Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky says I have Packed.Win32.Krap.hc


  • This topic is locked This topic is locked
34 replies to this topic

#1 colourqueen

colourqueen

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 28 February 2016 - 06:25 PM

According to Kaspersky I have  Packed.Win32.Krap.hc.  However it can't remove it. I'm getting all sorts of dll errors.. I've also noticed a whole set of updated files in wow64 directory. I've done a system restore to a point prior to the infection but that has done no good.

FRST logs are as follows

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Judy_new (administrator) on JUDYPC (28-02-2016 23:00:40)
Running from C:\Users\Judy_new\Desktop
Loaded Profiles: Judy_new (Available Profiles: Judy_new)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.126.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\AIRSVCU.EXE
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Encrdisk\ENCRDLG.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Alcatel-Lucent) C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Fitbug Limited) C:\Program Files (x86)\Fitbug Limited\Bug Manager\BugManager.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dropbox, Inc.) C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
() C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\TscHelp.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Encrdisk\ENCRDLG.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BlackBerry Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\HDManage\HDManage2.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 9\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394768 2010-10-20] (Acronis)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\Plusnet Assist\btbb\PlusnetHelpNotifier.exe [3722240 2012-06-25] (Alcatel-Lucent)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-09] (Apple Inc.)
HKLM-x32\...\Run: [Communicator] => C:\Program Files (x86)\Microsoft Lync\communicator.exe [12119872 2015-11-12] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60688 2015-11-20] (Apple Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2014720 2014-08-05] (AimerSoft)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2008-06-23] (Sonic Solutions)
HKLM-x32\...\Run: [DMXLauncher] => C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe [113136 2008-06-12] ()
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-28] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2537096 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5551288 2011-09-22] (Acronis)
HKLM-x32\...\Run: [SecureLockWare Drive] => C:\Program Files (x86)\BUFFALO\Encrdisk\ENCRDLG.exe [299008 2008-05-22] (BUFFALO INC.)
HKLM-x32\...\Run: [SSBkgdUpdate] => C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [185896 2006-09-28] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2014-02-07] (BlackBerry Limited)
HKLM-x32\...\Run: [ScrewDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [46448 2013-01-09] ()
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [IR_SERVER] => C:\PROGRA~2\Realtek\REALTE~1\IR_SERVER.exe
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2720144 2015-08-09] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Judy_new\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1566016 2015-07-27] (Samsung)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1015104 2015-07-27] (Samsung)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-12-19] (Google Inc.)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [Dropbox Update] => C:\Users\Judy_new\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-19] (Dropbox, Inc.)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [Bug Manager] => C:\Program Files (x86)\Fitbug Limited\Bug Manager\BugManager.exe [827904 2007-06-25] (Fitbug Limited)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160328 2015-09-13] (Siber Systems)
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\MountPoints2: E - E:\setup_vmc_lite.exe /checkApplicationPresence
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\MountPoints2: {c80fa579-9573-11e2-a8b4-902b34a1eadc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\MountPoints2: {e6d1f1f6-4da1-11e2-b06f-902b34a1eadc} - E:\LaunchU3.exe -a
HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\MountPoints2: {ea63e657-0330-11e5-9d41-902b34a1eadc} - E:\setup_vmc_lite.exe /checkApplicationPresence
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 9.lnk [2012-12-27]
ShortcutTarget: Snagit 9.lnk -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk [2014-03-04]
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BUFFALO Power Save Utility for HD.lnk [2014-06-29]
ShortcutTarget: BUFFALO Power Save Utility for HD.lnk -> C:\Program Files (x86)\BUFFALO\HDManage\HDManage2.exe (BUFFALO INC.)
Startup: C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-02-18]
ShortcutTarget: Dropbox.lnk -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Introducing Media Manager.lnk [2013-12-26]
ShortcutTarget: Introducing Media Manager.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\SPLASHA.EXE ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\PROGRA~1\MICROS~2\ENDPOI~1\318FB7~1.0\WhlNSP.dll [150232 2013-11-15] (Microsoft Corporation)
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3A59364-2B68-4B50-B55A-113DB4E54917}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DD5B23A1-F4BB-4AF7-B4A9-1B0693A08D88}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-549620600-2916040154-119935050-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.co.uk/?gws_rd=ssl
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuzyyC0FyCyDtBzy0E0DyEyE0E0CzyyByDtN0D0Tzu0CyDtCtBtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1280323716&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-549620600-2916040154-119935050-1000 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll [2009-04-17] (TechSmith Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-13] (Siber Systems Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-02] (AO Kaspersky Lab)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.126.0\amd64\BingExt.dll [2014-02-27] (Microsoft Corporation.)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll [2009-04-17] (TechSmith Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Lync\OCHelper.dll [2010-10-22] (Microsoft Corporation)
BHO-x32: No Name -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-13] (Siber Systems Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-02-10] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-02] (AO Kaspersky Lab)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.126.0\BingExt.dll [2014-02-27] (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-02-10] (Oracle Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-13] (Siber Systems Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.126.0\amd64\BingExt.dll [2014-02-27] (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-01-02] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-09-13] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-04-17] (TechSmith Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.126.0\BingExt.dll [2014-02-27] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-01-02] (AO Kaspersky Lab)
Toolbar: HKU\S-1-5-21-549620600-2916040154-119935050-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-549620600-2916040154-119935050-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-09-13] (Siber Systems Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: HKLM-x32 {6D63F73D-3688-3000-9C0F-00A0C90F29FC} hxxps://www.ellcchoicehomes.org.uk/ClientSideApps/dcube3.cab
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://trap.havering.gov.uk/InternalSite/WhlCompMgr.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=1082
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2012-03-28] (Citrix Systems, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Judy_new\AppData\Roaming\Mozilla\Firefox\Profiles\0eif5ftz.default
FF NewTab: hxxps://www.google.co.uk/?gws_rd=ssl
FF SelectedSearchEngine: Google
FF Homepage: hxxps://www.google.co.uk/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-11] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-20] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-02-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-02-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-06-25] (Motive, Inc.)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-04-30] ()
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-12] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Google Translator for Firefox - C:\Users\Judy_new\AppData\Roaming\Mozilla\Firefox\Profiles\0eif5ftz.default\extensions\translator@zoli.bod.xpi [2015-08-19]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-01-02]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-11-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt => not found
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-03] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [AMVCU@Aimersoft.com] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com
FF Extension: Aimersoft Video Converter Ultimate - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com [2014-10-22] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
FF Extension: Aimersoft Video Converter Ultimate - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt [2014-05-21] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-09-13] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox
FF HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-12-10] [not signed]
FF HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Firefox\Extensions: [{CF13FA66-1F4F-426d-BB1B-E07A13BFF2C8}] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRFirefoxExt
 
