Iexplore replicating: tojan found [Archive]

View Full Version : Iexplore replicating: tojan found

mikenowo

2015-03-12, 02:14

My Mcafee recently said it found a trojan infection and quarantined the file but now I get 'iexplore.exe' replicating in task manager. After reading some internet posts looks to be the trojan is still there. I am now in safe mode as I can't get to the internet when I boot normally. What steps should I take to remove this infection? I am currently running the registry backup as directed in the sticky post.

Thanks.

Ok Here are the FRST.txt and Addition.txt files:

***
***
FRST.txt:
---------

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by mike (administrator) on MIKE on 11-03-2015 21:54:29
Running from C:\Users\mike\Downloads
Loaded Profiles: mike (Available profiles: mike & arathornv)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [lxczbmgr.exe] => C:\Program Files (x86)\Lexmark 1200 Series\lxczbmgr.exe [74408 2009-04-27] (Lexmark International, Inc.)
HKLM\...\Run: [BellCanada_McciTrayApp] => C:\Program Files\BellCanada\McciTrayApp.exe [3432448 2010-01-19] (Alcatel-Lucent)
HKLM-x32\...\Run: [VirtualCloneDrive] => d:\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [643064 2014-09-17] (McAfee, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-18] ()
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [SUPERAntiSpyware] => D:\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2015-01-28] (SUPERAntiSpyware)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [POP Peeper] => d:\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [DesktopReminder2ByPolenter] => D:\Desktop-Reminder 2\DesktopReminder2.exe [2949560 2012-04-05] (Polenter - Software Solutions)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Akamai NetSession Interface] => C:\Users\mike\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\WinPatrol\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Ehxtion] => regsvr32.exe C:\Users\mike\AppData\Local\Ehxtion\QuickLibs80.dll <===== ATTENTION
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Acxworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [GoogleUpdate] => C:\Users\mike\AppData\Roaming\FrameworkUpdate\GoogleUpdate.exe [20317398 2015-03-11] (Company name goes here)
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Policies\Explorer: [NoThumbnailCache] 1
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-18\...\RunOnce: [adaware] => reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
HKU\S-1-5-18\...\RunOnce: [adaware_XP] => reg.exe delete "HKCU\Software\adaware" /f
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk
ShortcutTarget: PhraseExpress.lnk -> D:\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\Users\arathornv\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\temp - Shortcut.lnk
ShortcutTarget: temp - Shortcut.lnk -> D:\backup\temp.txt ()
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> D:\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Set Alarm Clock.lnk
ShortcutTarget: Set Alarm Clock.lnk -> D:\Time Tools\Set Alarm Clock\Set Alarm Clock.exe (Ori Pearl)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112465&tt=120912_cpc_3912_5&babsrc=HP_ss&mntrId=c49c11c6000000000000c89cdc2923d8
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> DefaultScope {59F8DCFE-4A1A-4DF9-AE82-3E2BFE68D929} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA1056D20141112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT2304157&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SPAEB2AB49-B16F-4719-ABDA-73072D7E7DD0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {59F8DCFE-4A1A-4DF9-AE82-3E2BFE68D929} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA1056D20141112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {602F5D75-8B65-4BD3-B2AA-A9375593AF9D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {B13D1B4F-05EA-436E-9EE8-CF5E9E396663} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCzytAtBzy0ByCtGyEyCtA0CtGtD0Azy0AtGtCzz0EyEtGtDyE0DtAzy0DyE0DtCyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0D0FtAyBtA0BtGyE0F0DyDtGyEtAtCyDtGzytCtA0DtG0ByB0Czz0EzztC0AyEzytAyE2Q&cr=224970857&ir=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {C62AED4B-A13B-414F-8ACD-ECCA1C386F85} URL = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HP&apn_dtid=YYYYYYCLCA&apn_uid=8ef85837-4f7e-4ba8-839b-81a9c5903680&apn_sauid=7A855479-006E-48CD-A030-FA557D274AB9
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09] (McAfee, Inc.)
BHO-x32: XfireXO Toolbar -> {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -> C:\Program Files (x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-05-04] (Oracle Corporation)
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-05-04] (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2014-10-06] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2014-10-06] (McAfee, Inc.)
Tcpip\..\Interfaces\{83D6996F-51DC-48F5-9043-B743536D8B8A}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF ProfilePath: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF SearchEngineOrder.1:
FF SelectedSearchEngine: Google
FF Homepage: google.ca
FF Keyword.URL: hxxp://ca.search.yahoo.com/search?fr=mcafee&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-10] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-02-26] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-07-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll [2012-05-04] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2014-10-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2011-12-10] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2010-01-19] (Alcatel-Lucent)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\mike\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2013-03-30] (Raidcall)
FF Plugin-x32: @real.com/nppl3260;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-06-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-09] (Google Inc.)
FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> d:\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2011-09-28] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll [2014-10-10] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @my.com/Games -> C:\Users\mike\AppData\Local\MyComGames\NPMyComDetector.dll [2014-09-17] (My.com, Inc)
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @talk.google.com/O1DPlugin -> C:\Users\mike\AppData\Roaming\Mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @talk.google.com/O3DPlugin -> C:\Users\mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @tools.google.com/Google Update;version=3 -> C:\Users\mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-11-14] (Google Inc.)
FF Plugin HKU\S-1-5-21-261593359-1049202612-806197226-1000: @tools.google.com/Google Update;version=9 -> C:\Users\mike\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll [2013-11-14] (Google Inc.)
