Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ZeroAccess Rootkit


  • This topic is locked This topic is locked
11 replies to this topic

#1 jtd0820

jtd0820

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 18 January 2016 - 11:56 AM

My laptop is an old HP Pavilion dv6000 running 32-bit Windows 7 Professional that still works pretty good except I believe I am infected with a rootkit.  It is very similar to the one in this thread:

 

www.bleepingcomputer.com/forums/t/538431/infected-with-zeroaccess-rootkit

 

I have basically the same symptoms - CPU fan runs constantly even though task manager shows everything is running smoothly, I have lost some admin rights, almost all of my services are stopped, etc.  I have attached the FRST.txt and Addition.txt logs.  Please help!

 

Thanks!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:10-01-2015 01
Ran by John (administrator) on JOHN-LAPTOP (17-01-2016 16:39:22)
Running from F:\
Loaded Profiles: John (Available Profiles: John & itsupport)
Platform: Microsoft Windows 7 Professional  (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\MountPoints2: G - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\MountPoints2: {d05f36c1-ae47-11df-a954-001636dbd74e} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\MountPoints2: {eaf78d95-3539-11df-b36f-001636dbd74e} - "G:\WD SmartWare.exe" autoplay=true
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2011-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2011-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2011-02-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll [2011-02-17] (Dropbox, Inc.)
BootExecute: autocheck autochk * sasnative32
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B425D48F-E531-4407-88A1-1828A07BE310}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
BHO: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-07-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-07-28] (Oracle Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Toolbar: HKU\.DEFAULT -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-11-15] (Adobe Systems Incorporated)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {A4E4C162-7EE3-47E1-A9B4-8BED1233616F} hxxps://dd.mfbank.com/prx/000/http/localhost/tcs/global/DesktopDirect/DesktopDirectTCS.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
 
FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\eer2i8yn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [2010-10-22] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-07] (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-05-06] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2010-04-21] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3159299934-2912859473-3865949770-1000: @tools.google.com/Google Update;version=3 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin HKU\S-1-5-21-3159299934-2912859473-3865949770-1000: @tools.google.com/Google Update;version=9 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2009-05-26] (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2010-11-15] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2014-12-16] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2014-12-16] (Apple Inc.)
FF Extension: LogMeIn, Inc. Remote Access Plugin - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\eer2i8yn.default\extensions\LogMeInClient@logmein.com [2011-08-04] [not signed]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2009-12-20] [not signed]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-04-20] [not signed]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-18] [not signed]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-18] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-04-03]
 