Chrome:
=======
CHR Profile: C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-26]
CHR Extension: (Google Search) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-26]
CHR Extension: (Anti-Banner) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-04-26]
CHR Extension: (Logitech SetPoint) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd [2013-04-26]
CHR Extension: (Safe Money) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-04-26]
CHR Extension: (Content Blocker) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-04-26]
CHR Extension: (Anti-Banner) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-04-26]
CHR Extension: (Gmail) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-26]
CHR Extension: (Anti-Banner) - C:\Users\Judy_new\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-04-26]
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [mapcejffhcbidcjmomhalabpcbaeimcb] - C:\Program Files (x86)\Aimersoft\Video Converter Ultimate\SVRChromePlugin.crx [2013-12-27]
CHR HKLM-x32\...\Chrome\Extension: [nmapfhedmiiikmeicmclonepdhjgmlcn] - C:\ProgramData\Aimersoft\Video Converter Ultimate\AMVCU@Aimersoft.com.crx [2014-06-24]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-01-02] (Kaspersky Lab ZAO)
R3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [File not signed]
S3 DMService; C:\Windows\Downloaded Program Files\CONFLICT.1\DMService.exe [620760 2013-12-11] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2012-01-26] (Alcatel-Lucent) [File not signed]
R2 MMIndexer; C:\Program Files (x86)\Common Files\Microsoft Shared\Media Manager\airsvcu.exe [136704 1997-07-15] (Microsoft Corporation) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2008-06-23] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2008-06-23] (Sonic Solutions)
R2 SecureLockWare_InputPassword; C:\Program Files (x86)\BUFFALO\Encrdisk\ENCRDLG.exe [299008 2008-05-22] (BUFFALO INC.) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170712 2013-11-15] (Microsoft Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 bfturboh; C:\Windows\SysWOW64\drivers\bfturboh.sys [17152 2008-02-12] (BUFFALO INC.) [File not signed]
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [32512 2012-08-07] (Etron Technology Inc)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-12-30] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-01-02] (AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2016-01-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [940928 2016-01-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-01-02] (AO Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2016-02-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-25] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-08-31] (CACE Technologies, Inc.)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-12-02] (BlackBerry Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
S1 RxFilter; C:\Windows\SysWOW64\DRIVERS\RxFilter.sys [65520 2008-06-23] (Sonic Solutions)
S0 SecureLockWare_EncryptFilterDriver; C:\Windows\SysWOW64\DRIVERS\ENCRFIL.SYS [725120 2007-06-19] (BUFFALO INC.) [File not signed]
S0 SecureLockWare_EncryptFilterDriver2; C:\Windows\SysWOW64\DRIVERS\SLWFIL.SYS [725248 2007-06-19] (BUFFALO INC.) [File not signed]
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-02-28] ()
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
R3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
R3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-28 22:29 - 2016-02-28 22:29 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-02-28 22:29 - 2016-02-28 22:29 - 00000858 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-02-28 22:29 - 2016-02-28 22:29 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-28 22:29 - 2016-02-28 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-02-28 22:29 - 2016-02-28 22:29 - 00000000 ____D C:\Program Files\RogueKiller
2016-02-28 22:28 - 2016-02-28 21:41 - 02371072 _____ (Farbar) C:\Users\Judy_new\Desktop\FRST64.exe
2016-02-28 22:27 - 2016-02-28 22:03 - 31299600 _____ (Adlice Software ) C:\Users\Judy_new\Desktop\setup.exe
2016-02-28 21:39 - 2016-02-28 21:32 - 01609216 _____ (Malwarebytes) C:\Users\Judy_new\Desktop\JRT.exe
2016-02-28 08:53 - 2016-02-28 08:53 - 00000000 ____D C:\@RestoreQuarantine
2016-02-28 08:43 - 2016-02-28 08:43 - 00038632 _____ C:\Users\Judy_new\Documents\eset.txt
2016-02-27 23:26 - 2016-02-28 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reanimator
2016-02-27 23:23 - 2016-02-27 23:23 - 00000000 ____D C:\ProgramData\RegRun
2016-02-27 23:21 - 2016-02-28 19:57 - 00000000 ____D C:\Users\Judy_new\Documents\RegRun2
2016-02-27 23:21 - 2016-02-28 19:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-02-27 23:21 - 2016-02-28 19:57 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-02-27 23:21 - 2016-02-28 08:52 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-02-27 23:18 - 2016-02-27 23:20 - 17436698 _____ C:\Users\Judy_new\Downloads\unhackme.zip
2016-02-27 23:07 - 2016-02-27 23:07 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-27 23:02 - 2016-02-27 23:05 - 00064136 _____ C:\Users\Judy_new\Desktop\Addition.txt
2016-02-27 23:00 - 2016-02-28 23:01 - 00041820 _____ C:\Users\Judy_new\Desktop\FRST.txt
2016-02-27 23:00 - 2016-02-28 22:58 - 00000000 ____D C:\FRST
2016-02-27 22:29 - 2016-02-27 22:29 - 00000022 _____ C:\Users\Judy_new\Desktop\ESETPoweliksCleaner.exe_20160227.222946.7760.zip
2016-02-27 19:38 - 2016-02-27 19:38 - 00123496 _____ C:\Users\Judy_new\Downloads\wow64win.zip
2016-02-27 19:37 - 2016-02-27 19:37 - 00122181 _____ C:\Users\Judy_new\Downloads\wow64.zip
2016-02-27 19:33 - 2016-02-27 19:33 - 00005923 _____ C:\Users\Judy_new\Downloads\wow64cpu.zip
2016-02-27 18:42 - 2016-02-27 18:42 - 00000000 ____D C:\ProgramData\TEMP
2016-02-27 09:25 - 2016-02-27 09:25 - 00852798 _____ C:\Users\Judy_new\Downloads\SecurityCheck.exe.h5tyek8.partial
2016-02-27 09:17 - 2016-02-27 09:17 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\55E258AA.sys
2016-02-18 18:15 - 2016-02-18 18:15 - 06645619 _____ (Money Manager EX ) C:\Users\Judy_new\Downloads\mmex_1.2.5_x64_setup.exe
2016-02-18 18:15 - 2016-02-18 18:15 - 05962986 _____ (Money Manager EX ) C:\Users\Judy_new\Downloads\mmex_1.2.5_win32_setup.exe
2016-02-18 11:26 - 2016-02-29 06:12 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-02-17 18:21 - 2016-02-17 18:21 - 00045568 _____ C:\Users\Judy_new\Documents\wondow drawing.vsd
2016-02-17 18:11 - 2016-02-17 18:18 - 00057678 _____ C:\Users\Judy_new\Documents\window-Drawing1.pdf
2016-02-16 16:42 - 2016-02-16 16:42 - 00000000 ____D C:\Users\Judy_new\Forefront UAG Remote Access Agent
2016-02-16 08:05 - 2016-02-16 16:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-14 17:08 - 2016-02-14 17:16 - 73150464 _____ C:\Users\Judy_new\Downloads\calibre-64bit-2.51.0.msi
2016-02-04 22:14 - 2016-02-04 22:14 - 00087626 _____ C:\Users\Judy_new\Documents\School Term Dates 2015-16.pdf
2016-02-04 22:13 - 2016-02-04 22:13 - 00207348 _____ C:\Users\Judy_new\Documents\SchoolTermDates2015-16.pdf
2016-02-04 21:54 - 2016-02-04 21:54 - 00067130 _____ C:\Users\Judy_new\Documents\From Chair of Governors (2).pdf
2016-02-04 07:00 - 2016-02-04 07:01 - 01609032 _____ (Malwarebytes) C:\Users\Judy_new\Downloads\JRT.exe
2016-02-03 18:27 - 2016-02-03 18:27 - 00169075 _____ C:\Users\Judy_new\Downloads\READ-ME-CROSS-STITCH-TIPS.pdf
2016-02-03 18:27 - 2016-02-03 18:27 - 00131625 _____ C:\Users\Judy_new\Downloads\work-thefriendlyboss-male-fullcolor.pdf
2016-02-03 18:27 - 2016-02-03 18:27 - 00126428 _____ C:\Users\Judy_new\Downloads\work-thefriendlyboss-male-gray.pdf
2016-02-03 18:27 - 2016-02-03 18:27 - 00077712 _____ C:\Users\Judy_new\Downloads\WORK-thefriendlyboss-fullcolor.pdf
2016-02-03 18:27 - 2016-02-03 18:27 - 00072522 _____ C:\Users\Judy_new\Downloads\WORK-thefriendlyboss-gray.pdf
2016-02-01 22:33 - 2016-02-01 22:47 - 00012672 ____N C:\Users\Judy_new\Documents\01-02-2016 22-33-34.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-29 06:12 - 2015-10-21 16:51 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)
2016-02-29 06:12 - 2015-04-14 15:46 - 00000000 ___SD C:\Windows\system32\GWX
2016-02-29 06:12 - 2015-02-11 23:33 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\MyPhoneExplorer
2016-02-29 06:12 - 2015-02-11 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-29 06:12 - 2014-07-10 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 06:12 - 2014-07-10 20:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 06:12 - 2013-12-27 10:13 - 00000000 ____D C:\ProgramData\Aimersoft Video Converter Ultimate
2016-02-29 06:12 - 2013-05-26 14:05 - 00000000 ____D C:\ProgramData\InstallMate
2016-02-29 06:12 - 2013-01-08 21:33 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\ArcSoft
2016-02-29 06:12 - 2012-12-19 19:20 - 00000000 ____D C:\Users\Judy_new
2016-02-29 06:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\com
2016-02-29 06:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2016-02-29 06:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-29 06:12 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-02-29 06:11 - 2015-04-14 15:46 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-02-29 06:11 - 2014-03-04 16:12 - 00000000 ____D C:\Windows\SysWOW64\SYSTEM32
2016-02-29 06:11 - 2013-03-22 16:03 - 00000000 ____D C:\Windows\SysWOW64\GPBAK
2016-02-29 06:11 - 2012-12-23 18:15 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2016-02-29 06:11 - 2012-12-19 22:10 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-02-29 06:11 - 2011-04-12 08:17 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-02-29 06:11 - 2011-04-12 08:17 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-02-29 06:11 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-28 22:59 - 2009-07-14 04:45 - 00028160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-28 22:59 - 2009-07-14 04:45 - 00028160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 22:57 - 2014-07-10 20:31 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-28 22:55 - 2013-12-26 17:54 - 00000000 ___RD C:\My Pictures
2016-02-28 22:53 - 2015-08-31 21:35 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-02-28 22:53 - 2012-12-19 20:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-28 22:53 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-28 22:46 - 2013-12-26 17:54 - 00000000 ____H C:\cmsstorage.lst
2016-02-28 22:35 - 2014-04-22 16:02 - 00000000 ____D C:\Users\Public\Util
2016-02-28 22:19 - 2012-12-19 22:08 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 21:36 - 2013-01-01 16:25 - 00000000 ____D C:\Temp
2016-02-28 21:36 - 2009-07-14 05:13 - 00804384 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-28 20:53 - 2015-06-19 20:42 - 00000930 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000UA.job
2016-02-28 19:58 - 2011-04-12 08:17 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-02-28 19:58 - 2011-04-12 08:17 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-02-28 19:58 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2016-02-28 19:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-02-28 19:53 - 2013-12-26 17:54 - 00000000 ____H C:\Users\cmsstorage.lst
2016-02-27 18:29 - 2012-12-23 18:00 - 00000000 ____D C:\Users\Judy_new\AppData\Local\ElevatedDiagnostics
2016-02-27 18:10 - 2013-07-24 18:06 - 00000000 ____D C:\Windows\system32\MRT
2016-02-27 17:03 - 2012-12-22 15:54 - 00000000 ____D C:\Users\Judy_new\Documents\Outlook Files
2016-02-27 13:15 - 2009-07-14 05:37 - 00000000 ____D C:\Windows\DigitalLocker
2016-02-27 11:41 - 2015-01-28 07:41 - 10361837 _____ C:\Users\Judy_new\Downloads\SuperOneClick+v2.3.3+Apk-shortFuse-tamboenman.blogspot.com.rar
2016-02-24 23:06 - 2015-02-19 17:05 - 00000000 ____D C:\Users\Judy_new\Documents\MoneyManager
2016-02-24 23:06 - 2015-02-14 18:27 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\MoneyManagerEx
2016-02-24 02:48 - 2013-12-26 17:54 - 00000000 ____H C:\Windows\cmsstorage.lst
2016-02-23 13:38 - 2013-05-26 14:07 - 00000000 ____D C:\Users\Judy_new\AppData\LocalLow\Temp
2016-02-23 13:38 - 2009-07-14 05:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-02-23 12:00 - 2015-06-19 20:42 - 00000878 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000Core.job
2016-02-23 07:53 - 2012-12-19 22:14 - 00000000 ____D C:\Users\Judy_new\Tracing
2016-02-21 12:33 - 2015-11-06 22:16 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-20 08:36 - 2013-01-02 17:35 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\ZoomBrowser EX
2016-02-20 03:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\tracing
2016-02-18 18:16 - 2015-08-05 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MoneyManagerEX
2016-02-18 18:16 - 2015-08-05 19:47 - 00000000 ____D C:\Program Files\MoneyManagerEX
2016-02-18 11:27 - 2015-02-14 19:42 - 00000000 ___RD C:\Users\Judy_new\Dropbox
2016-02-18 11:27 - 2015-02-14 19:36 - 00000000 ____D C:\Users\Judy_new\AppData\Roaming\Dropbox
2016-02-17 18:18 - 2012-12-31 17:54 - 00000000 ____D C:\Users\Judy_new\AppData\Local\CutePDF Writer
2016-02-14 17:19 - 2012-12-20 21:43 - 00000930 _____ C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2016-02-14 17:19 - 2012-12-20 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2016-02-14 17:19 - 2012-12-20 21:42 - 00000000 ____D C:\Program Files\Calibre2
2016-02-14 17:07 - 2012-12-20 21:43 - 00000000 ____D C:\Users\Judy_new\Documents\Calibre Library
2016-02-11 16:55 - 2014-07-18 14:13 - 00000000 ____D C:\Users\Judy_new\AppData\Local\Adobe
2016-02-11 16:46 - 2012-12-19 22:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-11 16:46 - 2012-12-19 22:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-10 18:42 - 2015-08-02 16:34 - 00002311 _____ C:\Users\Judy_new\Desktop\FreeGuide TV Guide.lnk
2016-02-10 18:36 - 2013-10-15 21:59 - 00000000 ____D C:\ProgramData\Oracle
2016-02-10 18:34 - 2014-10-21 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-10 18:33 - 2015-09-13 08:47 - 00000000 ____D C:\Users\Judy_new\.oracle_jre_usage
2016-02-10 18:32 - 2014-10-21 20:37 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-02-10 18:32 - 2014-10-21 20:37 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-10 18:13 - 2014-04-23 18:20 - 00000000 ____D C:\AdwCleaner
2016-02-05 21:25 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-02-04 21:19 - 2012-12-25 10:58 - 00000000 ____D C:\ProgramData\Roxio
2016-02-04 21:13 - 2013-09-03 17:39 - 00141236 _____ C:\Users\Judy_new\AppData\Local\rx_audio.Cache
2016-02-04 21:13 - 2012-12-26 20:38 - 00340268 _____ C:\Users\Judy_new\AppData\Local\rx_image32.Cache
2016-02-02 06:14 - 2012-12-19 22:08 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 06:14 - 2012-12-19 22:08 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-02 06:14 - 2012-12-19 22:08 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
 