FF user.js: detected! => C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\user.js [2013-08-12]
FF Plugin ProgramFiles/Appdata: C:\Users\mike\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2013-10-29] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\mike\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll [2013-10-29] ()
FF Plugin ProgramFiles/Appdata: C:\Users\mike\AppData\Roaming\mozilla\plugins\npo1d.dll [2013-10-29] (Google)
FF SearchPlugin: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\searchplugins\delta.xml [2013-03-26]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-02-24]
FF Extension: Pocket - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\Extensions\isreaditlater@ideashower.com [2015-01-08]
FF Extension: Shell extensions for sharing - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\Extensions\{40CEF262-89D5-C26E-1A99-F56977AD21B1} [2015-02-24]
FF Extension: DownloadHelper - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-09-25]
FF Extension: Adblock Plus - C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-25]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-02-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - d:\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [49ffxtbr@UtilityChest_49.com] - C:\Program Files (x86)\UtilityChest_49\bar\1.bin
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-12]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-12]
FF HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSearchKeyword: Default -> mcafee
CHR DefaultSearchURL: Default -> https://ca.search.yahoo.com/search?fr=mcafee&type=B211CA0D19700101&p={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-27]
CHR Extension: (YouTube) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google Search) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (SiteAdvisor) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-10-27]
CHR Extension: (BitTorrentBar) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid [2014-01-27]
CHR Extension: (No Name) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR Extension: (Gmail) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\mike\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - d:\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\mike\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 BRSptSvc; C:\programdata\bitraider\BRSptSvc.exe [477960 2014-02-12] (BitRaider, LLC)
S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 Leawo_service; C:\Program Files (x86)\Common Files\Appkeys\yytool64.exe [1232880 2014-05-04] ()
S4 lxcz_device; C:\Windows\system32\lxczcoms.exe [566192 2007-04-19] ( )
S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [562200 2014-10-06] (McAfee, Inc.)
S4 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-01-27] (Alcatel-Lucent) [File not signed]
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-01-27] (Alcatel-Lucent) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.3.336.0\McCSPServiceHost.exe [422632 2014-11-21] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [601864 2014-12-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1050952 2014-11-06] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [221832 2014-10-01] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [189920 2014-10-01] (McAfee, Inc.)
S4 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [84432 2014-07-01] (Micro-Star International)
S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [335064 2014-10-31] (McAfee, Inc.)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4121080 2011-06-13] (INCA Internet Co., Ltd.) [File not signed]
S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe [18360 2013-07-31] (Overwolf Ltd)
S4 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-10-10] (pdfforge GmbH)
S4 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-10-10] (pdfforge GmbH)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-04-22] ()
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [31856 2014-10-30] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 aswFsBlk; No ImagePath
S0 aswRvrt; No ImagePath
S1 aswSnx; No ImagePath
S1 aswSP; No ImagePath
S1 aswTdi; No ImagePath
S3 aswVmm; No ImagePath
S3 BRDriver64; C:\programdata\bitraider\BRDriver64.sys [75048 2014-02-12] (BitRaider)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72136 2014-10-01] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S2 lirsgt; C:\Windows\SysWOW64\DRIVERS\lirsgt.sys [18048 2013-03-24] () [File not signed]
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181584 2014-10-01] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313680 2014-10-01] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [526360 2014-10-01] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786304 2014-10-01] (McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [447440 2014-09-19] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96600 2014-09-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348560 2014-10-01] (McAfee, Inc.)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-01-19] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
S1 SASDIFSV; D:\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; D:\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SPPD; C:\Windows\system32\drivers\SPPD.sys [21976 2015-02-20] ()
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [95232 2010-11-20] (Microsoft Corporation) [File not signed]
S3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2014-10-29] (Rsupport Corporation)
S2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [X]
S1 aswRdr; \SystemRoot\System32\Drivers\aswrdr2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\E:\Rappelz\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NTIOLib_1_0_3; \??\C:\Program Files (x86)\MSI\Super Charger\NTIOLib_X64.sys [X]
S3 NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update\NTIOLib_X64.sys [X]
S1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 21:55 - 2015-03-11 21:55 - 05198336 _____ (AVAST Software) C:\Users\mike\Downloads\aswMBR.exe
2015-03-11 21:54 - 2015-03-11 21:55 - 00037253 _____ () C:\Users\mike\Downloads\FRST.txt
2015-03-11 21:53 - 2015-03-11 21:54 - 00000000 ____D () C:\FRST
2015-03-11 21:51 - 2015-03-11 21:51 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MIKE-Windows-7-Home-Premium-(64-bit).dat
2015-03-11 21:50 - 2015-03-11 21:50 - 00000000 ____D () C:\RegBackup
2015-03-11 21:49 - 2015-03-11 21:49 - 00002239 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-11 21:49 - 2015-03-11 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-11 21:49 - 2015-03-11 21:49 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-11 21:34 - 2015-03-11 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2015-03-11 21:30 - 2015-03-11 21:30 - 04720448 _____ () C:\Users\mike\Downloads\tweaking.com_registry_backup_setup.exe