Chrome: 
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Cast) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-12-14]
CHR Extension: (DivX HiQ) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2014-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-22]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-05-31]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-07]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-07]
StartMenuInternet: Google Chrome - C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AffinegyService; C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe [562592 2011-05-27] (Affinegy, Inc.)
S4 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 MCTDesktopSvr; C:\Program Files\Common Files\DesktopUtil\MCTDesktopSvr.exe [192512 2010-04-26] () [File not signed]
S4 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2010-09-03] (Hewlett-Packard) [File not signed]
S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2010-09-03] (Hewlett-Packard) [File not signed]
S4 PS3 Media Server; C:\Program Files\PS3 Media Server\win32\service\wrapper.exe [366872 2011-05-17] (Tanuki Software, Ltd.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S4 TVersityMediaServer; C:\ProgramData\TVersity\Media Server\MediaServer.exe [1249064 2011-07-29] ()
S4 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [611216 2015-11-27] (Cisco Systems, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [171080 2015-11-27] (Cisco Systems, Inc.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-10-05] (Malwarebytes Corporation)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-24] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-24] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67656 2010-10-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 smbusp; C:\Windows\System32\DRIVERS\intelsmb.sys [22528 2010-06-10] (Intel Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-06-10] (Cisco Systems, Inc.)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] () [File not signed]
U2 V2iMount; no ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-13] (Microsoft Corporation)
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 03:14 - 2016-01-17 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-01-17 03:07 - 2016-01-17 03:07 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\7CCF4DA9.sys
2016-01-17 03:02 - 2016-01-17 13:21 - 00000000 ____D C:\Users\John\Desktop\mbar
2016-01-17 02:02 - 2016-01-17 02:02 - 00219309 _____ C:\Users\John\Desktop\craw_window.txt
2016-01-17 01:39 - 2016-01-17 01:39 - 00189710 _____ C:\Users\John\Desktop\craw_background.txt
2016-01-17 01:32 - 2016-01-17 01:32 - 00021089 _____ C:\Users\John\Desktop\script.txt
2016-01-16 19:15 - 2016-01-16 19:16 - 00000000 ____D C:\Rem-VBSqt
2016-01-16 14:40 - 2016-01-16 14:40 - 00205072 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2016-01-16 00:32 - 2016-01-17 16:39 - 00000000 ____D C:\FRST
2016-01-15 19:09 - 2016-01-15 19:12 - 26308962 _____ C:\Users\John\Desktop\HKLMSystemCCC.txt
2016-01-14 21:19 - 2016-01-14 21:32 - 00000000 ____D C:\AdwCleaner
2016-01-14 21:10 - 2016-01-14 21:10 - 01754112 _____ C:\Users\John\Downloads\AdwCleaner.exe
2016-01-14 20:50 - 2016-01-14 21:04 - 00643794 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_20.50.01_log.txt
2016-01-14 20:20 - 2016-01-14 20:20 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-14 20:15 - 2016-01-14 20:21 - 00217754 _____ C:\TDSSKiller.3.1.0.9_14.01.2016_20.15.31_log.txt
2016-01-14 20:09 - 2016-01-14 23:55 - 00003296 _____ C:\Users\John\Desktop\Rkill.txt
2016-01-14 20:09 - 2016-01-14 20:09 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2016-01-14 19:51 - 2016-01-14 19:51 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2016-01-14 18:58 - 2016-01-14 18:59 - 00000000 ____D C:\Tech
2016-01-14 18:17 - 2016-01-14 18:17 - 00000000 ____D C:\Users\John\AppData\Local\SymbolSourceSymbols
2016-01-14 18:17 - 2016-01-14 18:17 - 00000000 ____D C:\Users\John\AppData\Local\RefSrcSymbols
2016-01-14 18:13 - 2016-01-14 18:13 - 00000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JetBrains
2016-01-14 18:12 - 2016-01-14 18:17 - 00000000 ____D C:\Users\John\AppData\Roaming\JetBrains
2016-01-14 18:10 - 2016-01-14 18:16 - 00000000 ____D C:\Users\John\AppData\Local\JetBrains
2016-01-14 18:09 - 2016-01-14 18:09 - 00868560 _____ (JetBrains) C:\Users\John\Downloads\JetBrains.dotPeek.10.0.2.web.exe
2016-01-14 18:09 - 2016-01-14 18:09 - 00000000 ____D C:\Users\John\AppData\Roaming\NuGet
2016-01-14 18:09 - 2016-01-14 18:09 - 00000000 ____D C:\Users\John\AppData\Local\NuGet
2016-01-12 15:00 - 2015-11-16 11:28 - 00022464 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-01-12 15:00 - 2015-11-16 11:25 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-01-12 15:00 - 2015-11-16 11:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-12 15:00 - 2015-11-16 11:25 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-01-12 15:00 - 2015-11-16 11:25 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-01-12 15:00 - 2015-11-16 11:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-12 15:00 - 2015-11-16 11:20 - 00951808 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-01-12 15:00 - 2015-11-16 08:06 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-01-10 13:50 - 2016-01-10 13:50 - 00027707 _____ C:\Users\John\Downloads\The Visit (2015) [720p] [YTS.AG].torrent
2016-01-02 15:29 - 2016-01-02 15:29 - 18506432 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2016-01-02 05:30 - 2016-01-17 03:10 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-02 05:30 - 2016-01-17 03:07 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-02 05:30 - 2016-01-02 05:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-02 05:30 - 2016-01-02 05:30 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-01-02 05:30 - 2015-10-05 09:50 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-02 05:28 - 2016-01-02 05:30 - 00000000 ____D C:\Users\itsupport\AppData\Roaming\Malwarebytes
2016-01-02 04:42 - 2016-01-02 04:42 - 00000020 ___SH C:\Users\itsupport\ntuser.ini
2016-01-02 04:42 - 2016-01-02 04:42 - 00000000 _SHDL C:\Users\itsupport\My Documents
2016-01-02 04:42 - 2016-01-02 04:42 - 00000000 _SHDL C:\Users\itsupport\Documents\My Videos
2016-01-02 04:42 - 2016-01-02 04:42 - 00000000 _SHDL C:\Users\itsupport\Documents\My Pictures
2016-01-02 04:42 - 2016-01-02 04:42 - 00000000 _SHDL C:\Users\itsupport\Documents\My Music
2016-01-02 04:42 - 2016-01-02 04:42 - 00000000 ____D C:\Users\itsupport
2016-01-02 04:42 - 2012-03-14 02:26 - 00000000 ____D C:\Users\itsupport\AppData\Local\Trusteer
2016-01-02 04:42 - 2011-04-20 02:05 - 00000000 ____D C:\Users\itsupport\AppData\Local\Microsoft Help
2016-01-02 04:42 - 2010-08-07 23:03 - 00000000 ____D C:\Users\itsupport\AppData\Roaming\Macromedia
2016-01-02 04:42 - 2009-07-14 01:26 - 00000000 ____D C:\Users\itsupport\AppData\Roaming\Media Center Programs
2016-01-02 04:28 - 2016-01-15 21:48 - 00301710 _____ C:\Windows\ntbtlog.txt
2016-01-02 03:12 - 2016-01-02 03:12 - 00000000 ____D C:\Windows\system32\cuk
2016-01-02 03:00 - 2016-01-02 03:00 - 00000017 _____ C:\Windows\system32\history.dat
2016-01-02 02:52 - 2016-01-02 02:52 - 00000000 ____D C:\ProgramData\dbg
2016-01-02 02:50 - 2016-01-02 02:50 - 00004712 _____ C:\Windows\system32\Petwofiit.ini
2016-01-02 02:50 - 2016-01-02 02:50 - 00002432 _____ C:\Windows\system32\PetwofiitOff.ini
2016-01-02 02:50 - 2016-01-02 02:50 - 00000000 ____D C:\Windows\system32\hit
2016-01-02 02:49 - 2016-01-02 14:21 - 00000000 ____D C:\Users\John\AppData\Roaming\IusoiMeddym
2016-01-02 02:49 - 2016-01-02 14:21 - 00000000 ____D C:\Users\John\AppData\LocalLow\Company
2016-01-02 02:49 - 2016-01-02 03:13 - 00000000 ____D C:\Users\John\AppData\Local\Tempfolder
2016-01-02 02:26 - 2016-01-02 17:15 - 00001267 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Help.lnk
2016-01-02 02:26 - 2016-01-02 17:15 - 00001247 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uninstall.lnk