==================== Files in the root of some directories =======
 
2015-03-28 19:05 - 2015-03-09 14:48 - 2508440 _____ (Sysinternals - www.sysinternals.com) C:\Program Files\procexp.exe
2013-12-26 15:37 - 2014-02-09 05:29 - 0019790 _____ () C:\Users\Judy_new\AppData\Roaming\cached-certs
2013-12-26 15:37 - 2014-02-18 21:39 - 1112513 _____ () C:\Users\Judy_new\AppData\Roaming\cached-microdesc-consensus
2013-12-26 16:07 - 2014-02-17 16:04 - 2318132 _____ () C:\Users\Judy_new\AppData\Roaming\cached-microdescs
2013-12-26 15:37 - 2014-02-17 16:04 - 0000000 _____ () C:\Users\Judy_new\AppData\Roaming\cached-microdescs.new
2015-03-31 11:51 - 2016-01-18 20:48 - 0000509 _____ () C:\Users\Judy_new\AppData\Roaming\com.iliumsoft.ewallet.plist
2014-02-12 21:30 - 2014-02-12 21:30 - 0907792 __RSH () C:\Users\Judy_new\AppData\Roaming\EA3E43AA3346FB793A04C62499745
2014-02-12 21:30 - 2014-02-12 21:30 - 0258576 __RSH () C:\Users\Judy_new\AppData\Roaming\EA3E43AA3346FB7948B935FE76459
2014-02-12 21:30 - 2014-02-12 21:30 - 0287760 __RSH () C:\Users\Judy_new\AppData\Roaming\EA3E43AA3346FB79E248B12509731
2005-04-08 02:16 - 2005-04-08 02:16 - 0000015 ____H () C:\Users\Judy_new\AppData\Roaming\Judy_newlog.dat
2013-12-26 15:37 - 2014-02-12 22:31 - 0000000 _____ () C:\Users\Judy_new\AppData\Roaming\lock
2012-12-22 18:47 - 2015-03-19 22:52 - 0015937 _____ () C:\Users\Judy_new\AppData\Roaming\Rim.Desktop.Exception.log
2012-12-22 18:46 - 2013-11-27 17:10 - 0013110 _____ () C:\Users\Judy_new\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2012-12-22 18:47 - 2015-03-19 22:52 - 0006160 _____ () C:\Users\Judy_new\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-12-26 15:37 - 2014-02-16 15:42 - 0004319 _____ () C:\Users\Judy_new\AppData\Roaming\state
2013-03-03 13:34 - 2015-02-25 16:59 - 0003584 _____ () C:\Users\Judy_new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-06-09 14:39 - 2013-06-09 14:39 - 0000096 _____ () C:\Users\Judy_new\AppData\Local\fusioncache.dat
2014-06-24 17:26 - 2014-06-24 17:26 - 0007605 _____ () C:\Users\Judy_new\AppData\Local\Resmon.ResmonCfg
2013-09-03 17:39 - 2016-02-04 21:13 - 0141236 _____ () C:\Users\Judy_new\AppData\Local\rx_audio.Cache
2012-12-26 20:38 - 2016-02-04 21:13 - 0340268 _____ () C:\Users\Judy_new\AppData\Local\rx_image32.Cache
2012-12-19 20:45 - 2012-12-19 20:45 - 0017408 _____ () C:\Users\Judy_new\AppData\Local\WebpageIcons.db
 
