc.)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-23] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-06-23] (Bitdefender)
Toolbar: HKU\S-1-5-21-2644614685-2435514142-472855821-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-23] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-23] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-23] (Siber Systems Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-18] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-18] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2014-11-23] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2014-11-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll [2014-11-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2014-11-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2014-11-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2014-11-22] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-21] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2014-11-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2014-10-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2014-11-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-09-23]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR HomePage: Default -> hxxps://search.yahoo.com/?type=407453&fr=yo-yhp-ch
CHR StartupUrls: Default -> "hxxp://www.dogpile.com/","hxxps://www.google.com/?gws_rd=ssl"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=407453&p={searchTerms}
CHR DefaultSearchKeyword: Default -> yahoo.com search
CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-08]
CHR Extension: (Bitdefender Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-11-08]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-05]
CHR Extension: (Gmail) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR Extension: (RoboForm Password Manager) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-09]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-21]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2014-11-22]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-11-21]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-09-17] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-09-17] (ASUSTeK Computer Inc.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-18] (Bitdefender)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-12] (DEVGURU Co., LTD.)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-11-21] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1545376 2015-06-23] (Bitdefender)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [297440 2011-07-28] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-06-23] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [271272 2015-06-23] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-06-23] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2015-02-10] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107080 2012-10-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-02-10] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-06-23] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-10] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [10240 2009-07-13] (Microsoft Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-23] (BitDefender S.R.L.)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
U1 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 22:54 - 2015-11-10 22:54 - 00000000 ____D C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-10 22:53 - 2015-11-10 22:54 - 00000000 ____D C:\FRST
2015-11-10 22:47 - 2015-11-10 22:49 - 00000000 ____D C:\AdwCleaner
2015-11-10 22:46 - 2015-11-10 22:46 - 00001073 _____ C:\Users\Fred\Documents\malwarebytes-20151110.txt
2015-11-09 17:48 - 2015-11-10 22:53 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-09 17:48 - 2015-11-09 17:48 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-09 17:48 - 2015-11-09 17:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-09 17:48 - 2015-11-09 17:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-09 17:48 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-09 17:48 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-09 17:48 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-08 09:41 - 2015-11-08 09:41 - 22908888 _____ (Malwarebytes ) C:\Users\Fred\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-08 09:30 - 2015-11-08 09:30 - 00000000 ____D C:\Users\Fred\Downloads\PanoramicBridges
2015-11-07 22:25 - 2015-11-07 22:27 - 07947159 _____ C:\Users\Sharon.PERRIN\Downloads\PanoramicBridges.deskthemepack
2015-11-07 22:21 - 2015-11-07 22:22 - 14780124 _____ C:\Users\Sharon.PERRIN\Downloads\PanoramicBeaches.deskthemepack
2015-11-07 16:19 - 2015-11-07 16:26 - 07947159 _____ C:\Users\Fred\Downloads\PanoramicBridges.deskthemepack
2015-11-07 15:49 - 2015-11-07 16:02 - 14780124 _____ C:\Users\Fred\Downloads\PanoramicBeaches.deskthemepack
2015-11-05 21:10 - 2015-11-05 21:10 - 00014179 _____ C:\Users\Fred\Downloads\hijackthis.log
2015-11-05 20:49 - 2015-11-05 20:55 - 00000000 ____D C:\Users\Fred\Downloads\Hold
2015-11-05 20:36 - 2015-11-05 20:36 - 00000000 ____D C:\Users\Fred\Downloads\Audible
2015-11-05 20:36 - 2015-11-05 11:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Fred\Downloads\HijackThis.exe
2015-11-03 05:43 - 2015-11-03 05:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-27 15:37 - 2015-10-27 15:37 - 00000000 ____D C:\Users\Fred\AppData\Local\bdch
2015-10-22 19:44 - 2015-10-22 19:44 - 00000000 ____D C:\Users\Sharon.PERRIN\AppData\Roaming\Sun
2015-10-22 19:44 - 2015-10-22 19:44 - 00000000 ____D C:\Users\Sharon.PERRIN\.oracle_jre_usage
2015-10-16 05:08 - 2015-10-16 05:08 - 00000000 ____D C:\Users\Fred\AppData\Local\CEF
2015-10-14 05:06 - 2015-10-14 05:06 - 00010309 _____ C:\Users\Fred\Downloads\Export(3).csv
2015-10-14 05:05 - 2015-10-14 05:05 - 00002167 _____ C:\Users\Fred\Downloads\Export(2).csv
2015-10-14 05:04 - 2015-10-14 05:05 - 00006784 _____ C:\Users\Fred\Downloads\Export(1).csv
2015-10-11 08:37 - 2015-10-11 08:37 - 00000000 ____D C:\Users\Fredz.PERRIN\AppData\Roaming\Sun
2015-10-11 08:37 - 2015-10-11 08:37 - 00000000 ____D C:\Users\Fredz.PERRIN\.oracle_jre_usage