2016-01-02 02:18 - 2016-01-02 14:21 - 00000000 ____D C:\Users\John\AppData\Roaming\pendis
2016-01-02 02:17 - 2016-01-02 02:17 - 00000000 ____D C:\Program Files\Common Files\Dongphase
2015-12-27 20:06 - 2015-12-27 20:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-12-24 23:19 - 2015-12-24 23:20 - 05500472 _____ (TeamViewer) C:\Users\John\Downloads\TeamViewerQS_en.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 16:28 - 2014-03-16 16:00 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-17 16:06 - 2011-08-17 20:16 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000UA.job
2016-01-17 02:22 - 2011-07-25 20:32 - 00148480 ___SH C:\Users\John\Documents\Thumbs.db
2016-01-17 00:47 - 2010-03-21 14:42 - 00782838 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-17 00:47 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-01-17 00:39 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-16 22:05 - 2011-08-17 20:16 - 00000852 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000Core.job
2016-01-16 19:06 - 2009-07-13 22:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-16 19:05 - 2009-07-13 22:34 - 00025216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-16 13:20 - 2011-05-14 00:16 - 00000000 ____D C:\Windows\pss
2016-01-16 00:35 - 2009-07-13 20:37 - 00000000 ____D C:\Windows
2016-01-16 00:28 - 2011-08-07 20:56 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2016-01-14 21:42 - 2013-05-29 20:35 - 00000000 ____D C:\Program Files\PS3 Media Server
2016-01-14 12:46 - 2015-11-06 00:13 - 00000000 ____D C:\Users\John\AppData\LocalLow\uTorrent
2016-01-14 12:46 - 2015-11-04 22:10 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent
2016-01-13 17:51 - 2014-05-06 11:58 - 00000000 ____D C:\Program Files\TeamViewer
2016-01-13 03:19 - 2009-08-06 10:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-01-13 03:17 - 2014-12-10 03:27 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-13 03:17 - 2014-07-10 02:18 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-01-13 03:02 - 2010-06-18 22:04 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 03:01 - 2011-06-15 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-01-09 00:18 - 2011-07-03 02:28 - 00001945 _____ C:\Windows\epplauncher.mif
2016-01-08 22:02 - 2011-03-11 23:11 - 00000346 _____ C:\Windows\Tasks\At1.job
2016-01-02 17:15 - 2015-12-16 09:37 - 00000963 _____ C:\Users\Public\Desktop\ClipGrab.lnk
2016-01-02 17:15 - 2015-09-29 13:36 - 00000976 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\join.me.lnk
2016-01-02 17:15 - 2015-04-12 16:49 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-02 17:15 - 2014-12-18 20:51 - 00000917 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2016-01-02 17:15 - 2014-12-18 20:51 - 00000911 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2016-01-02 17:15 - 2014-12-18 20:45 - 00002138 _____ C:\Users\Public\Desktop\Canon MX410 series On-screen Manual.lnk
2016-01-02 17:15 - 2014-12-16 19:15 - 00001809 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-01-02 17:15 - 2014-08-02 19:18 - 00000919 _____ C:\Users\Public\Desktop\Steam.lnk
2016-01-02 17:15 - 2013-06-29 01:41 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-02 17:15 - 2013-06-28 23:56 - 00000963 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-02 17:15 - 2012-06-23 17:37 - 00001239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-01-02 17:15 - 2012-06-23 17:34 - 00001308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-01-02 17:15 - 2011-08-09 20:30 - 00001197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
2016-01-02 17:15 - 2011-08-09 20:27 - 00001329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
2016-01-02 17:15 - 2011-08-09 20:26 - 00001501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
2016-01-02 17:15 - 2011-08-09 20:26 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
2016-01-02 17:15 - 2011-08-09 20:26 - 00001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
2016-01-02 17:15 - 2011-08-09 20:25 - 00000955 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2016-01-02 17:15 - 2011-07-22 21:38 - 00001100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-02 17:15 - 2011-04-23 00:23 - 00002055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 3.3.lnk
2016-01-02 17:15 - 2011-04-20 20:19 - 00002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
2016-01-02 17:15 - 2011-04-20 20:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
2016-01-02 17:15 - 2011-04-20 20:19 - 00001990 _____ C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2016-01-02 17:15 - 2010-10-14 19:49 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2016-01-02 17:15 - 2010-10-14 19:49 - 00001978 _____ C:\Users\Public\Desktop\Adobe Reader 9.lnk
2016-01-02 17:15 - 2010-03-22 12:04 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-02 17:15 - 2010-03-21 16:24 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-01-02 17:15 - 2010-03-21 16:24 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-01-02 17:15 - 2010-03-21 14:38 - 00001393 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-01-02 17:15 - 2009-07-13 22:46 - 00001479 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-02 17:15 - 2009-07-13 22:42 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-01-02 17:15 - 2009-07-13 22:42 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-01-02 17:15 - 2009-07-13 22:42 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-01-02 17:14 - 2015-12-16 10:04 - 00000981 _____ C:\Users\John\Desktop\Handbrake.lnk
2016-01-02 17:14 - 2015-12-16 09:18 - 00000715 _____ C:\Users\John\Desktop\Plex Movies - Shortcut.lnk
2016-01-02 17:14 - 2015-11-04 22:51 - 00002615 _____ C:\Users\John\Desktop\µTorrent.lnk
2016-01-02 17:14 - 2015-11-04 22:51 - 00002595 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-02 17:14 - 2015-09-29 13:36 - 00000970 _____ C:\Users\John\Desktop\join.me.lnk
2016-01-02 17:14 - 2014-02-19 19:54 - 00001485 _____ C:\Users\John\Desktop\Cisco AnyConnect Secure Mobility Client.lnk
2016-01-02 17:14 - 2014-02-12 08:46 - 00001349 _____ C:\Users\John\Desktop\Remote Desktop Connection.lnk
2016-01-02 17:14 - 2011-12-07 16:10 - 00000993 _____ C:\Users\John\Desktop\WinDirStat.lnk
2016-01-02 17:14 - 2011-08-03 13:42 - 00000978 _____ C:\Users\John\Desktop\DVDFab 8 Qt.lnk
2016-01-02 17:14 - 2011-05-14 00:09 - 00001029 _____ C:\Users\John\Desktop\Dropbox.lnk
2016-01-02 17:14 - 2011-03-11 20:22 - 00001255 _____ C:\Users\John\Desktop\AVS4YOU Software Navigator.lnk
2016-01-02 17:14 - 2010-08-30 16:21 - 00000957 _____ C:\Users\John\Desktop\DVDFab 8.lnk
2016-01-02 17:14 - 2010-03-28 16:49 - 00001448 _____ C:\Users\John\Desktop\DVD Shrink 3.2.lnk
2016-01-02 17:14 - 2009-07-13 22:46 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-01-02 17:14 - 2009-07-13 22:37 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-01-02 17:13 - 2012-06-03 12:15 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-01-02 17:13 - 2011-03-11 20:20 - 00001199 _____ C:\Users\John\Desktop\AVS Video Converter.lnk
2016-01-02 15:29 - 2013-03-09 01:49 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-01-02 15:29 - 2011-05-13 22:29 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-01-02 15:12 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\IME
2016-01-02 14:21 - 2013-02-17 11:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReviverSoft
2016-01-02 14:21 - 2010-12-29 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
2016-01-02 14:21 - 2010-12-29 21:32 - 00000000 ____D C:\Program Files\TVersitybar
2016-01-02 05:30 - 2010-10-10 00:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-02 05:30 - 2010-01-30 18:28 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2016-01-02 03:13 - 2011-04-13 12:13 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-12-27 20:20 - 2013-09-21 14:53 - 00002016 ____H C:\Users\John\Documents\Default.rdp
2015-12-27 20:06 - 2013-09-21 14:50 - 00000000 ____D C:\ProgramData\Cisco
2015-12-27 20:06 - 2013-09-21 14:50 - 00000000 ____D C:\Program Files\Cisco
 