ZeroAccess:
C:\Windows\Installer\{bdd71f2f-8f9a-fff2-36d7-a6bcb6efecca}
C:\Windows\Installer\{bdd71f2f-8f9a-fff2-36d7-a6bcb6efecca}\@
C:\Windows\Installer\{bdd71f2f-8f9a-fff2-36d7-a6bcb6efecca}\U\00000004.@
C:\Windows\Installer\{bdd71f2f-8f9a-fff2-36d7-a6bcb6efecca}\U\00000008.@
C:\Windows\Installer\{bdd71f2f-8f9a-fff2-36d7-a6bcb6efecca}\L\00000004.@
 
Some files in TEMP:
====================
C:\Users\Judy_new\AppData\Local\Temp\almedia-converter_full351.exe
C:\Users\Judy_new\AppData\Local\Temp\AskSLib.dll
C:\Users\Judy_new\AppData\Local\Temp\ca_262A.tmp.dll
C:\Users\Judy_new\AppData\Local\Temp\converter.exe
C:\Users\Judy_new\AppData\Local\Temp\D2M-Precheck.exe
C:\Users\Judy_new\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Judy_new\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpie5y2f.dll
C:\Users\Judy_new\AppData\Local\Temp\Execute2App.exe
C:\Users\Judy_new\AppData\Local\Temp\FreeStudio.exe
C:\Users\Judy_new\AppData\Local\Temp\GB_en_Avery_AW40.exe
C:\Users\Judy_new\AppData\Local\Temp\Impressioner.exe
C:\Users\Judy_new\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Judy_new\AppData\Local\Temp\install_flashplayer13x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Judy_new\AppData\Local\Temp\install_flashplayer17x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Judy_new\AppData\Local\Temp\install_reader11_uk_gtba_chra_dy_aih[1].exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u31-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u65-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\jre-8u73-windows-au.exe
C:\Users\Judy_new\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Judy_new\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Judy_new\AppData\Local\Temp\msvcp90.dll
C:\Users\Judy_new\AppData\Local\Temp\msvcr90.dll
C:\Users\Judy_new\AppData\Local\Temp\ose00000.exe
C:\Users\Judy_new\AppData\Local\Temp\Quarantine.exe
C:\Users\Judy_new\AppData\Local\Temp\RoboForm-Setup.exe
C:\Users\Judy_new\AppData\Local\Temp\SpOrder.dll
C:\Users\Judy_new\AppData\Local\Temp\sqlite3.dll
C:\Users\Judy_new\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Judy_new\AppData\Local\Temp\tbWhit.dll
C:\Users\Judy_new\AppData\Local\Temp\uninst1.exe
C:\Users\Judy_new\AppData\Local\Temp\wpinst64.exe
C:\Users\Judy_new\AppData\Local\Temp\_is1F07.exe
C:\Users\Judy_new\AppData\Local\Temp\_is77B1.exe
C:\Users\Judy_new\AppData\Local\Temp\_is939A.exe
C:\Users\Judy_new\AppData\Local\Temp\_isF9F3.exe
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-02-28 11:15
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Judy_new (2016-02-28 23:06:06)
Running from C:\Users\Judy_new\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2012-12-19 19:20:28)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-549620600-2916040154-119935050-500 - Administrator - Disabled)
ASPNET (S-1-5-21-549620600-2916040154-119935050-1005 - Limited - Enabled)
Guest (S-1-5-21-549620600-2916040154-119935050-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-549620600-2916040154-119935050-1011 - Limited - Enabled)
JAD (S-1-5-21-549620600-2916040154-119935050-1003 - Administrator - Enabled)
Judy_new (S-1-5-21-549620600-2916040154-119935050-1000 - Administrator - Enabled) => C:\Users\Judy_new
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version:  - )
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
Aimersoft Video Converter Ultimate(Build 6.4.1.0) (HKLM-x32\...\Aimersoft Video Converter Ultimate_is1) (Version: 6.4.1.0 - Aimersoft Software)
Amazon Kindle (HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft TotalMedia 3 (HKLM-x32\...\{268CF0B8-CA38-4E20-9E99-514A07F7C1F1}) (Version:  - ArcSoft)
ArcSoft TotalMedia 3 (HKLM-x32\...\{2A306F38-EC10-41E1-9D3D-65D49737BEA8}) (Version:  - ArcSoft)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}) (Version: 3.5.7.375 - ArcSoft)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)
BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden
BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC)
BBSAK (HKLM-x32\...\{B23F12D4-17DE-453A-B1F4-55E501FE0EBF}) (Version: 1.9.2 - JMT Labs)
Bing Bar (HKLM-x32\...\{3A3DE34D-AE27-4237-8111-8A0F2B3E5CE6}) (Version: 7.3.126.0 - Microsoft Corporation)
BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
BlackBerry Device Software Updater (HKLM-x32\...\{E31C1E19-81D2-40C0-BE40-30A2A54E9C27}) (Version: 8.0.0.50 - Research In Motion Ltd)
BlackBerry Device Software v7.1.0 for the BlackBerry 9900 smartphone (HKLM-x32\...\{75FF3163-F6B3-47AB-9699-4754D5F1D773}) (Version: 7.1.0.1033 (Platform 5.1.0.692) - Research In Motion Ltd.)
BlackBerry USB and Modem Drivers 7.0 (HKLM-x32\...\BlackBerry_HandheldManager) (Version: 7.0.0.43 - Research In Motion Ltd.)
BlackBerry USB and Modem Drivers 7.0 (x32 Version: 7.0.0.43 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BUFFALO Power Save Utility for HD (HKLM-x32\...\UN040525) (Version:  - )
BUFFALO Secure Lock Ware (HKLM-x32\...\UN050225) (Version:  - )
BUFFALO TurboUSB for FLASH/HDD (HKLM-x32\...\UN070618) (Version:  - )
Bug Manager (HKLM-x32\...\Bug Manager) (Version: 2.08 - Fitbug Limited)
calibre 64bit (HKLM\...\{2E0DEF55-D1D3-493C-8673-D4B30F12B9CE}) (Version: 2.51.0 - Kovid Goyal)
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - )
CANON iMAGE GATEWAY Task for ZoomBrowser EX (HKLM-x32\...\CANON iMAGE GATEWAY Task) (Version: 1.9.0.9 - Canon Inc.)
Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.8.0.1 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.9.0.6 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 3.3.0.5 - Canon Inc.)
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.)
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX (HKLM-x32\...\EOS Video Snapshot Task) (Version: 1.0.0.10 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities RemoteCapture DC (HKLM-x32\...\RemoteCaptureDC) (Version: 3.0.1.8 - )
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - )
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.9.0.1 - Canon Inc.)
Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.6.0.15 - Canon Inc.)
CanoScan Toolbox Ver4.9 (HKLM-x32\...\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}) (Version:  - )
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 12.3.0.8 - Citrix Systems, Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
DirectXInstallService (x32 Version: 9.0.2 - Roxio) Hidden
Dropbox (HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
EMC 10 Content (HKLM-x32\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.033 - Roxo, Inc.)
EMCGadgets64 (Version: 1.1.141 - Sonic) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
eWallet 8.1.5 for Windows PCs (HKLM-x32\...\Ilium Software eWallet_is1) (Version: 8.1.5 - Ilium Software)
eWallet Icon Pack 4: Classic Icons IV Professional Edition (Win (HKLM-x32\...\Ilium Software eWalletIconPack4_is1) (Version: 1.0 - Ilium Software)
FlexWallet Icon Pack Professional Edition (Windows Mobile) (HKLM-x32\...\Ilium Software FlexWalletIconPack_is1) (Version: 2008.09.30 - Ilium Software)
Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.24.430 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)
FreeGuide 0.11.1 (HKLM-x32\...\Product) (Version: 0.11.1 - )
GetFLV 9.7.9.9 (HKLM-x32\...\GetFLV_is1) (Version:  - GetFLV, Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.9.9.8 - Siber Systems)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
iTunes (HKLM\...\{0D44E3A4-6C3D-45D7-B443-079509E5BE5D}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
KeePass Password Safe 2.30 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.30 - Dominik Reichl)
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Manual CanoScan LiDE 25 (HKLM-x32\...\{C45EB9E5-7165-4FB0-8C31-77FC4743362F}) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft Lync 2010 (HKLM\...\{81BE0B17-563B-45D4-B198-5721E6C665CD}) (Version: 4.0.7577.4486 - Microsoft Corporation)
Microsoft Media Manager 1.5 (HKLM-x32\...\Media Manager 1.5) (Version:  - )
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Picture It! 2.0 (HKLM-x32\...\Microsoft Picture It!) (Version:  - )