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-10 22:55 - 2015-05-02 10:18 - 00000000 ___RD C:\Users\Fred\Dropbox
2015-11-10 22:55 - 2015-05-02 10:10 - 00000000 ____D C:\Users\Fred\AppData\Roaming\Dropbox
2015-11-10 22:53 - 2015-04-20 15:53 - 00000000 ____D C:\ProgramData\VMware
2015-11-10 22:52 - 2014-11-21 13:37 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-10 22:51 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 22:51 - 2009-07-13 21:51 - 00051549 _____ C:\Windows\setupact.log
2015-11-10 22:50 - 2010-11-20 20:47 - 00152080 _____ C:\Windows\PFRO.log
2015-11-10 21:19 - 2014-11-21 09:44 - 00000000 ____D C:\Users\Fredz\AppData\Local\Mozilla
2015-11-10 17:59 - 2009-07-13 22:13 - 00786702 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-10 17:23 - 2014-11-21 07:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-09 17:28 - 2015-06-22 04:39 - 00000862 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000Core.job
2015-11-09 17:28 - 2014-11-21 06:54 - 01481798 _____ C:\Windows\WindowsUpdate.log
2015-11-09 17:19 - 2015-06-22 04:39 - 00000914 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000UA.job
2015-11-09 17:11 - 2014-11-21 13:37 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-09 16:55 - 2014-11-21 15:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-08 15:58 - 2009-07-13 21:45 - 00027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-08 15:58 - 2009-07-13 21:45 - 00027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-05 18:13 - 2014-11-21 06:54 - 00000000 ____D C:\Users\Fred\AppData\Local\VirtualStore
2015-11-03 05:46 - 2015-10-10 12:50 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-01 05:53 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-31 05:20 - 2015-06-22 04:42 - 00000000 ____D C:\Windows\Minidump
2015-10-30 04:53 - 2014-12-29 05:45 - 00000000 ____D C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon
2015-10-30 04:53 - 2014-12-29 05:42 - 00000000 ____D C:\Users\Fred\AppData\Roaming\VERIZON
2015-10-28 05:09 - 2014-12-23 20:52 - 00000000 ____D C:\ProgramData\Oracle
2015-10-28 05:08 - 2015-03-22 21:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-10-28 05:08 - 2014-12-23 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-28 05:03 - 2015-10-10 13:06 - 00000000 ____D C:\Users\Fred\.oracle_jre_usage
2015-10-28 05:02 - 2015-04-16 07:01 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-10-28 05:02 - 2014-12-23 20:52 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-25 06:38 - 2015-07-04 05:25 - 00000000 ____D C:\Users\Fredz.PERRIN\Documents\Miscellany
2015-10-22 20:06 - 2014-11-21 13:37 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-22 19:44 - 2014-12-31 18:52 - 00000000 ____D C:\Users\Sharon.PERRIN
2015-10-22 05:07 - 2014-11-21 07:01 - 00000000 ____D C:\Users\Fred\Documents\Excel
2015-10-22 05:06 - 2015-04-20 16:00 - 00000000 ____D C:\Users\Fred\AppData\Local\VMware
2015-10-21 04:36 - 2015-04-21 06:20 - 00000000 ____D C:\Users\Fred\Documents\Virtual Machines
2015-10-21 04:36 - 2015-04-20 16:00 - 00000000 ____D C:\Users\Fred\AppData\Roaming\VMware
2015-10-18 04:38 - 2014-11-21 15:10 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-18 04:37 - 2014-11-21 15:10 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-18 04:37 - 2014-11-21 15:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-16 05:08 - 2014-11-21 15:09 - 00000000 ____D C:\Users\Fred\AppData\Local\Adobe
2015-10-11 08:37 - 2014-11-28 12:41 - 00000000 ____D C:\Users\Fredz.PERRIN
2015-10-11 08:31 - 2014-11-21 07:06 - 00002024 _____ C:\Users\Fred\Documents\Default.rdp
2015-10-11 06:13 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp

==================== Files in the root of some directories =======

2014-11-22 05:31 - 2015-07-25 12:14 - 0001630 _____ () C:\Users\Fred\AppData\Roaming\PERRIN.MTBF.txt
2014-11-22 05:51 - 2014-11-22 05:51 - 0003584 _____ () C:\Users\Fred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-21 08:54 - 2014-11-21 08:54 - 0605837 _____ () C:\ProgramData\1416584889.bdinstall.bin
2014-11-25 17:45 - 2014-11-25 17:45 - 0366465 _____ () C:\ProgramData\1416962491.bdinstall.bin
2014-11-21 13:39 - 2014-11-21 13:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Fred\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpj5mb.dll
C:\Users\Fred\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-21 09:28

==================== End of FRST.txt ============================

========================================

Farbar Additions Log

========================================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Fred (2015-11-10 22:55:47)
Running from K:\MalWareBytes
Windows 7 Ultimate Service Pack 1 (X64) (2014-11-21 13:54:33)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2644614685-2435514142-472855821-500 - Administrator - Disabled)
Fred (S-1-5-21-2644614685-2435514142-472855821-1000 - Administrator - Enabled) => C:\Users\Fred
Fredz (S-1-5-21-2644614685-2435514142-472855821-1003 - Administrator - Enabled) => C:\Users\Fredz.PERRIN
Guest (S-1-5-21-2644614685-2435514142-472855821-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2644614685-2435514142-472855821-1008 - Limited - Enabled)
Patricia (S-1-5-21-2644614685-2435514142-472855821-1005 - Limited - Enabled) => C:\Users\Patricia
Sara (S-1-5-21-2644614685-2435514142-472855821-1006 - Limited - Enabled)
Sharon (S-1-5-21-2644614685-2435514142-472855821-1004 - Administrator - Enabled) => C:\Users\Sharon.PERRIN