==================== Files in the root of some directories =======
 
2011-05-15 16:44 - 2011-05-15 16:44 - 0063245 _____ () C:\Program Files\Statistics.xml
2011-05-15 16:44 - 2011-05-15 16:44 - 5789475 _____ () C:\Program Files\tfbl.db4
2011-05-15 16:44 - 2011-05-15 16:44 - 0603420 _____ () C:\Program Files\tfwl.db5
2010-08-30 16:22 - 2010-08-30 16:22 - 0087608 _____ () C:\Users\John\AppData\Roaming\inst.exe
2010-08-30 16:22 - 2010-08-30 16:22 - 0007887 _____ () C:\Users\John\AppData\Roaming\pcouffin.cat
2010-08-30 16:22 - 2010-08-30 16:22 - 0001144 _____ () C:\Users\John\AppData\Roaming\pcouffin.inf
2010-08-30 16:25 - 2010-08-30 16:25 - 0000034 _____ () C:\Users\John\AppData\Roaming\pcouffin.log
2010-08-30 16:22 - 2010-08-30 16:22 - 0047360 _____ (VSO Software) C:\Users\John\AppData\Roaming\pcouffin.sys
2011-08-23 13:09 - 2011-08-23 13:09 - 0000000 _____ () C:\Users\John\AppData\Local\AtStart.txt
2011-08-23 13:09 - 2011-08-23 13:09 - 0000000 _____ () C:\Users\John\AppData\Local\DSwitch.txt
2011-08-23 13:09 - 2011-08-23 13:09 - 0000000 _____ () C:\Users\John\AppData\Local\QSwitch.txt
2011-07-25 20:55 - 2015-11-17 19:00 - 0007602 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2010-12-30 20:40 - 2010-12-30 20:40 - 0004144 _____ () C:\ProgramData\vlbeopqe.ake
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\amisetup1066__16782.exe
C:\Users\John\AppData\Local\Temp\amisetup5269__16782.exe
C:\Users\John\AppData\Local\Temp\amzngtab.exe
C:\Users\John\AppData\Local\Temp\Geoair.exe
C:\Users\John\AppData\Local\Temp\Hotfresh.exe
C:\Users\John\AppData\Local\Temp\MediaPlayer__11426_il5637.exe
C:\Users\John\AppData\Local\Temp\nsaD8D3.exe
C:\Users\John\AppData\Local\Temp\nsjC249.exe
C:\Users\John\AppData\Local\Temp\SpOrder.dll
C:\Users\John\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-09 00:00
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by John (2016-01-17 16:42:40)
Running from F:\
Microsoft Windows 7 Professional  (X86) (2010-03-21 20:38:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3159299934-2912859473-3865949770-500 - Administrator - Disabled)
Guest (S-1-5-21-3159299934-2912859473-3865949770-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3159299934-2912859473-3865949770-1002 - Limited - Enabled)
itsupport (S-1-5-21-3159299934-2912859473-3865949770-1003 - Administrator - Enabled) => C:\Users\itsupport
John (S-1-5-21-3159299934-2912859473-3865949770-1000 - Administrator - Enabled) => C:\Users\John
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
32 Bit HP CIO Components Installer (Version: 14.1.1 - Hewlett-Packard) Hidden
Adobe Acrobat X Pro - Romanian, Ukrainian, Russian, Turkish (HKLM\...\{AC76BA86-1048-8780-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Dreamweaver CS5.5 (HKLM\...\{0215A652-E081-4B09-9333-DC85AAB67FFA}) (Version: 11.5 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.3 (HKLM\...\{8C1D4735-84E4-41E2-A1DB-70EADE27633C}) (Version: 3.3.1 - Adobe)
Adobe Reader 9.4.1 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.9.615 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM\...\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 Build 230 - Adobe Systems Incorporated.)
Akamai NetSession Interface (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\Akamai) (Version:  - )
Apple Application Support (32-bit) (HKLM\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Update Manager 1.0 (HKLM\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Belkin Setup and Router Monitor (HKLM\...\Belkin Setup and Router Monitor_is1) (Version:  - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.2.01022 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 4.2.01022 - Cisco Systems, Inc.) Hidden
ClipGrab 3.5.5 (HKLM\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version:  - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM\...\DivX Setup.divx.com) (Version: 2.5.0.8 - DivX, LLC)
Dropbox (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\Dropbox) (Version: 1.1.31 - Dropbox, Inc.)
DVDFab 8.0.8.5 (19/03/2011) (HKLM\...\DVDFab 8_is1) (Version:  - Fengtao Software Inc.)
DVDFab 8.1.0.5 (04/07/2011) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Fotosizer 1.32 (HKLM\...\Fotosizer) (Version: 1.32 - Fotosizer.com)
Google Chrome (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
HandBrake 0.10.2 (HKLM\...\HandBrake) (Version: 0.10.2 - )
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
Horizon v2.7.0.0 (HKLM\...\d4cfeebc-b821-40b7-9f81-d366b1466f03_is1) (Version: 2.7.0.0 - Daring Development Inc.)
HP Product Detection (HKLM\...\{F13FBD0E-5CE1-4A3F-A4F0-C8633CB7B4DD}) (Version: 11.10.1000 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.14.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM\...\{6D6664A9-3342-4948-9B7E-034EFE366F0F}) (Version: 2.0.7.018 - HTC Corporation)
HTC Sync (HKLM\...\{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}) (Version: 2.0.40 - HTC Corporation)
iCloud (HKLM\...\{760BB327-3973-4608-85C8-88162E2FF3B6}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Itibiti RTC (Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{CE1F04C7-79BC-4219-BE6A-BA490224D4B5}) (Version: 12.1.2.27 - Apple Inc.)
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JetBrains dotPeek 10.0.2 (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\{a725fe38-0f31-5da7-a5ee-ac4904bbbc36}) (Version: 10.0.2 - JetBrains s.r.o.)
join.me (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\JoinMe) (Version: 2.11.0.1717 - LogMeIn, Inc.)
LiveUpdate 3.2 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
LogMeIn (HKLM\...\{57573545-74EB-46D2-B362-AA05364E4ED8}) (Version: 4.1.1868 - LogMeIn, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WorldWide Telescope (HKLM\...\{B10D5B3D-1CCD-4019-9287-8FC8CFD62A60}) (Version: 3.0.5 - Microsoft Research)
Miro (HKLM\...\Miro) (Version: 4.0.6 - Participatory Culture Foundation)
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
Norton Ghost (HKLM\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
Plex (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\Plex) (Version: 0.9.504 - Plex, Inc)
Plex Media Server (HKLM\...\{ca5910de-4c30-4f28-b6bd-5dd8edff922d}) (Version: 0.9.1211 - Plex, Inc.)
Plex Media Server (Version: 0.9.1211 - Plex, Inc.) Hidden
Primal Carnage (HKLM\...\Steam App 215470) (Version:  - Lukewarm Media)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.81.0 - PS3 Media Server)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spore (HKLM\...\Steam App 17390) (Version:  - Maxis™)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
TVersity Codec Pack 1.7 (HKLM\...\TVersity Codec Pack) (Version: 1.7 - TVersity Inc.)
TVersity Media Server 1.9.7 (HKLM\...\TVersity Media Server) (Version: 1.9.7 - TVersity)
TVersitybar Toolbar (HKLM\...\TVersitybar Toolbar) (Version: 6.2.1.8 - TVersitybar)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
USB Display Device (Trigger 1+) 10.18.0730.0159 (HKLM\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 10.18.0730.0159 - StarTech)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0 - DivX, Inc) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\...\WinDirStat) (Version:  - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
WinZip 15.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}) (Version: 15.5.9468 - WinZip Computing, S.L. )
WorldWide Telescope Add-in for Excel (HKLM\...\{65218D17-DF80-4311-B898-FC415D664A8F}) (Version: 1.0.4.0 - Microsoft Research)
Xiph.Org Open Codecs 0.85.17777 (HKLM\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\John\AppData\Local\Google\Chrome\Application\47.0.2526.111\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}\localserver32 -> "C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe" => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.29.1\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\John\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C6C7A32-7194-4889-899D-58D80BFE235A} - System32\Tasks\4580 => Wscript.exe C:\Users\John\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {16625FBB-3224-42E3-90C5-45778AB7315E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {1EE0E021-CA61-4FEA-9D77-2A68B5571C8A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {3663300B-EB23-4EE6-AFEF-73F6EC6A8C57} - \SushiLeads -> No File <==== ATTENTION
Task: {534B5159-2201-4DDE-977A-35639CEB7B69} - \CIMT_daily_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {5E9E282A-55D6-4C85-A398-07B23082B774} - System32\Tasks\{20E3606B-3946-4DDF-8CD6-9BED52BC1E33} => pcalua.exe -a "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" -c /uninstall PROR /dll OSETUP.DLL
Task: {6AEF0C98-2CB4-4B67-8C70-4C977C7355CC} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc
Task: {6F96F787-0E10-4B4D-9399-988BF49547EF} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {6FC0DE82-4126-419B-83FD-BCBA75A6B310} - \DNSBEECHER -> No File <==== ATTENTION
Task: {783250E0-E24F-4B83-887C-18BDDE1049B9} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {7EE3F269-B971-4978-9242-CD56B0A2E270} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000UA => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {929EAAF2-D198-4651-838A-91BB2F476BF5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {94F7B29C-4663-44EC-BE6D-3A5A586B7BE0} - System32\Tasks\At1 => C:\Windows\system32\cmstpp.exe <==== ATTENTION
Task: {A0266677-1957-4FE2-AE90-FBF61F50C93C} - System32\Tasks\Easy Driver Pro Schedule => C:\Program Files\Probit Software\Easy Driver Pro\EDPTray.exe
Task: {A9FA5E60-5459-4DC1-8A10-6695CFA8BA13} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {C6E968B2-6BD1-4850-8F2C-2908D0860929} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000Core => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {C87F480E-23DE-4943-8AEF-2BBB91F9874E} - \CIMT_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {D1482E23-DD39-423B-BBEA-F8DD9343E30F} - System32\Tasks\{573589BF-24FC-49EB-A9E4-AD5AB4C67D87} => pcalua.exe -a C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe -c /UNINSTALL