Microsoft Project 2000 (HKLM-x32\...\{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU  (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU  (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.0 (HKLM-x32\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MKVToolNix 6.1.0 (HKLM-x32\...\MKVToolNix) (Version: 6.1.0 - Moritz Bunkus)
MoneyManagerEX 1.2.5 (HKLM\...\{2C48DC11-E113-4912-8AFC-366D1918101E}_is1) (Version: 1.2.5 - Money Manager EX)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
MyTomTom 3.2.0.1116 (HKLM-x32\...\MyTomTom) (Version: 3.2.0.1116 - TomTom)
OutlookTools 2 (HKLM-x32\...\{E69BB189-4B20-46AE-93CF-59099F05FC3F}) (Version: 2.3.0 - HowTo-Outlook)
Plusnet Assist (HKLM-x32\...\Plusnet Assist) (Version:  - )
Pocket Informant for BlackBerry (HKLM-x32\...\Pocket Informant for BlackBerry) (Version: 2.50 - Web IS, Inc.)
Python 3.4.3 (Anaconda3 2.3.0 64-bit) (HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\Python 3.4.3 (Anaconda3 2.3.0 64-bit)) (Version: 2.3.0 - Continuum Analytics, Inc.)
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
Roxio Easy Media Creator (HKLM-x32\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.1 - Roxio)
SABnzbd 0.7.20 (HKLM-x32\...\SABnzbd) (Version: 0.7.20 - The SABnzbd Team)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15045.4 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
ScanSoft OmniPage SE 4.0 (HKLM-x32\...\{C1E693A4-B1D5-4DCD-B68D-2087835B7184}) (Version: 15.00.0020 - Nuance Communications, Inc.)
ScrewDrivers Client v4 (HKLM-x32\...\{8B3547AD-9F70-4D27-829B-D4EA4FFF38EF}) (Version: 4.7.00.10 - triCerat, Inc.)
Secure Print@Home (HKLM-x32\...\{249B810C-56B0-4500-BFED-7E1106E25C5A}) (Version: 3.20.2438.0 - Valassis)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Snagit 9.1.2 (HKLM-x32\...\{B440D659-FECA-4BDD-A12B-5C9F05790FF3}) (Version: 9.1.2.304 - TechSmith Corporation)
SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft)
TalkTalk Labs Desktop (HKLM-x32\...\{D1EE0684-6E35-4515-A2DB-63B8FD5C7DC3}) (Version: 3.0.10 - TalkTalk Labs)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
TomTom HOME (HKLM-x32\...\{0E09BE17-EDEA-42CA-8974-42A587F51510}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - TomTom)
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinSudoku (HKLM-x32\...\{B3D7648D-104F-442D-9D1B-44A5016D74DB}) (Version: 1.0.0 - WinSudoku)
XML Copy Editor version 1.2.1.3 (HKLM\...\XML Copy Editor_is1) (Version: 1.2.1.3 - Zane U. Ji)
YBS Account Aggregation (HKLM-x32\...\{CC8A563E-7D2D-4589-B628-4379F1E8D4E1}) (Version: 1.0.197 - YBS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{0C3BA0B1-BC14-4B55-98DC-F1E913C1DA10}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{6FFA7438-3E00-4176-9717-B3BBE2E704AB}\InprocServer32 -> C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\ActiveX64.ocx (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {189993C4-9468-D082-9203-E8E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {5CE76988-9468-D082-DEF9-96AD85889A47} => No File
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\DropboxExt64.33.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2993E0D7-2F94-4CD1-8BEE-9BA35371CDAE} - System32\Tasks\{90FD4043-822D-4460-91CA-E61B54EFAB83} => C:\ProgramData\Oracle\Java\javapath\javaw.exe [2016-02-10] (Oracle Corporation)
Task: {2DCF6031-80A9-4726-9984-87B1C26EA6CC} - System32\Tasks\{A1D2DFD7-BE8D-4903-B39D-2144D0B8D99C} => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageLauncher.exe [2011-09-22] (Acronis)
Task: {334E93C4-BBD4-4C68-8112-D7E3A4C31D97} - System32\Tasks\XMLTV download => C:\Program Files (x86)\FreeGuide\xmltv/xmltv.exe
Task: {3AF9477F-247B-43A0-8D27-4B87744DA9D6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {5251AD24-E49F-47BF-B1B6-100DE8D4BAE8} - System32\Tasks\{CDF96141-B345-4FCA-97A8-7DDD3DE2C3B0} => C:\ProgramData\Oracle\Java\javapath\javaw.exe [2016-02-10] (Oracle Corporation)
Task: {597AA888-E316-4100-BFDC-B9F7D2F5F3C4} - System32\Tasks\{B0C0CC06-5592-419B-9FFC-8C31790AA216} => pcalua.exe -a "C:\Users\Judy_new\Downloads\freeguide-0.11-with-xmltv-win32 (1).exe" -d C:\Users\Judy_new\Downloads
Task: {5985C8B8-BBEF-49D3-9294-745F9E623C5F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMNJMMMJIMJJJJGMCNLJOJJMGMCNLMMJIMKJCNOJJMLMJMCNKMJMJJGMGMIMMMIMNMPMLJPMJNJICMIMCNGMCNOMKMFMOMOMCNPMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMHMHMIMJNHICMPINIAJMIPIJNBJCMFLKILJGIPNLLGIKJJNKJCMJNNICMJNDJCMKJBJJNMJ (the data entry has 51 more characters).
Task: {69EA8DC3-2A31-4C41-B2E0-43EBDE990F09} - System32\Tasks\{43CD8DD2-15CC-4A6E-991E-84B8C421684B} => C:\ProgramData\Oracle\Java\javapath\javaw.exe [2016-02-10] (Oracle Corporation)
Task: {6F83D8E1-DED4-4695-8BB4-387754E44C29} - System32\Tasks\{E6A23219-27DF-4DD2-8D68-4852F46174E1} => pcalua.exe -a "C:\Program Files (x86)\Samsung\Kies\KiesDriverInstaller.exe" -d "C:\Program Files (x86)\Samsung\Kies"
Task: {704C89B0-ACD0-47FC-A54A-106E582D43FA} - \DTReg -> No File <==== ATTENTION
Task: {734B4677-38D3-4BFA-BCAB-81F3FF86B732} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMKMNJMMMJIMJJJJGMCNLJOJJMGMCNLMMJIMKJCNOJJMLMJMCNKMJMJJGMGMIMMMIMNMPMLJPMJNJICMJMCNOMPMCNNMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMEKMICNJJCKFMGMGMMMJNHICMPINIAJMIPIJNBJCMFLKILJGIPNLLGIKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {75879A95-44BF-452A-B5BE-B8D59C4DD6D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7A864C21-19D0-461E-B718-E587A233D4C1} - System32\Tasks\{40B53979-E631-4AF9-B763-0C286C67C852} => C:\ProgramData\Oracle\Java\javapath\javaw.exe [2016-02-10] (Oracle Corporation)
Task: {859474D5-D732-4F03-8387-ED03A10DD7E2} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-09-13] (Siber Systems)
Task: {A844B186-927F-40B8-A88B-380CDDD09548} - System32\Tasks\{2240BDDB-0A76-41DC-95BB-D4ACFFB45CDB} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}\setup.exe" -c -runfromtemp -l0x0009 -removeonly
Task: {A9ADE4F3-F6DA-42F2-B3BE-EB1A2E3A8819} - System32\Tasks\{3A14B2E8-18FA-4D10-8519-9AC9EAB43A9D} => C:\ProgramData\Oracle\Java\javapath\javaw.exe [2016-02-10] (Oracle Corporation)
Task: {AFAC1527-02A3-42EF-92AD-3FC8EE3DCEBE} - System32\Tasks\{097C1BA1-64A4-4590-928C-7CB18F6A1937} => C:\Program Files (x86)\Microsoft Picture It!\PICTURE.EXE [1997-08-05] (Microsoft Corporation)
Task: {B4F6BD7E-897A-4E39-9FA3-46CDE55A39AB} - System32\Tasks\{73D37491-46AC-4AF3-A55E-CA6DCA217DD0} => pcalua.exe -a "C:\Program Files (x86)\Pocket TV Browser\PTVManager.exe" -c -uninstall
Task: {BB6C1928-C8AA-4003-91D0-ADCBE47F2C82} - \DTChk -> No File <==== ATTENTION
Task: {BFE90EA1-0894-42DF-A1B4-B8BF23875931} - System32\Tasks\Run RoboForm Process => C:\Program Files (x86)\Siber Systems\AI RoboForm\Identities.exe [2015-09-13] (Siber Systems)
Task: {C79434EC-9B41-4198-ACEF-3C0D272187EF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {DAAC0BA8-C587-41F3-9479-A3B51C095870} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000Core => C:\Users\Judy_new\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {E48EEB2B-811F-4DF0-B50A-92E7A0A8D291} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2015-11-12] (AO Kaspersky Lab)
Task: {E7CAA773-F88F-4807-B677-4E4DBD1605BB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {EFC692E8-EEC6-4C0E-887A-3BA5788228F1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000UA => C:\Users\Judy_new\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-19] (Dropbox, Inc.)
Task: {F0F96416-30D1-49E5-AFB6-93A11E9FFAC3} - System32\Tasks\Sync money => C:\Program Files\SyncToy 2.1\SyncToycmd.exe [2009-10-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000Core.job => C:\Users\Judy_new\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-549620600-2916040154-119935050-1000UA.job => C:\Users\Judy_new\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Anaconda Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /k "C:\Users\Judy_new\Anaconda3\Scripts\anaconda.bat"
ShortcutWithArgument: C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda (64-bit)\Wakari (in the cloud).lnk -> C:\Users\Judy_new\Anaconda3\pythonw.exe () -> -m webbrowser -t "hxxps://www.wakari.io/"
 