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
ACDSee 18 (HKLM\...\{6D0F6DF4-553E-43CD-AA95-69AB3644A8FF}) (Version: 18.1.0.233 - ACD Systems International Inc.)
ACDSee Ultimate 8 (64-bit) (HKLM\...\{DFD09008-75B2-49AB-A1D1-AEE552B3FD11}) (Version: 8.1.1.386 - ACD Systems International Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{5DDB9EF7-1BC0-C9C1-9829-6B9CF68AC357}) (Version: 8.0.903.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.12.0 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.17 - ASUSTeK Computer Inc.)
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.025 - ASUSTek Computer Inc.)
Avery Design & Print (HKLM-x32\...\Avery Design & Print 1.0.0) (Version: 1.0.0 - Avery Products Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.17.0.1227 - Bitdefender)
Bitvise SSH Client 6.23 (remove only) (HKLM-x32\...\BvSshClient) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
CPUID ASUS CPU-Z 1.65 (HKLM\...\CPUID ASUS CPU-Z_is1) (Version: 1.65 - CPUID, Inc.)
Creative Pack Volume 1 (HKLM\...\{3D1688AB-3440-4C7A-8CBB-5D77CD3C02D7}) (Version: 3.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.07 (HKLM-x32\...\{631D71FD-237F-4D74-B090-88E66FBC5A10}) (Version: 1.07.0000 - Pinnacle)
Dropbox (HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\Dropbox) (Version: 3.10.11 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.10.8 - Dropbox, Inc.)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
Epson Download Navigator (HKLM-x32\...\{10F63395-157F-4B93-AB4D-702A2FF11942}) (Version: 1.0.1 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}) (Version: 2.50.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.20.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WP-4530 Series Printer Uninstall (HKLM\...\EPSON WP-4530 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
e-Sword (HKLM-x32\...\{33354878-4BE6-406C-B6E0-EEA7315A69D3}) (Version: 10.03.0000 - Rick Meyers)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hollywood FX Volumes 1-3 (HKLM\...\{94F26E3B-100E-4C7B-B1F1-2F395128E848}) (Version: 2.1 - Corel Corporation)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
iZotope Music & Speech Cleaner (HKLM-x32\...\iZotope Music & Speech Cleaner_is1) (Version: 1.00 - iZotope, Inc.)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 40 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180400}) (Version: 8.0.400.26 - Oracle Corporation)
LEGO Star Wars II (HKLM-x32\...\InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}) (Version: 1.00.0000 - LucasArts)
LEGO Star Wars II (x32 Version: 1.00.0000 - LucasArts) Hidden
LTCM Client (HKLM-x32\...\LTCM Client) (Version:  - Leader Technologies Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{6344718C-AE30-4C86-B5CD-459077A83623}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.2047.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBeans IDE 8.0.2 (HKLM\...\nbi-nb-base-8.0.2.0.201411181905) (Version: 8.0.2 - NetBeans.org)
NETGEAR WNA1100 N150 Wireless USB Adapter (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.0.0.133 - NETGEAR)
NewBlue Effects (HKLM\...\{C0C7CFFB-C0EF-4CB5-A83D-33626D67BAA7}) (Version: 1.0 - Corel Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.24 (HKLM\...\{15E093DF-951E-46CB-B3EC-E1287E7A2319}) (Version: 4.3.24 - Oracle Corporation)
Personal Ancestral File 5 (HKLM-x32\...\{D94A8E22-DF2B-4107-9E51-608A60A7671D}) (Version:  - )
Pinnacle Studio 18 - Install Manager (HKLM\...\{39B53CC2-EE72-44E6-800D-C61A6465BF1A}) (Version: 18.0.234 - Corel Corporation)
Pinnacle Studio 18 - Standard Content Pack (HKLM\...\{DDBFA6BC-5756-465F-902A-5659F4EFBC6F}) (Version: 18.0 - Corel Corporation)
Pinnacle Studio 18 (HKLM\...\{11FB47FB-B341-4FD8-A505-E4C0CC0536C1}) (Version: 18.0.2.444 - Corel Corporation)
Pinnacle Studio 18 Add-Ons (x32 Version: 18.0 - Corel) Hidden
Premium Pack Volumes 1-2 (HKLM\...\{4BB25E0F-7689-48CF-B240-D8567FBDACFD}) (Version: 2.1 - Corel Corporation)
Punch! Professional Home Design - Platinum (HKLM-x32\...\Punch! Professional Home Design - Platinum) (Version:  - )
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.8.1 - Intuit)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.5 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
ScoreFitter Volumes 1-2 (HKLM\...\{DAD8BCAC-30E7-4D1A-91F2-F3712F0E2555}) (Version: 2.1 - Corel Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Title Extreme (HKLM\...\{C202FA8F-552B-4F7A-AB57-0B5B888E6BB5}) (Version: 2.1 - Corel Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{002CFA1B-7085-4489-A1CD-DAFC05BAA545}) (Version: 2.15.1003 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{9E835F39-6633-4D1C-92CC-006F4D2F5E08}) (Version: 2.15.1001 - Samsung Electronics Co., Ltd.)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 7.1.0 - VMware, Inc)
VMware Player (Version: 7.1.0 - VMware, Inc.) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16432 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2644614685-2435514142-472855821-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-07-25 12:31 - 00450831 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15464 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {041A853B-90BB-4727-905F-82FA6BCFC146} - System32\Tasks\{4A63FC62-2C2C-4B2C-B2F4-A449945AB702} => pcalua.exe -a C:\Users\Fred\Downloads\VirtualBox-4.3.24-98716-Win.exe -d C:\Users\Fred\Downloads
Task: {0C8C41B8-BE7C-4D0B-9C85-FDEBA3F1440B} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-23] (Siber Systems)
Task: {1F38AA84-5F6F-45A7-9F60-06DC7D7F47AE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {252746B5-BD43-4D84-B23E-76C3F8B79547} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-29] ()
Task: {295D7C3D-A46C-47B6-8260-14AD23D33508} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {3013A22B-8AF0-4A3C-8E6D-C8EFB566177D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {3513A261-DF26-4FF7-BF0D-7C6FE3FA4BA1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {4AE66DE1-B1B0-4D52-93E1-E5096077BEE7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000UA => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {58D24620-AF02-4EEC-9FCE-902B3483A9E1} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {899921DF-D9C5-486C-9901-233F66F37A56} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Fred => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2009-08-05] (Leader Technologies Inc.)