Task: {D622195C-D680-4FEA-9C56-59660C7C9E94} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {E03783B4-D196-4A41-A020-D90367019325} - System32\Tasks\{27C7D72F-C45D-41D9-AD72-27948C0F3013} => pcalua.exe -a "C:\Program Files\InstallShield Installation Information\{1ADB7BF5-F8EB-4F76-98FD-65A7FFBEAECE}\setup.exe" -c -runfromtemp -l0x0409  -removeonly
Task: {E8B71EB4-0D16-40E8-BBDD-3961D907E4CF} - System32\Tasks\Rogwob => C:\PROGRA~1\SHOPPE~1\Puvlutur.bat
Task: {EAD086A7-4033-4043-AAD0-DB73DE79CB69} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F74083BD-C7B8-4D18-8425-D904157CFA52} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {F7F6FA49-F3FE-426D-ADD9-C3722BE3ED29} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {FC7BB0FE-0C8F-44A1-930F-6326163A51CC} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\cmstpp.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000Core.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3159299934-2912859473-3865949770-1000UA.job => C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\51061845.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\51061845.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\klmdb.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Petwofiit => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:04 - 2016-01-02 02:34 - 00001283 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Service is not running.
MpsSvc => Firewall Service is not running.
bfe => Firewall Service is not running.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: AffinegyService => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AmazingTab => 2
MSCONFIG\Services: AppIDSvc => 3
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: ApplicationHosting => 2
MSCONFIG\Services: AppMgmt => 3
MSCONFIG\Services: aspnet_state => 3
MSCONFIG\Services: AudioEndpointBuilder => 2
MSCONFIG\Services: Audiosrv => 2
MSCONFIG\Services: AxInstSV => 3
MSCONFIG\Services: BDESVC => 2
MSCONFIG\Services: BFE => 2
MSCONFIG\Services: BITS => 3
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: CertPropSvc => 3
MSCONFIG\Services: clr_optimization_v4.0.30319_32 => 2
MSCONFIG\Services: cmdidx => 2
MSCONFIG\Services: Com4QLBEx => 3
MSCONFIG\Services: COMSysApp => 3
MSCONFIG\Services: consumerinput_update => 2
MSCONFIG\Services: consumerinput_updatem => 3
MSCONFIG\Services: CryptSvc => 2
MSCONFIG\Services: CscService => 2
MSCONFIG\Services: defragsvc => 3
MSCONFIG\Services: Dhcp => 2
MSCONFIG\Services: dinuregyzbt => 2
MSCONFIG\Services: Dnscache => 2
MSCONFIG\Services: dot3svc => 3
MSCONFIG\Services: DPS => 2
MSCONFIG\Services: EapHost => 3
MSCONFIG\Services: EFS => 3
MSCONFIG\Services: ehRecvr => 3
MSCONFIG\Services: ehSched => 3
MSCONFIG\Services: eventlog => 2
MSCONFIG\Services: EventSystem => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: fdPHost => 3
MSCONFIG\Services: FDResPub => 3
MSCONFIG\Services: FontCache => 2
MSCONFIG\Services: FontCache3.0.0.0 => 3
MSCONFIG\Services: GenericMount Helper Service => 3
MSCONFIG\Services: ginoquci => 2
MSCONFIG\Services: hidserv => 3
MSCONFIG\Services: hkmsvc => 3
MSCONFIG\Services: HomeGroupListener => 3
MSCONFIG\Services: HomeGroupProvider => 3
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: idsvc => 3
MSCONFIG\Services: IKEEXT => 2
MSCONFIG\Services: IPBusEnum => 3
MSCONFIG\Services: iphlpsvc => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: KeyIso => 3
MSCONFIG\Services: KtmRm => 3
MSCONFIG\Services: LanmanServer => 2
MSCONFIG\Services: LanmanWorkstation => 2
MSCONFIG\Services: LiveUpdate => 3
MSCONFIG\Services: lltdsvc => 3
MSCONFIG\Services: lmhosts => 2
MSCONFIG\Services: LywjeyJyon => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MCTDesktopSvr => 2
MSCONFIG\Services: Mcx2Svc => 2
MSCONFIG\Services: Medlight => 2
MSCONFIG\Services: Microsoft SharePoint Workspace Audit Service => 3
MSCONFIG\Services: MMCSS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: MSDTC => 3
MSCONFIG\Services: MSiSCSI => 3
MSCONFIG\Services: msiserver => 3
MSCONFIG\Services: napagent => 3
MSCONFIG\Services: Net Driver HPZ12 => 2
MSCONFIG\Services: Netlogon => 3
MSCONFIG\Services: Netman => 3
MSCONFIG\Services: netprofm => 3
MSCONFIG\Services: NlaSvc => 2
MSCONFIG\Services: Norton Ghost => 2
MSCONFIG\Services: nsi => 2
MSCONFIG\Services: ose => 3
MSCONFIG\Services: osppsvc => 3
MSCONFIG\Services: p2pimsvc => 3
MSCONFIG\Services: p2psvc => 3
MSCONFIG\Services: PcaSvc => 3
MSCONFIG\Services: PeerDistSvc => 3
MSCONFIG\Services: Petwofiit => 3
MSCONFIG\Services: pla => 3
MSCONFIG\Services: Pml Driver HPZ12 => 2
MSCONFIG\Services: PNRPAutoReg => 3
MSCONFIG\Services: PNRPsvc => 3
MSCONFIG\Services: PolicyAgent => 3
MSCONFIG\Services: Power => 2
MSCONFIG\Services: ProtectedStorage => 3
MSCONFIG\Services: PS3 Media Server => 2
MSCONFIG\Services: QWAVE => 3
MSCONFIG\Services: RasAuto => 3
MSCONFIG\Services: RasMan => 3
MSCONFIG\Services: RemoteRegistry => 3
MSCONFIG\Services: RpcLocator => 3
MSCONFIG\Services: SamSs => 2
MSCONFIG\Services: SCardSvr => 3
MSCONFIG\Services: SCPolicySvc => 3
MSCONFIG\Services: SDRSVC => 3
MSCONFIG\Services: seclogon => 3
MSCONFIG\Services: SENS => 2
MSCONFIG\Services: SensrSvc => 3
MSCONFIG\Services: SessionEnv => 3
MSCONFIG\Services: ShellHWDetection => 2
MSCONFIG\Services: shopperz010120162020 Updater => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SNMPTRAP => 3
MSCONFIG\Services: Spooler => 2
MSCONFIG\Services: sppuinotify => 3
MSCONFIG\Services: SSDPSRV => 2
MSCONFIG\Services: SstpSvc => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: StiSvc => 2
MSCONFIG\Services: StorSvc => 3
MSCONFIG\Services: SushiLeadsUpdaterService => 2
MSCONFIG\Services: swprv => 3
MSCONFIG\Services: swsesrvc_1.10.0.25 => 2
MSCONFIG\Services: Symantec SymSnap VSS Provider => 3
MSCONFIG\Services: SymSnapService => 3
MSCONFIG\Services: SysMain => 2
MSCONFIG\Services: TabletInputService => 3
MSCONFIG\Services: TapiSrv => 3
MSCONFIG\Services: TBS => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: Themes => 2
MSCONFIG\Services: THREADORDER => 3
MSCONFIG\Services: TrkWks => 2
MSCONFIG\Services: TrustedInstaller => 3
MSCONFIG\Services: UI0Detect => 3
MSCONFIG\Services: UmRdpService => 3
MSCONFIG\Services: upnphost => 3
MSCONFIG\Services: UxSms => 2
MSCONFIG\Services: VaultSvc => 3
MSCONFIG\Services: vds => 3
MSCONFIG\Services: vpnagent => 2
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: W32Time => 3
MSCONFIG\Services: WatAdminSvc => 3
MSCONFIG\Services: wbengine => 3
MSCONFIG\Services: WbioSrvc => 3
MSCONFIG\Services: wcncsvc => 3
MSCONFIG\Services: WcsPlugInService => 3
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
MSCONFIG\Services: WebClient => 3
MSCONFIG\Services: Wecsvc => 3
MSCONFIG\Services: wercplsupport => 3
MSCONFIG\Services: WerSvc => 3
MSCONFIG\Services: WinDefend => 3
MSCONFIG\Services: WinHttpAutoProxySvc => 3
MSCONFIG\Services: Winmgmt => 2
MSCONFIG\Services: WinRM => 3
MSCONFIG\Services: Wlansvc => 2
MSCONFIG\Services: wlidsvc => 2
MSCONFIG\Services: wmiApSrv => 3
MSCONFIG\Services: WMPNetworkSvc => 2
MSCONFIG\Services: woforemu => 2
MSCONFIG\Services: WPCSvc => 3
MSCONFIG\Services: WPDBusEnum => 3
MSCONFIG\Services: wscsvc => 2
MSCONFIG\Services: WSearch => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\Services: wucotusy => 2
MSCONFIG\Services: wudfsvc => 3
MSCONFIG\Services: WwanSvc => 3
MSCONFIG\Services: zutuzuni => 2
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^John^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MyPC Backup.lnk => C:\Windows\pss\MyPC Backup.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: Akamai NetSession Interface => C:\Users\John\AppData\Local\Akamai\netsession_win.exe
MSCONFIG\startupreg: ApplePhotoStreams => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: CatalinaGroup Update => "C:\Users\John\AppData\Local\CatalinaGroup\Update\CatalinaUpdate.exe" /c
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FDispPos => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe Launch FixPos
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: iCloudServices => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstaLAN => "C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
MSCONFIG\startupreg: IntelliPoint => "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files\Itibiti Soft Phone\Itibiti.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
MSCONFIG\startupreg: MCTDUtil => C:\Program Files\Common Files\DesktopUtil\Util-Desktop.exe Launch SuperUtil
MSCONFIG\startupreg: Mobile Connectivity Suite => "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: MSSMSGS => rundll32.exe winjki32.rom,GYgomKEt
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Plex Media Server => "C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe"
MSCONFIG\startupreg: QlbCtrl.exe => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
MSCONFIG\startupreg: QualityChecker => C:\Program Files\QualityChecker\QC.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RAMBooster.Net => C:\Program Files\RAMBooster.Net\RAMBooster.exe -m
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ThreatFire => C:\Program Files\ThreatFire\TFTray.exe
MSCONFIG\startupreg: UnlockerAssistant => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
MSCONFIG\startupreg: WindoWeather => "C:\Program Files\WindoWeather\WindoWeather.exe" monetize
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{757FFC86-A4FE-4865-9710-AB0622FF71F9}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [{3F65CC33-6790-4A50-BED9-6E0BC792728A}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [TCP Query User{E89123BD-0F8D-4F26-9048-CB219C375698}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [UDP Query User{D27F05E4-B1B3-4058-9289-D41A78EA29D6}C:\program files\participatory culture foundation\miro\miro_downloader.exe] => (Allow) C:\program files\participatory culture foundation\miro\miro_downloader.exe