==================== Loaded Modules (Whitelisted) ==============
 
2012-12-24 15:02 - 2012-10-04 19:49 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-10-22 16:15 - 2013-08-23 12:36 - 00721263 _____ () C:\Windows\SysWOW64\AiCM64.dll
2008-06-12 09:00 - 2008-06-12 09:00 - 00113136 _____ () C:\Program Files (x86)\Roxio\CinePlayer\DMXLauncher.exe
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-04-17 13:07 - 2009-04-17 13:07 - 04715848 ____R () C:\Program Files (x86)\TechSmith\Snagit 9\PDFNetC.dll
2014-03-04 15:21 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 21:03 - 2009-07-14 01:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2015-12-12 15:30 - 2016-01-12 18:44 - 00034768 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-02-18 11:25 - 2016-01-12 18:45 - 00019408 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00116688 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 15:30 - 2016-01-12 18:44 - 00093640 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00018376 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00019760 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00105928 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00392144 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-12 15:30 - 2016-02-16 18:39 - 00381752 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00692688 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-02-18 11:25 - 2016-02-16 18:38 - 00020816 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 15:30 - 2016-01-12 18:45 - 00112592 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-02-18 11:25 - 2016-02-16 18:38 - 01682760 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-02-18 11:25 - 2016-02-16 18:38 - 00020808 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00020800 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00021840 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00038696 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00020936 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00024528 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00114640 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00124880 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00021832 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00024016 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00175560 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00030160 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00043472 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00028616 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00048592 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00026456 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 15:30 - 2016-01-12 18:46 - 00057808 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00024016 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-02-18 11:25 - 2016-02-16 18:38 - 00117056 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00024392 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-02-18 11:25 - 2016-01-12 18:47 - 00036296 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-12 15:30 - 2016-02-16 18:39 - 00023376 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00134608 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-12 15:30 - 2016-01-12 18:44 - 00134088 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-02-18 11:25 - 2016-01-12 18:45 - 00240584 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00052024 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00020800 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00021824 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winffi.kernel32._winffi_kernel32.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00019776 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00020800 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-02-18 11:25 - 2016-02-16 18:38 - 00020280 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-12 15:30 - 2016-01-12 18:47 - 00350152 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00022352 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00084792 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-12 15:30 - 2016-02-16 18:39 - 01826096 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 15:30 - 2016-01-12 18:45 - 00083912 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 03928880 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 01971504 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00531248 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00132912 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00223544 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-12 15:30 - 2016-02-16 18:39 - 00207672 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00158008 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-02-18 11:25 - 2016-02-16 18:39 - 00042808 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-02-18 11:25 - 2016-01-12 18:49 - 00017864 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-02-18 11:25 - 2016-01-12 18:49 - 01631184 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-12-12 15:30 - 2016-02-16 18:39 - 00024904 _____ () C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2014-10-24 21:34 - 2014-10-24 21:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:46 - 2014-04-25 21:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2014-05-21 16:10 - 2014-08-05 09:22 - 01489408 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
2014-05-21 16:10 - 2014-05-19 16:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
2011-09-22 23:00 - 2011-09-22 23:00 - 11216504 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-01-when-atheists-would-be_201612110257.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-02-when-atheists-would-be_201612110456.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-03-when-christians-wouldn_201612110657.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-04-when-christians-wouldn_2016121101257.mp3:Roxio EMC Stream
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-549620600-2916040154-119935050-1000\...\havering.gov.uk -> hxxps://rap.havering.gov.uk
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-549620600-2916040154-119935050-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Judy_new\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TalkTalk Labs Desktop.lnk => C:\Windows\pss\TalkTalk Labs Desktop.lnk.CommonStartup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{1E5EB8F5-1207-4B03-A007-DED9D6E1A796}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A9213703-B3BF-467C-927B-98B206D8AA16}] => (Allow) LPort=2869
FirewallRules: [{4B63225E-CC67-4BC0-A1CD-B8BF019AD17A}] => (Allow) LPort=1900
FirewallRules: [{900B7538-56B7-440A-A79C-C1FF6354F1AB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{C9BD4495-7147-4537-855B-7F2AA76DD987}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D2BAAFC5-D409-41A4-B90A-23F6C55E3C6E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{B1F2745C-CA71-4B65-9678-2EDFDC652967}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{08DE292E-96C8-4577-AD77-F6B495CD0EC9}] => (Allow) C:\Program Files (x86)\Microsoft Lync\communicator.exe
FirewallRules: [{63C6573E-4871-42B6-9FCA-1985D8C399D2}] => (Allow) C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
FirewallRules: [{F14253AE-D5BD-41F2-8D31-49D4159D10DD}] => (Allow) C:\Program Files\Microsoft Lync\UcMapi64.exe
FirewallRules: [{1F0A8C33-BF2D-477E-9C74-534B07C83E1B}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{C3DB9E1B-5915-4CD6-B6C3-88CF6E703E12}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{A792F301-12D3-400E-B218-60CB87487B1E}] => (Allow) LPort=4481
FirewallRules: [{DEDD5E11-CE4B-4881-A498-6427080951B1}] => (Allow) LPort=4481
FirewallRules: [{56239A1C-EFE0-4F6A-A073-8F4F14A1F928}] => (Allow) LPort=4482
FirewallRules: [{2C578379-B791-4A6C-9ECF-99DF0AB8603A}] => (Allow) LPort=4482
FirewallRules: [{342BC3C3-2A3C-4DBC-8B1B-99BEF6424C8C}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{131A80A5-1D1F-4C0C-BD07-655A8FC33FE0}] => (Allow) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TotalMedia.exe
FirewallRules: [{07949910-BF22-4CB8-9F1A-5EA9EA8F609E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCD02D2A-4FD6-4DA2-ACC4-E8AD1F883EB2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E6A517A-66EB-4FAF-831F-05B3C404A1E5}] => (Allow) C:\Program Files (x86)\SplashData\SplashMoney for Android\SplashMoney Desktop.exe
FirewallRules: [{EC7800C5-2CA8-4A59-A112-44C1790DAD61}] => (Allow) C:\Program Files (x86)\SplashData\SplashMoney for Android\SplashMoney Desktop.exe
FirewallRules: [{2EE7B2C1-F33D-4883-A240-D56CE11D01F2}] => (Allow) C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{66F32F26-18FC-4107-88F0-E60FDAC8B1C6}] => (Allow) C:\Users\Judy_new\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{FB572729-12C6-45C4-B6FC-92027092CC4E}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{D602B309-CA33-4BAA-882F-F3C522A558FE}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{341AFD89-7640-41C1-AF97-4D521C4E6A64}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{08FFFB01-3D4E-4A5B-A224-DF3500A08169}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{C66156F0-4805-4954-BF44-3C3D129FF317}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{BCAF60B8-2754-4392-B93C-AAAFEBF9B58A}] => (Allow) C:\Windows\SysWOW64\muzapp.exe
FirewallRules: [{203BC96E-45F7-4049-BC8F-9890C1C1F615}] => (Allow) C:\Program Files (x86)\BUFFALO\TurboUSB_FH\TU_CEU2.EXE
FirewallRules: [{701A0276-D3FE-4F0F-BFC2-0471549E317D}] => (Allow) C:\Program Files (x86)\BUFFALO\TurboUSB_FH\TU_CEU2.EXE
FirewallRules: [{5CCF2376-B863-4D41-A0F1-400020A61AE9}] => (Allow) C:\Program Files (x86)\BUFFALO\TurboUSB_FH\TU_CEU2.EXE
FirewallRules: [{DE13CC51-369A-4D6B-B10D-3FE2F70C8127}] => (Allow) C:\Program Files (x86)\BUFFALO\TurboUSB_FH\TU_CEU2.EXE
FirewallRules: [{D276453D-96C3-41A6-9807-4FB8F3A07AA4}] => (Allow) C:\Windows\System32\TFTP.EXE
FirewallRules: [{1756D5BD-6711-4548-81BC-1992DD3817D2}] => (Allow) C:\Windows\System32\TFTP.EXE
FirewallRules: [{1EB7C7F0-B0FA-46DC-BA15-F12FE458946F}] => (Allow) C:\Windows\System32\TFTP.EXE
FirewallRules: [{13A29B53-8EEF-4884-86C3-CEDB7CF70AC1}] => (Allow) C:\Windows\System32\TFTP.EXE
FirewallRules: [{FBC69DD0-0AF2-48C4-BAB2-FEDEC7CC79B8}] => (Allow) C:\Windows\winsxs\amd64_microsoft-windows-t..-deployment-package_31bf3856ad364e35_6.1.7600.16385_none_bac291589d407fde\TFTP.EXE
FirewallRules: [{DC830C00-EE59-4B51-BB01-737192DDEFEF}] => (Allow) C:\Windows\winsxs\amd64_microsoft-windows-t..-deployment-package_31bf3856ad364e35_6.1.7600.16385_none_bac291589d407fde\TFTP.EXE
FirewallRules: [{6CA10DA2-3D51-4FF7-97BE-A6B18D9D337F}] => (Allow) C:\Windows\winsxs\amd64_microsoft-windows-t..-deployment-package_31bf3856ad364e35_6.1.7600.16385_none_bac291589d407fde\TFTP.EXE
FirewallRules: [{786751BD-A958-4AFE-936D-A81D4463DF46}] => (Allow) C:\Windows\winsxs\amd64_microsoft-windows-t..-deployment-package_31bf3856ad364e35_6.1.7600.16385_none_bac291589d407fde\TFTP.EXE
FirewallRules: [{5A9CD9B9-A151-4E50-9A13-99BD4F79D67A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E8186B68-096F-4A60-BE5A-032C7AF61F95}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D22E1C5D-1530-4A3C-9A62-5F9752449515}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C43DD7AA-3329-4D0C-B2A7-9CC7BE017B97}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{83D28644-B71D-4B8B-834E-CD05D3B8FF56}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ACD35F4C-BCA0-4404-9BC6-699B1E6D9862}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55D169E8-C20B-4C29-9838-58C6A066C628}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Restore Points =========================
 