Task: {9443BDA3-5503-4FA8-9A2C-5D5C93666AC3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-18] (Adobe Systems Incorporated)
Task: {97DB21E3-1CF2-4711-A173-42A8629E6AE9} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMLJKJNJMJHMJMJJGMCNHMJMMMOJCNLMHMNJKJCNGMMJGMLJCNMJLMJMMJOMIMJJMMKJJJOJKJJNJICMIMCNGMCNOMJMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMGMHMJNHICMEKMICNJJCKJNBJCMJLNIKJLJJNKJCMJNNICMJNDJCMKJBJJNMJCMLMFMMMHMOMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {9AB4AE21-C5DC-4E9E-A0CB-A0E3D92B9A43} - System32\Tasks\ninja VOD Updater => C:\Users\Fred\AppData\Local\ninjaVOD\ninja VOD\1.3.17.3\ninjasetup.exe
Task: {B885FD14-8846-42E2-B2B2-1DACDDC2FE25} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe [2015-06-23] (Bitdefender)
Task: {B9B11CED-2E79-47C7-84F7-443B3CBE4902} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2013-08-27] (ASUSTek Computer Inc.)
Task: {BCC8875A-55FD-4337-94B7-697FDB9E8F34} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Fredz => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2009-08-05] (Leader Technologies Inc.)
Task: {C35EEB44-C448-44A4-9282-1204F113D86F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {CB17B01F-92B2-4D56-A06C-7565FFC6DB99} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000Core => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-22] (Dropbox, Inc.)
Task: {D2D2FCEE-836C-4C96-8257-7D7678CCBA59} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-23] (Siber Systems)
Task: {D646CA9A-C2C4-4820-8878-4C01512FC774} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {D9D27B23-827D-4A5F-908E-284F0C844DAA} - System32\Tasks\ninja VOD => C:\Users\Fred\AppData\Local\ninjaVOD\ninja VOD\1.3.17.3\ninjavod.exe
Task: {EF692712-0C30-47C0-909B-21B4B0509111} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000Core.job => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2644614685-2435514142-472855821-1000UA.job => C:\Users\Fred\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-11-21 08:53 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2014-11-21 08:53 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2014-11-21 08:54 - 2014-10-02 15:19 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2014-11-21 08:53 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-02-13 04:20 - 2015-02-13 04:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-09-15 13:25 - 2015-09-15 13:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-03-29 23:32 - 2009-03-29 23:32 - 00032768 ____R () C:\Windows\DAODx.exe
2014-12-17 00:40 - 2014-12-17 00:40 - 01968136 _____ () C:\Program Files (x86)\ACD Systems\ACDSee\18.0\ACDSeeCommander18.exe
2015-02-03 20:10 - 2015-02-03 20:10 - 02054664 _____ () C:\Program Files\ACD Systems\ACDSee Ultimate\8.0\ACDSeeCommanderUltimate8.exe
2014-12-28 16:45 - 2011-07-28 16:06 - 08247264 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
2014-12-28 16:45 - 2011-07-28 17:06 - 00297440 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2013-10-10 14:48 - 2013-10-10 14:48 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2015-04-08 05:05 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-04-08 05:05 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-04-08 05:05 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-04-08 05:05 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-04-08 05:05 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-12-28 16:45 - 2009-08-28 16:50 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvcLib.dll
2009-07-13 14:03 - 2009-07-13 18:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-12-28 16:45 - 2011-07-27 11:53 - 00360448 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2015-02-06 17:40 - 2015-02-06 17:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-09-17 03:58 - 2013-09-17 03:58 - 00920736 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
2014-11-22 08:31 - 2015-11-10 22:55 - 00033792 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
2014-11-22 08:31 - 2010-06-28 19:58 - 00104448 ____N () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
2015-11-10 22:55 - 2015-11-10 22:55 - 00071168 _____ () c:\users\fred\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprpj5mb.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00012800 _____ () C:\Users\Fred\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00779776 _____ () C:\Users\Fred\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-29 21:07 - 2015-09-02 17:11 - 00056320 _____ () C:\Users\Fred\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 14:45 - 2015-09-02 17:11 - 00012288 _____ () C:\Users\Fred\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2
AlternateDataStreams: C:\ProgramData\TEMP:838D4792
AlternateDataStreams: C:\ProgramData\TEMP:DEDD192D
AlternateDataStreams: C:\Users\Fred\Downloads\acdsee.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\acdseeultimate.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\ADE_4.5_Installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DOSBox0.74-win32-installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\iso_image_burner_setup.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\netbeans-6.0-windows.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.5.1.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.6.0.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\VMware-player-7.1.0-2496824.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\WindowsXPMode_N_en-us.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (1).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (2).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (3).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (4).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (5).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\RegCureProSetup_f9865fb_.exe:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.

IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\123simsen.com -> www.123simsen.com

There are 7867 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2644614685-2435514142-472855821-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2644614685-2435514142-472855821-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2644614685-2435514142-472855821-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Fredz.PERRIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2644614685-2435514142-472855821-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon.PERRIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-2644614685-2435514142-472855821-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 76.73.7.78 - 50.7.75.29
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{30D4F96D-05FA-4E4C-808A-2DACF11CF9BA}C:\users\fred\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\fred\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{5CEC6FBC-E734-4AA4-8BBE-219F28A9E192}C:\users\fred\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\fred\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [TCP Query User{45F9A755-AFFC-4E9D-83B9-8F77A17B8853}C:\users\fred\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Allow) C:\users\fred\appdata\local\temp\rarsfx0\x64\pcsftool.exe
FirewallRules: [UDP Query User{D3F2ABD2-295A-4026-8006-7B813D781EB7}C:\users\fred\appdata\local\temp\rarsfx0\x64\pcsftool.exe] => (Allow) C:\users\fred\appdata\local\temp\rarsfx0\x64\pcsftool.exe
FirewallRules: [{030E0DCB-210E-4303-A3DA-09CBE9676624}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{38E803E2-43F0-4EC7-BF7C-6C8D09ECF283}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{6B5C7D76-6D91-4C50-9366-C22D497A36D3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{5346D3DB-084A-4A37-B99E-42627FD440B9}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{DC87158D-8F33-4A45-8F0C-5A5A9BB93BFE}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{D91A1393-2E58-43DE-955E-404F46DEF7C3}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{49999064-884E-4B83-8C5B-8CFCACA3D515}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{D5587EDF-DF82-4B40-B1FC-637CBAD5FB95}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\RM.exe
FirewallRules: [{D8F81093-9C41-4CA5-9CF8-6CE282AFAF36}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{69EF37D2-897A-4A3A-AA5C-29353AA7F13A}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\NGStudio.exe
FirewallRules: [{EE20C9D6-5F75-4DE3-8ECC-452A083C4481}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{F3C6495B-7190-47DC-BE5B-21795A853415}] => (Allow) C:\Program Files\Pinnacle\Studio 18\programs\UMI.exe
FirewallRules: [{5AFA1E39-0CB7-4880-AB50-8D7F368F27B4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{AC94AF4A-E5EB-4CB2-A5C0-D8DE38096517}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D28C06B3-C673-43A8-891E-E661665B1BCB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9E157335-BD97-4941-A154-06A3BBD8FBC3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{B51677BD-B20A-406A-BBDA-E33FCF397DAB}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{A9876C4C-047E-4EEA-A924-E0C122CCF276}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{9A8DAA49-85BB-42DC-A4D9-A2E2BBB1C852}] => (Allow) C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{B0DF8D8A-7E23-46E5-A800-A0F480774CC6}] => (Allow) C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{7FE3A2E2-A872-4A22-908C-AAD2B21FC8EE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6B872E72-595F-4B25-83B4-5F35D956A3B3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A79D6AC-EC48-4620-BE5F-BD6EBC43ABE3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5A0E69BD-96A3-439D-80AD-FE4007C4FF15}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D6D5EC22-6DCD-44CD-B374-B276731FABD7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{CB9E472E-B1BA-43C6-9059-B343008EDB35}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/10/2015 10:53:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 05:56:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/10/2015 06:42:44 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2015 05:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/09/2015 02:37:40 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/09/2015 01:58:16 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/09/2015 12:31:39 PM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/09/2015 11:49:31 AM) (Source: Windows Search Service) (EventID: 3100) (User: )
Description: Unable to initialize the filter host process. Terminating.

Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (11/09/2015 06:23:46 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007041d, The service did not respond to the start or control request in a timely fashion.
.


Operation:
   Instantiating VSS server

Error: (11/09/2015 06:23:46 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started. [0x8007041d, The service did not respond to the start or control request in a timely fashion.
]


Operation:
   Instantiating VSS server


System errors:
=============
Error: (11/10/2015 09:20:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (11/10/2015 09:18:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (11/10/2015 09:18:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (11/10/2015 09:18:15 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (11/10/2015 09:18:14 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (11/10/2015 09:18:10 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084CarboniteService{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (11/10/2015 09:18:09 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (11/10/2015 05:59:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084CarboniteService{36471C67-6A93-4434-92CC-4C614CD06666}

Error: (11/10/2015 05:56:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (11/10/2015 05:56:55 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068fdPHost{145B4335-FE2A-4927-A040-7C35AD3180EF}


CodeIntegrity:
===================================
  Date: 2015-04-22 13:02:31.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpCmdRun.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpCmdRun.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.908
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpCmdRun.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.903
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpCmdRun.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.572
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:31.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MpUXSrv.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:30.326
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MsMpEng.exe because the set of per-page image hashes could not be found on the system.

  Date: 2015-04-22 13:02:30.323
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Program Files\Windows Defender\MsMpEng.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: AMD FX™-4100 Quad-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 8092.87 MB
Available physical RAM: 4909.47 MB
Total Virtual: 16183.93 MB
Available Virtual: 12977.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:929.21 GB) (Free:757.23 GB) NTFS
Drive d: (PublicShare) (Fixed) (Total:1840.81 GB) (Free:732.22 GB) NTFS
Drive e: (Global Share) (Fixed) (Total:2794.36 GB) (Free:2789.73 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.13 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: (Systems) (Fixed) (Total:2048 GB) (Free:1552.02 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive h: () (Fixed) (Total:395.56 GB) (Free:165.23 GB) NTFS
Drive i: (Malwarebytes) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
Drive j: (Images) (Fixed) (Total:931.51 GB) (Free:408.64 GB) NTFS
Drive k: () (Fixed) (Total:7.45 GB) (Free:2.59 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 91F88FD3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 0008937C)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=395.6 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 3BB5E1D2)
Partition 1: (Active) - (Size=2048 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 68952D5E)

Partition: GPT.

========================================================
Disk: 5 (Size: 7.5 GB) (Disk ID: 9F8405ED)
Partition 1: (Not Active) - (Size=7.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 11 November 2015 - 02:23 PM


Windows Firewall is disabled.


Please run the AdwCleaner tool and clean this item.
Folder Found : C:\Windows\SysNative\Tasks\ninja VOD Updater
===

You are running the Farbar tool from this folder K:\MalWareBytes
Please copy the Farbar program to your Desktop folder.
Copy the FixList.txt file in that folderr also. Run the fix as suggested below.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR StartupUrls: Default -> "hxxp://www.dogpile.com/","hxxps://www.google.com/?gws_rd=ssl"
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
U1 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2
AlternateDataStreams: C:\ProgramData\TEMP:838D4792
AlternateDataStreams: C:\ProgramData\TEMP:DEDD192D
AlternateDataStreams: C:\Users\Fred\Downloads\acdsee.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\acdseeultimate.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\ADE_4.5_Installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DOSBox0.74-win32-installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\iso_image_burner_setup.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\netbeans-6.0-windows.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.5.1.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.6.0.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\VMware-player-7.1.0-2496824.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\WindowsXPMode_N_en-us.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (1).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (2).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (3).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (4).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (5).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\RegCureProSetup_f9865fb_.exe:BDU

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
process;
installer-list;
installedprogs;
startupall;
firefoxlook; 
chromelook;
srinfo;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Wait for further instructions.