FirewallRules: [TCP Query User{E4C41F83-5662-458C-9A46-04435C41C76A}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{FED19B00-5248-47C6-B7D0-8B84E6E76EF3}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{E6C6A5FA-C456-43A2-B635-8D3A3383687B}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{55C5BF8F-AA53-4DEE-ADE3-B10F407B0B27}] => (Allow) C:\Users\John\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{C3EB43EC-715B-46CC-B56B-C3D90324479C}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{2C12F88F-880C-49CC-8818-5D5FB24C2A17}C:\program files\mozilla firefox\plugin-container.exe] => (Allow) C:\program files\mozilla firefox\plugin-container.exe
FirewallRules: [{768F14BA-FDB4-473F-85DD-4D6B894D0CDF}] => (Allow) C:\ProgramData\TVersity\Media Server\MediaServer.exe
FirewallRules: [TCP Query User{44B63352-98B6-409B-8E46-CC0E474969C3}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{854BDFF2-FFAA-42FF-AF2E-4E5EB96993C0}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [{72EAB08C-DCA8-4ACF-8492-2875974FE5E0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2EB6D375-52F2-4647-BAF3-E02FF04D3D19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{E6114046-7853-4E02-B395-633C2E18587A}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{3B7575C3-967A-40E1-8F8A-95D3ED70807E}C:\users\john\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\john\appdata\local\akamai\netsession_win.exe
FirewallRules: [{FF91B4EA-ABDA-400E-BBF1-3F99078EA787}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{4C19EEA8-641B-476B-87C7-2DD110A225BB}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{10C899DC-43F2-4F34-A5EC-488BFD54036E}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{6029E73E-B525-408E-9AAE-507F0128CFF4}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{00A7EB4B-E6BD-4BE4-9BC0-66E80718F3BE}] => (Allow) C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
FirewallRules: [{7FBDC17B-BABC-47C3-B4C0-017E5DC84BE6}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{F8F6E5E0-4127-47B3-9AD9-2078ADC29F2C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{55992B3C-BEB5-4A46-B08D-3EBB3ECB51B4}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [UDP Query User{CE079269-4CF5-4F12-80B1-F4F5C4BA4A3D}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe] => (Allow) C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe
FirewallRules: [{D6D91E8A-B934-412F-AA78-3FF7A7BB8C3E}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{9B2A495A-AF43-4B97-A55D-A891D7E6BA4E}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{049A86AC-2C51-43DC-A425-8CC981156DF0}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3074CD0B-5A8E-44DD-A116-B74636571E8C}] => (Allow) LPort=2869
FirewallRules: [{76420855-DD7B-4A18-90C5-81663AC1AA49}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{3833B8AD-2F1E-40B4-8581-089505DC05F4}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{8C43CA19-C559-46D1-AE44-11D9300B2CCA}C:\program files\internet explorer\iexplore.exe] => (Allow) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{796A5224-A288-4311-946E-C1FD53889003}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{921AD0EA-1E08-42F7-9462-0117CD668513}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{4D63ED7D-1CFA-4224-BB26-80DECB192EDD}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{6BEA6620-5761-4ABD-BEE1-8816E027B2C9}C:\program files\java\jre7\bin\java.exe] => (Allow) C:\program files\java\jre7\bin\java.exe
FirewallRules: [TCP Query User{D872C041-66DD-4DAD-961D-3C88F13F16CA}C:\users\john\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\john\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{916EBD0F-2B61-4437-A353-835D0C0DE260}C:\users\john\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\john\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [{10AD4952-F223-422A-A8AD-DFE5B815682C}] => (Allow) %ProgramFiles%\PS3 Media Server\PMS.exe
FirewallRules: [{FE70258B-54D7-46F7-BD2C-D5271F046754}] => (Allow) %ProgramFiles%\PS3 Media Server\PMS.exe
FirewallRules: [TCP Query User{CEE9FBFC-B2ED-469F-BA67-4696D1DB76B6}C:\program files\plex\plex media center\plex.exe] => (Allow) C:\program files\plex\plex media center\plex.exe
FirewallRules: [UDP Query User{4FF8ADBE-004E-4694-B3CD-F4EADB4D95BD}C:\program files\plex\plex media center\plex.exe] => (Allow) C:\program files\plex\plex media center\plex.exe
FirewallRules: [TCP Query User{9A0116BA-0955-4084-A199-85C2FC7497E3}C:\users\john\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\john\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A2133108-60CA-4542-A02D-DCA4FAE13B5B}C:\users\john\appdata\local\google\chrome\application\chrome.exe] => (Allow) C:\users\john\appdata\local\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{778F9A4D-57C0-4938-B604-583423925799}C:\users\john\appdata\local\temp\lmi2c4f.tmp\logmein client.exe] => (Allow) C:\users\john\appdata\local\temp\lmi2c4f.tmp\logmein client.exe
FirewallRules: [UDP Query User{63F3C063-C96B-43CB-AFD3-BB2D6B28F499}C:\users\john\appdata\local\temp\lmi2c4f.tmp\logmein client.exe] => (Allow) C:\users\john\appdata\local\temp\lmi2c4f.tmp\logmein client.exe
FirewallRules: [TCP Query User{45703907-6541-43D4-967E-4D43DA54FFA9}C:\program files\logmein\ignition\lmiignition.exe] => (Allow) C:\program files\logmein\ignition\lmiignition.exe
FirewallRules: [UDP Query User{DE0FFF2E-FC42-4EB5-A151-531E9F12B11B}C:\program files\logmein\ignition\lmiignition.exe] => (Allow) C:\program files\logmein\ignition\lmiignition.exe
FirewallRules: [{C8E21E07-CF91-48D7-8ABF-8425010EAB47}] => (Allow) C:\Users\John\AppData\Local\Temp\utt11B0.tmp.exe
FirewallRules: [{5003B56D-22D6-450C-8D42-B45122E81AF7}] => (Allow) C:\Users\John\AppData\Local\Temp\utt11B0.tmp.exe
FirewallRules: [{72DC4287-4ECB-4F39-8CBD-28B314EE2DFD}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{44A64900-81E3-475C-9E0C-EF38D1FBB1BB}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{7DE9253D-DF02-44D7-860F-ACF98C8E8474}] => (Allow) C:\Program Files\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{4AD23F26-B7A4-4527-9571-FDEE939EAD78}] => (Allow) C:\Program Files\Steam\SteamApps\common\primal_carnage\Binaries\Win32\PrimalCarnageGame.exe
FirewallRules: [{BF958D17-7816-441B-A9F7-370809789483}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{6106E14C-E2DD-4762-98D4-FC3D627E40C6}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{03B42583-637A-403B-AB15-D96E068B1636}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{0882C0C8-6DC8-45DA-9D9D-25B122008DB8}] => (Allow) C:\Program Files\Steam\SteamApps\common\Spore\SporeBin\SporeApp.exe
FirewallRules: [{FC9917F7-ED80-4F52-A801-E8F594B0CFD3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{A65DF8F4-F25F-4575-B58C-389A6AC64D70}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{501EFC6E-065B-4D5C-80E8-06319F081DF7}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{5A16F5B8-4BB6-49D6-B6B9-4A36B2E355F9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{EF00A016-58C7-4E39-9952-F8D553399D6C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{214E257A-2AE8-453D-AD61-037CDD36CC9D}] => (Allow) C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{C7FA754E-8D20-4386-9FE0-9100536BE78D}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{B046A9A1-0E8B-41FE-B3C5-2B91D9F7F44B}] => (Allow) C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{B14E2664-B192-4736-AD3C-F3AD0BC949CD}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FAC59977-450F-4A40-87B1-81B251BC6025}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FE1B5202-23B7-46FC-9D0E-61F792937078}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{68EDA0CD-529F-4F2B-BAAB-9DD85ADDDE21}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{56FF7CAB-D9AF-4643-92A6-56386DBE2A8F}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D59484F2-4F27-4EBA-924D-BAB450E47C19}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{C9F34530-1222-4D7F-B8FB-AA0123588D93}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{38CE2653-7F48-4807-86D6-CE0A35DF18DD}] => (Allow) C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{9463796B-FCAC-4DEC-85A2-6DA23D2776F8}C:\users\john\appdata\local\temp\joiaed1.tmp\join.me.exe] => (Allow) C:\users\john\appdata\local\temp\joiaed1.tmp\join.me.exe
FirewallRules: [UDP Query User{329A6FB1-1A32-41EC-8323-A51A7EF1846A}C:\users\john\appdata\local\temp\joiaed1.tmp\join.me.exe] => (Allow) C:\users\john\appdata\local\temp\joiaed1.tmp\join.me.exe
FirewallRules: [TCP Query User{3644A497-80D7-4405-BE59-166D3B425691}C:\users\john\appdata\local\join.me\join.me.exe] => (Allow) C:\users\john\appdata\local\join.me\join.me.exe
FirewallRules: [UDP Query User{538E5E67-E5AA-49CD-B620-BE733D462E91}C:\users\john\appdata\local\join.me\join.me.exe] => (Allow) C:\users\john\appdata\local\join.me\join.me.exe
FirewallRules: [{B5440317-8FAD-410A-944D-B3C181D8FD26}] => (Allow) C:\Users\John\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
Check "winmgmt" service or repair WMI.
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: F:\
Description: R5C822
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Microsoft
Service: WUDFRd
Problem: : Windows cannot initialize the device driver for this hardware. (Code 37)
Resolution: The driver returned failure from its DriverEntry routine. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Generic Mount Control Device
Description: Generic Mount Control Device
Class Guid: {d27c1f2e-cf2d-4fdc-ad2a-0dddbeab92f0}
Manufacturer: Symantec Corporation
Service: GenericMount
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
==================== Memory info =========================== 
 