20-02-2016 03:35:37 Windows Update
24-02-2016 03:35:41 Windows Update
27-02-2016 17:04:48 Windows Update
28-02-2016 09:04:58 Restore Operation
 
==================== Faulty Device Manager Devices =============
 
Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/28/2016 11:01:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 27.2.2016.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1810
 
Start Time: 01d1727b7fef3554
 
Termination Time: 0
 
Application Path: C:\Users\Judy_new\Desktop\FRST64.exe
 
Report Id: e298e22f-de6e-11e5-8cab-902b34a1eadc
 
Error: (02/28/2016 10:55:58 PM) (Source: Media Manager Indexer) (EventID: 204) (User: )
Description: Could not create index file - please check for proper installation (HRESULT 80070005).
 
Error: (02/28/2016 10:54:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/28/2016 10:50:06 PM) (Source: uagqecsvc) (EventID: 46) (User: )
Description: 0x80070005
 
Error: (02/28/2016 10:32:49 PM) (Source: uagqecsvc) (EventID: 46) (User: )
Description: 0x80070005
 
Error: (02/28/2016 10:19:55 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (02/28/2016 10:18:43 PM) (Source: Media Manager Indexer) (EventID: 204) (User: )
Description: Could not create index file - please check for proper installation (HRESULT 80070005).
 
Error: (02/28/2016 10:18:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/28/2016 09:50:26 PM) (Source: Media Manager Indexer) (EventID: 204) (User: )
Description: Could not create index file - please check for proper installation (HRESULT 80070005).
 
Error: (02/28/2016 09:50:05 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: Kies.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.TypeInitializationException
Stack:
 

System errors:
=============
Error: (02/28/2016 10:54:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
RxFilter
SecureLockWare_EncryptFilterDriver
SecureLockWare_EncryptFilterDriver2
 
Error: (02/28/2016 10:53:37 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.
 
Error: (02/28/2016 10:53:37 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.
 
Error: (02/28/2016 10:53:37 PM) (Source: Microsoft-Windows-BitLocker-Driver) (EventID: 24620) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on  cannot be read.
 
Error: (02/28/2016 10:53:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\bfturboh.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/28/2016 10:53:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\DRIVERS\SLWFIL.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/28/2016 10:53:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\SysWow64\drivers\bfturboh.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (02/28/2016 10:44:45 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/28/2016 10:43:15 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
 
Error: (02/28/2016 10:42:46 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5
 

CodeIntegrity:
===================================
  Date: 2015-08-08 16:55:14.832
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:55:14.772
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:55.851
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:55.791
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:49.776
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:49.726
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:31.261
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:54:31.211
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:51:08.007
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-08-08 16:51:07.947
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 

==================== Memory info ===========================
 
Processor: AMD FX™-6100 Six-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 8173.55 MB
Available physical RAM: 5050.95 MB
Total Virtual: 16345.32 MB
Available Virtual: 13540.52 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1396.92 GB) (Free:1059.1 GB) NTFS
Drive e: (BOOTITBM) (Removable) (Total:0.98 GB) (Free:0.95 GB) FAT
Drive j: (HD-CEU2 (J Drive)) (Fixed) (Total:596.17 GB) (Free:490.19 GB) NTFS
Drive k: (HD-EU2) (Fixed) (Total:931.28 GB) (Free:394.12 GB) FAT32
Drive z: () (Fixed) (Total:71.42 GB) (Free:16.02 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 071AC902)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=71 MB) - (Type=DE)
Partition 2: (Active) - (Size=71.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
 
========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: CF8C9E60)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
========================================================
Disk: 3 (Size: 596.2 GB) (Disk ID: CC7EC623)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 4 (Size: 1008 MB) (Disk ID: 6F20736B)
No partition Table on disk 4.
Disk 4 is a removable device.
 
==================== End of Addition.txt ============================
 
 
 
 
 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 29 February 2016 - 09:49 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Review the comments of these programs and decide if you want to keep them.
http://www.shouldiremoveit.com/DVDVideoSoft-5052-publisher.aspx
They can be removed via the Control panel > Programs and Freatures applet.
 

Free Studio version 6.4.0.1122 (HKLM-x32\...\Free Studio_is1) (Version: 6.4.0.1122 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.24.430 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.24.430 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.49.1122 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.49.1122 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.44.820 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.44.820 - DVDVideoSoft Ltd.)