#7 flyerfred

flyerfred
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 14 November 2015 - 10:25 AM

I'm attaching two copies of the zoek log file. The -user log was run first without administrator permissions. The second zoek-results.log did have admin permissions.

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 14 November 2015 - 10:54 AM

The Zoek logs are clean.

Please post the Fixlog.txt created by running the Farbar fix.

How is the computer running now?

#9 flyerfred

flyerfred
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 14 November 2015 - 04:59 PM

fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Fred (2015-11-12 22:04:31) Run:2
Running from C:\Users\Fred\Desktop\Farbar
Loaded Profiles: Fred (Available Profiles: Fred & Fredz & Sharon & Patricia)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR StartupUrls: Default -> "hxxp://www.dogpile.com/","hxxps://www.google.com/?gws_rd=ssl"
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => No File
U1 bdselfpr; \??\C:\Program Files\Bitdefender\Bitdefender 2015\bdselfpr.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:69E87FA2
AlternateDataStreams: C:\ProgramData\TEMP:838D4792
AlternateDataStreams: C:\ProgramData\TEMP:DEDD192D
AlternateDataStreams: C:\Users\Fred\Downloads\acdsee.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\acdseeultimate.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\ADE_4.5_Installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DOSBox0.74-win32-installer.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\DropboxInstaller.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\iso_image_burner_setup.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-i586.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\jre-8u60-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.1.8.1057.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\mbam-setup-2.2.0.1024.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\netbeans-6.0-windows.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.5.1.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.6.0.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\VMware-player-7.1.0-2496824.exe:BDU
AlternateDataStreams: C:\Users\Fred\Downloads\WindowsXPMode_N_en-us.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (1).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (2).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (3).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (4).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (5).exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\EOrg2014.exe:BDU
AlternateDataStreams: C:\Users\Sharon.PERRIN\Downloads\RegCureProSetup_f9865fb_.exe:BDU

End
*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
Chrome StartupUrls => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\pdf.dll => not found.
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll => not found.
bdselfpr => service not found.
VGPU => service not found.
"C:\ProgramData\TEMP" => ":69E87FA2" ADS not found.
"C:\ProgramData\TEMP" => ":838D4792" ADS not found.
"C:\ProgramData\TEMP" => ":DEDD192D" ADS not found.
"C:\Users\Fred\Downloads\acdsee.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\acdseeultimate.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\ADE_4.5_Installer.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\DOSBox0.74-win32-installer.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\DropboxInstaller.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\iso_image_burner_setup.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\jre-8u60-windows-i586.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\jre-8u60-windows-x64.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\mbam-setup-2.1.8.1057.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\mbam-setup-2.2.0.1024.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\netbeans-6.0-windows.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.5.1.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\PinnacleStudio_Patch_18.6.0.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\VMware-player-7.1.0-2496824.exe" => ":BDU" ADS not found.
"C:\Users\Fred\Downloads\WindowsXPMode_N_en-us.exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (1).exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (2).exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (3).exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (4).exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014 (5).exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\EOrg2014.exe" => ":BDU" ADS not found.
"C:\Users\Sharon.PERRIN\Downloads\RegCureProSetup_f9865fb_.exe" => ":BDU" ADS not found.
EmptyTemp: => 65.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 03:55:02 ====

 

Computer is still very slow.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 15 November 2015 - 08:14 AM

Do you have all of the Microsoft Security updates.
Check it out.

If that fails to correct the situation try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.
http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7


Keep mr posted.

#11 flyerfred

flyerfred
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 17 November 2015 - 11:31 AM

I was not able to successfully get to the screen to boot the last known good os but while looking at the bios I had it reload optimized settings and that seems to have solved my problem. Everything is working fine now!

 

Thank you for all of your help. Is there a way to donate to bleeping computer?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 18 November 2015 - 08:16 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:36 PM

Posted 24 November 2015 - 09:15 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users