Processor: Genuine Intel® CPU T2050 @ 1.60GHz
Percentage of memory in use: 19%
Total physical RAM: 3062.05 MB
Available physical RAM: 2450.11 MB
Total Virtual: 4596.34 MB
Available Virtual: 3990 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:61.83 GB) (Free:1.79 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.67 GB) (Free:1.39 GB) FAT32
Drive f: () (Removable) (Total:7.39 GB) (Free:7.36 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: DA4CCB4E)
Partition 1: (Active) - (Size=61.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=11.7 GB) - (Type=0C)
Partition 3: (Not Active) - (Size=1 GB) - (Type=D7)
 
========================================================
Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

Attached Files


Edited by jtd0820, 18 January 2016 - 03:41 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:39 AM

Posted 20 January 2016 - 09:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U2 V2iMount; no ImagePath
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}\localserver32 -> "C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe" => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {0C6C7A32-7194-4889-899D-58D80BFE235A} - System32\Tasks\4580 => Wscript.exe C:\Users\John\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {16625FBB-3224-42E3-90C5-45778AB7315E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3663300B-EB23-4EE6-AFEF-73F6EC6A8C57} - \SushiLeads -> No File <==== ATTENTION
Task: {534B5159-2201-4DDE-977A-35639CEB7B69} - \CIMT_daily_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {6F96F787-0E10-4B4D-9399-988BF49547EF} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {6FC0DE82-4126-419B-83FD-BCBA75A6B310} - \DNSBEECHER -> No File <==== ATTENTION
Task: {783250E0-E24F-4B83-887C-18BDDE1049B9} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {94F7B29C-4663-44EC-BE6D-3A5A586B7BE0} - System32\Tasks\At1 => C:\Windows\system32\cmstpp.exe <==== ATTENTION
Task: {C87F480E-23DE-4943-8AEF-2BBB91F9874E} - \CIMT_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {E8B71EB4-0D16-40E8-BBDD-3961D907E4CF} - System32\Tasks\Rogwob => C:\PROGRA~1\SHOPPE~1\Puvlutur.bat
Task: {EAD086A7-4033-4043-AAD0-DB73DE79CB69} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F7F6FA49-F3FE-426D-ADD9-C3722BE3ED29} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {FC7BB0FE-0C8F-44A1-930F-6326163A51CC} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\cmstpp.exe
C:\Users\John\AppData\Local\Temp\launchie.vbs
C:\Windows\system32\cmstpp.exe
C:\PROGRA~1\SHOPPE~1\Puvlutur.bat
C:\Users\John\AppData\Local\Temp\amisetup1066__16782.exe
C:\Users\John\AppData\Local\Temp\amisetup5269__16782.exe
C:\Users\John\AppData\Local\Temp\amzngtab.exe
C:\Users\John\AppData\Local\Temp\Geoair.exe
C:\Users\John\AppData\Local\Temp\Hotfresh.exe
C:\Users\John\AppData\Local\Temp\MediaPlayer__11426_il5637.exe
C:\Users\John\AppData\Local\Temp\nsaD8D3.exe
C:\Users\John\AppData\Local\Temp\nsjC249.exe
C:\Users\John\AppData\Local\Temp\SpOrder.dll
C:\Users\John\AppData\Local\Temp\sqlite3.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Copy the text IN THE CODE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4\InstallProperties]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}]
Restart the when completed.

You can delete the fixme.reg file when done.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)

Please post the logs and let me know what problem persists.

#3 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 20 January 2016 - 01:18 PM

I apologize it has taken me so long to reply. I ran the fixlist in FRST and merged the registry files as you instructed successfully.  I have pasted the contents of the fixlog.txt below.  After the reboot following the registry keys merge, my theme (window color, taskbar, etc.) still looks like the "classic" windows theme.  Also, the same 6 services that were running before the fix was ran are the only services running now and all others are disabled.  I don't want to start any services or make any other changes until I hear from you.  I will await further instruction.  Thank you so much for your help!!
 
 
Fix result of Farbar Recovery Scan Tool (x86) Version:10-01-2015 01
Ran by John (2016-01-20 11:04:29) Run:1
Running from F:\
Loaded Profiles: John (Available Profiles: John & itsupport)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000 -> DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
S3 ADASPROT; \??\C:\Program Files\Advanced System Optimizer 3\adasprot32.sys [X]
S3 HSF_DPV; system32\DRIVERS\HSX_DPV.sys [X]
S3 HSXHWAZL; system32\DRIVERS\HSXHWAZL.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 mdmxsdk; system32\DRIVERS\mdmxsdk.sys [X]
U2 V2iMount; no ImagePath
S3 winachsf; system32\DRIVERS\HSX_CNXT.sys [X]
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}\InprocServer32 ->  => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.149\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}\localserver32 -> "C:\Program Files\LogMeIn\Ignition\LMIIgnition.exe" => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\John\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
Task: {0C6C7A32-7194-4889-899D-58D80BFE235A} - System32\Tasks\4580 => Wscript.exe C:\Users\John\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {16625FBB-3224-42E3-90C5-45778AB7315E} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {3663300B-EB23-4EE6-AFEF-73F6EC6A8C57} - \SushiLeads -> No File <==== ATTENTION
Task: {534B5159-2201-4DDE-977A-35639CEB7B69} - \CIMT_daily_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {6F96F787-0E10-4B4D-9399-988BF49547EF} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION
Task: {6FC0DE82-4126-419B-83FD-BCBA75A6B310} - \DNSBEECHER -> No File <==== ATTENTION
Task: {783250E0-E24F-4B83-887C-18BDDE1049B9} - \ConsumerInputUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {94F7B29C-4663-44EC-BE6D-3A5A586B7BE0} - System32\Tasks\At1 => C:\Windows\system32\cmstpp.exe <==== ATTENTION
Task: {C87F480E-23DE-4943-8AEF-2BBB91F9874E} - \CIMT_S-1-5-21-3159299934-2912859473-3865949770-1000 -> No File <==== ATTENTION
Task: {E8B71EB4-0D16-40E8-BBDD-3961D907E4CF} - System32\Tasks\Rogwob => C:\PROGRA~1\SHOPPE~1\Puvlutur.bat
Task: {EAD086A7-4033-4043-AAD0-DB73DE79CB69} - \ConsumerInputUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {F7F6FA49-F3FE-426D-ADD9-C3722BE3ED29} - \TidyNetwork Update -> No File <==== ATTENTION
Task: {FC7BB0FE-0C8F-44A1-930F-6326163A51CC} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION
Task: C:\Windows\Tasks\At1.job => C:\Windows\system32\cmstpp.exe
C:\Users\John\AppData\Local\Temp\launchie.vbs
C:\Windows\system32\cmstpp.exe
C:\PROGRA~1\SHOPPE~1\Puvlutur.bat
C:\Users\John\AppData\Local\Temp\amisetup1066__16782.exe
C:\Users\John\AppData\Local\Temp\amisetup5269__16782.exe
C:\Users\John\AppData\Local\Temp\amzngtab.exe
C:\Users\John\AppData\Local\Temp\Geoair.exe
C:\Users\John\AppData\Local\Temp\Hotfresh.exe
C:\Users\John\AppData\Local\Temp\MediaPlayer__11426_il5637.exe
C:\Users\John\AppData\Local\Temp\nsaD8D3.exe
C:\Users\John\AppData\Local\Temp\nsjC249.exe
C:\Users\John\AppData\Local\Temp\SpOrder.dll
C:\Users\John\AppData\Local\Temp\sqlite3.dll
 