===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset catalog

HKLM-x32\...\Run: [] => [X]
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=coolmsd&cd=2XzuyEtN2Y1L1QzuzyyC0FyCyDtBzy0E0DyEyE0E0CzyyByDtN0D0Tzu0CyDtCtBtN1L2XzutBtFtBtFtCtFyDyByEtN1L1Czu1R1F1F1I1H1B1Q&cr=1280323716&ir=
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Handler: WSAMVCUchrome - {086BD280-4613-43B5 -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt => not found
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {189993C4-9468-D082-9203-E8E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-549620600-2916040154-119935050-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {5CE76988-9468-D082-DEF9-96AD85889A47} => No File
Task: {704C89B0-ACD0-47FC-A54A-106E582D43FA} - \DTReg -> No File <==== ATTENTION
Task: {BB6C1928-C8AA-4003-91D0-ADCBE47F2C82} - \DTChk -> No File <==== ATTENTION

AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-01-when-atheists-would-be_201612110257.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-02-when-atheists-would-be_201612110456.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-03-when-christians-wouldn_201612110657.mp3:Roxio EMC Stream
AlternateDataStreams: C:\Users\Judy_new\Downloads\sh-turning-point-94_e-2016-02-04-when-christians-wouldn_2016121101257.mp3:Roxio EMC Stream

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please post the logs and let me know what problem persists with this computer.

#3 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 29 February 2016 - 01:26 PM

Hi Nasdaq

 

Thanks so much for helping me out.

 

I have uninstalled all the "Free Studio" programs - never really used them anyway.

 

The output of the two logs is attached here.

Attached File  Fixlog.txt   6.67KB   2 downloads

Attached File  RKreport.txt   21.25KB   2 downloads

 

RogueKiller required a reboot after completion and deletions.

 

On boot, I am getting an error message "DelayPluginI.exe Application error. The application was unable to start correctly (0xc0000022). Click OK to close the application.

 

Kaspersky is bleating about its database being out of date.

 

I have kept my network cable unplugged since this has happened so am responding from a different machine. Is it save to plug back into the router?

 

Apart from that, things seem good to me.

 

 

Judy

 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 01 March 2016 - 08:17 AM


On boot, I am getting an error message "DelayPluginI.exe Application error. The application was unable to start correctly (0xc0000022). Click OK to close the application.


This is part of the Wondershare video player.
https://www.wondershare.com/video-player/

The startup item is listed in your log.
HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Aimersoft\Video Converter Ultimate\DelayPluginI.exe [1960336 2014-09-28] ()

You will need to reinstall the application if using it.
===

The fix and the removal of the ZeroAccess infection by the RogueKiller should now allow you to connect to the router.

Let me know of any issues when connected.

#5 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 01 March 2016 - 12:40 PM

Hi and thanks again

 

I have reconnected to the router and Kaspersky has updated.

 

However, I am getting several error screens

 

1) access to this website failed with the error Attached File  01-03-2016 17-12-15.png   16.48KB   0 downloads  Seems OK now

 

2) Kaspersky is giving some warnings like

 

01.03.2016 17.08.03;Access by the application to the module is blocked;C:\Windows\SysWOW64\SHSTGEU.DLL;C:\Windows\SysWOW64\SHSTGEU.DLL;Kies TrayAgent Application;03/01/2016 17:08:03

 

01.03.2016 17.15.07;Access by the application to the module is blocked;C:\Windows\SysWOW64\SHSTGEU.DLL;C:\Windows\SysWOW64\SHSTGEU.DLL;Microsoft Outlook;03/01/2016 17:15:07

 

01.03.2016 17.17.50;Access by the application to the module is blocked;C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\AIRCATU.DLL;C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\AIRCATU.DLL;Media Manager Indexer;03/01/2016 17:17:50

 

 

3) windows update failed and rolled back on several updates - see log Attached File  01-03-2016 17-38-43.png   45.34KB   0 downloads
 

On the plus side, Acronis has jumped in and successfully done a scheduled backup.

I've also sorted out the plugin install message.

 

Judy

 



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 01 March 2016 - 02:46 PM


1) access to this website failed with the error Image ...

This is a setting in Internet Explorer.

Under the IE tools menu > Internet Options > Advanced Tab.



Under the Browsing section.

Make sure that these two boxes are checked.

Disable Script Debugging (IE)
Disable Script Debugging (others)

Click the apply button.

=====

Lets check the Windows Updates problem.

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#7 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 01 March 2016 - 05:32 PM

Make sure that these two boxes are checked.

Disable Script Debugging (IE)
Disable Script Debugging (others)

Click the apply button.
 

 

Both boxes were already checked.........

 

Farbar's Service Scanner utility output is attached here Attached File  FSS.txt   3.51KB   1 downloads

 

I have managed to apply a couple of the windows updates - maybe doing them piecemeal is the way to go on this



#8 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 01 March 2016 - 06:33 PM

Further progress

 

I've worked through the windows updates one or two at a time and they're all installed OK now.

 

All that seems to be left now is the two Kaspersky warnings.

Do you think it OK for me to find where Kaspersky is blocking the loading and allow it?

 

Thanks



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 02 March 2016 - 08:03 AM



2) Kaspersky is giving some warnings like

01.03.2016 17.08.03;Access by the application to the module is blocked;C:\Windows\SysWOW64\SHSTGEU.DLL;C:\Windows\SysWOW64\SHSTGEU.DLL;Kies TrayAgent Application;03/01/2016 17:08:03

01.03.2016 17.15.07;Access by the application to the module is blocked;C:\Windows\SysWOW64\SHSTGEU.DLL;C:\Windows\SysWOW64\SHSTGEU.DLL;Microsoft Outlook;03/01/2016 17:15:07

01.03.2016 17.17.50;Access by the application to the module is blocked;C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\AIRCATU.DLL;C:\Program Files (x86)\Common Files\microsoft shared\Media Manager\AIRCATU.DLL;Media Manager Indexer;03/01/2016 17:17:50


Nothing to worry about. You can allow it.

https://www.reasoncoresecurity.com/shstgeu.dll-a48fda259bf7d2241136e81f7d6b110bc026f1e8.aspx
http://www.processlibrary.com/en/directory/files/airsvcu/19671/
===


Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]
"AutoStart"=""


Restart the when completed.

You can delete the fixme.reg file when done.

Please run the Farbar Service tool again and post a fresh FSS.txt for my review.

===

Are you able to update the Kasperspy dabatase?

#10 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 02 March 2016 - 01:19 PM

Kaspersky has updated fine and I have done a scan with it to be sure. I have allowed the processes above too.

 

I have applied your registry fix thank-you.

 

Attached is the latest FSS output  Attached File  FSS.txt   3.36KB   2 downloads



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 02 March 2016 - 02:23 PM

The computer may be running well by some addition services are not working as they should be.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    27 - Set Windows Service to Default Startup
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    Run the Farbar service tool and post a fresh Fss.txt file for my review.


#12 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 02 March 2016 - 03:33 PM

01 - Repair Registry Permissions

The item is entitled "Reset....." not repair - hope that is ok as I did it!

 

Output from prescan was:-

┌────────────────────────────────────────────────────────────────────────────────┐
│ [Finished Scan - 02/03/2016 19:42:07]

│ [x] Scan Complete - No Problems Found!

  •  
  •  
I had to the repair failed and I had to reboot into safe mode and do it there.
Output is as follows
 
Attached File  _Windows_Repair_Log.txt   4.44KB   1 downloads
Attached File  HKLM_Set_Owner_Error_Log.txt   1.4KB   1 downloads
Attached File  HKLM_Set_Permissions_Error_Log.txt   1.4KB   1 downloads
Attached File  HKU_Set_Owner_Error_Log.txt   1.44KB   0 downloads
Attached File  HKU_Set_Permissions_Error_Log.txt   1.44KB   0 downloads
Attached File  Repair_MSI_Windows_Installer.txt   480bytes   0 downloads
Attached File  Repair_Windows_Updates.txt   6.74KB   1 downloads
 
Farbar output is attached
 
Attached File  FSS.txt   2.52KB   0 downloads

 

 

 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 03 March 2016 - 08:34 AM

Please run the Farbar service tool one more time ans post a fresh FSS.txt for my review.

Let me know if you have any issues with this computer.

#14 colourqueen

colourqueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 03 March 2016 - 11:49 AM

Just got in from work......

 

Seems OK; I'll have more of an idea after I've used it more tonight.

 

Log attached

 

Attached File  FSS.txt   2.52KB   1 downloads



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:06 AM

Posted 03 March 2016 - 01:45 PM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users