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully.
HKU\S-1-5-21-3159299934-2912859473-3865949770-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully.
ADASPROT => service removed successfully.
HSF_DPV => service removed successfully.
HSXHWAZL => service removed successfully.
lmimirr => service removed successfully.
mdmxsdk => service removed successfully.
V2iMount => service removed successfully.
winachsf => service removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{62BE5D10-60EB-11d0-BD3B-00A0C911CE86}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{B2C192C7-4005-4A8A-8485-BC7932DE3800}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => key removed successfully.
"HKU\S-1-5-21-3159299934-2912859473-3865949770-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C6C7A32-7194-4889-899D-58D80BFE235A}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C6C7A32-7194-4889-899D-58D80BFE235A}" => key removed successfully.
C:\Windows\System32\Tasks\4580 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4580" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{16625FBB-3224-42E3-90C5-45778AB7315E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{16625FBB-3224-42E3-90C5-45778AB7315E}" => key removed successfully.
C:\Windows\System32\Tasks\0 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3663300B-EB23-4EE6-AFEF-73F6EC6A8C57}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3663300B-EB23-4EE6-AFEF-73F6EC6A8C57}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SushiLeads => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{534B5159-2201-4DDE-977A-35639CEB7B69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{534B5159-2201-4DDE-977A-35639CEB7B69}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_daily_S-1-5-21-3159299934-2912859473-3865949770-1000 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6F96F787-0E10-4B4D-9399-988BF49547EF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F96F787-0E10-4B4D-9399-988BF49547EF}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Pending Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6FC0DE82-4126-419B-83FD-BCBA75A6B310}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FC0DE82-4126-419B-83FD-BCBA75A6B310}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DNSBEECHER => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{783250E0-E24F-4B83-887C-18BDDE1049B9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{783250E0-E24F-4B83-887C-18BDDE1049B9}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineCore => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{94F7B29C-4663-44EC-BE6D-3A5A586B7BE0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94F7B29C-4663-44EC-BE6D-3A5A586B7BE0}" => key removed successfully.
C:\Windows\System32\Tasks\At1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\At1" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C87F480E-23DE-4943-8AEF-2BBB91F9874E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C87F480E-23DE-4943-8AEF-2BBB91F9874E}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CIMT_S-1-5-21-3159299934-2912859473-3865949770-1000 => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8B71EB4-0D16-40E8-BBDD-3961D907E4CF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B71EB4-0D16-40E8-BBDD-3961D907E4CF}" => key removed successfully.
C:\Windows\System32\Tasks\Rogwob => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Rogwob" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EAD086A7-4033-4043-AAD0-DB73DE79CB69}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAD086A7-4033-4043-AAD0-DB73DE79CB69}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ConsumerInputUpdateTaskMachineUA => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7F6FA49-F3FE-426D-ADD9-C3722BE3ED29}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7F6FA49-F3FE-426D-ADD9-C3722BE3ED29}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FC7BB0FE-0C8F-44A1-930F-6326163A51CC}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7BB0FE-0C8F-44A1-930F-6326163A51CC}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SwiftSearch Auto Updater 1.10.0.25 Core => key not found. 
C:\Windows\Tasks\At1.job => moved successfully
"C:\Users\John\AppData\Local\Temp\launchie.vbs" => not found.
"C:\Windows\system32\cmstpp.exe" => not found.
"C:\PROGRA~1\SHOPPE~1\Puvlutur.bat" => not found.
"C:\Users\John\AppData\Local\Temp\amisetup1066__16782.exe" => not found.
"C:\Users\John\AppData\Local\Temp\amisetup5269__16782.exe" => not found.
"C:\Users\John\AppData\Local\Temp\amzngtab.exe" => not found.
"C:\Users\John\AppData\Local\Temp\Geoair.exe" => not found.
"C:\Users\John\AppData\Local\Temp\Hotfresh.exe" => not found.
"C:\Users\John\AppData\Local\Temp\MediaPlayer__11426_il5637.exe" => not found.
"C:\Users\John\AppData\Local\Temp\nsaD8D3.exe" => not found.
"C:\Users\John\AppData\Local\Temp\nsjC249.exe" => not found.
"C:\Users\John\AppData\Local\Temp\SpOrder.dll" => not found.
"C:\Users\John\AppData\Local\Temp\sqlite3.dll" => not found.
EmptyTemp: => 566.5 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 11:07:05 ====

Attached Files



#4 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 20 January 2016 - 11:30 PM

UPDATE:  I left my laptop on after my last post in case I heard back from you.  The charger was plugged in the whole time to make sure it did not shut down.  When I left work I didn't want to shut it down so I put it to sleep.  Shortly after I got home, I plugged the charger back in and opened the laptop and wiggled the mouse to wake it up.  It did come back on, but the screen just stayed black so I powered it off.  When I tried to power it back on, it would not, but the light was on indicating that it was charging.  I removed the battery and completely drained the power then put the battery back in and it still would not power on.  Luckily, I have a spare so I put it in and it turned on.  It booted to the Windows Startup repair screen where I had the option to repair startup or start Windows normally.  I did not want it to restore to an earlier point and possibly revert back to a time during when it was/is infected, so I selected start normally.  Now it will only boot to the Windows recovery option.  I've tried starting in Safe Mode and Safe Mode with Command Prompt and it attempts to load the drivers but fails and goes directly to Windows recovery. I have not attempted any of the recovery options because I wanted to get your opinion on what to do next.  Thanks in advance!!



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:39 AM

Posted 21 January 2016 - 10:25 AM

You do not need the battery if the computer is connected to the power outlet.

So remove the battery make sure the computer is connected to the power outlet.

Any change?

#6 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 21 January 2016 - 11:00 AM

I removed the battery and plugged the laptop into a power outlet.  It does power on but still booting to Windows System Recovery Options which are:

 

Startup Repair

System Restore

System Image Recovery

Windows Memory Diagnostic

Command Prompt

 

Unfortunately, I do not have an image that was created before the computer was infected.  Which option should I choose or do I need to try something else?

 

Thanks!



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:39 AM

Posted 21 January 2016 - 02:41 PM

Do this one first.
Windows Memory Diagnostic

if nothing bad found power down the computer.

Restart it and do this option.
Startup Repair

Keep me posted.

#8 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 21 January 2016 - 03:17 PM

I will have access to my computer again in about an hour and I will run memory diagnostics and if I still cannot boot normally I will run startup repair. Once completed, I will update you on the status.

Thank you!

#9 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 21 January 2016 - 05:15 PM

OK, I ran memory diags and it completed with no errors.  I then rebooted and ran the Startup Repair which found errors in the registry but said it was successful in repairing it.  It did not give any details as to what was corrupted or what it fixed in the registry.  It did not give an option to save the log report either so I restarted the computer and before it would load Windows, it ran a chkdsk and repaired all errors.  Rebooted the computer again and although it was sluggish, it did load Windows normally.  There is definitely some improvement because my customized Windows theme is back, fans are running smooth and quiet, services appear to be running normally although I have not started/stopped or enabled/disabled any.  What is the next step?  Run a FRST scan again?  I will not run or change anything until I hear from you.  Again, thank you so much for your help so far!!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:39 AM

Posted 22 January 2016 - 10:31 AM

Yes please run the FRST tool again.

Check the box to create a new Additon.txt file otherwise your current file will not be changed.

#11 jtd0820

jtd0820
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Mississippi
  • Local time:09:39 AM

Posted 22 January 2016 - 05:17 PM

I apologize, I have been on the road all day and just now have had a chance to reply. I will be home later tonight and I will run the FRST scan again and let you know if it finds anything. So far, everything is running great! Thanks

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:39 AM

Posted 28 January 2016 - 08:48 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users