2015-03-11 21:30 - 2015-03-11 21:30 - 02095616 _____ (Farbar) C:\Users\mike\Downloads\FRST64.exe
2015-03-11 21:01 - 2015-03-11 21:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\mike\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-11 09:33 - 2015-03-11 09:33 - 00000340 _____ () C:\Windows\PFRO.log
2015-03-11 08:17 - 2015-03-11 20:26 - 00000400 ____H () C:\ProgramData\@system3.att
2015-03-11 08:16 - 2015-03-11 20:26 - 00000664 ____H () C:\ProgramData\@system.temp
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
2015-03-11 08:16 - 2015-03-11 08:16 - 00000000 ____D () C:\Users\mike\AppData\Roaming\FrameworkUpdate
2015-03-11 06:30 - 2015-03-11 06:30 - 00000000 ____D () C:\0925bdc56ffeea60cd75
2015-03-11 06:05 - 2015-03-11 06:05 - 00000000 ____D () C:\Program Files\ReviverSoft
2015-03-11 05:05 - 2015-03-06 01:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 05:05 - 2015-03-06 01:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 05:05 - 2015-03-06 01:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 05:05 - 2015-03-06 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 05:05 - 2015-03-06 01:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 05:05 - 2015-03-06 01:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 05:05 - 2015-03-06 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 05:05 - 2015-03-06 01:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 05:05 - 2015-03-06 01:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 05:05 - 2015-03-06 01:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 05:05 - 2015-03-06 01:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 05:05 - 2015-03-06 01:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 05:05 - 2015-03-06 01:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 05:05 - 2015-03-06 01:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 05:05 - 2015-03-06 01:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 05:05 - 2015-01-30 19:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 05:04 - 2015-02-20 00:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 05:04 - 2015-02-20 00:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 05:04 - 2015-02-20 00:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 05:04 - 2015-02-20 00:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 05:04 - 2015-02-20 00:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 05:04 - 2015-02-20 00:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 05:04 - 2015-02-20 00:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 05:04 - 2015-02-20 00:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 05:04 - 2015-02-19 23:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 05:04 - 2015-02-19 23:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 05:04 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 05:04 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 05:04 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 05:04 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 05:03 - 2015-02-02 23:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 05:03 - 2015-02-02 23:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 05:03 - 2015-02-02 23:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 05:03 - 2015-02-02 23:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 05:03 - 2015-02-02 23:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 05:03 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 05:03 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 05:03 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 05:03 - 2015-02-02 23:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 05:03 - 2015-02-02 23:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 05:03 - 2015-02-02 23:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 05:03 - 2015-02-02 23:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 05:03 - 2014-10-31 18:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 05:02 - 2015-02-02 23:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 05:02 - 2015-02-02 23:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 05:02 - 2015-02-02 23:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 05:02 - 2015-02-02 23:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 05:02 - 2015-02-02 23:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 05:02 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 05:02 - 2015-02-02 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 05:02 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 05:02 - 2015-02-02 23:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 05:02 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 05:02 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 05:02 - 2015-02-02 23:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 05:02 - 2015-02-02 23:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 05:02 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 05:02 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 05:02 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 05:02 - 2015-02-02 23:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 05:02 - 2015-02-02 23:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 05:02 - 2015-02-02 23:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 05:02 - 2015-02-02 23:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 05:02 - 2015-02-02 23:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 05:02 - 2015-02-02 23:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 05:02 - 2015-02-02 22:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 04:56 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 04:56 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 04:56 - 2015-01-30 23:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 04:56 - 2015-01-30 23:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 04:56 - 2015-01-30 19:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 04:55 - 2015-02-25 23:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 04:55 - 2015-02-13 01:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 04:55 - 2015-02-13 01:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 04:50 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 04:50 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 01:07 - 2015-03-11 20:23 - 00001120 _____ () C:\Windows\setupact.log
2015-03-11 01:07 - 2015-03-11 01:07 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-01 14:52 - 2015-03-01 14:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-01 14:12 - 2015-03-01 14:12 - 00000000 ____D () C:\Program Files (x86)\WinPatrol
2015-02-27 21:20 - 2015-03-01 08:22 - 00000000 ____D () C:\Users\mike\AppData\Local\temp2
2015-02-27 04:16 - 2015-02-27 04:16 - 00000335 _____ () C:\Users\mike\Desktop\Items in interface layout not appearing in proper place in game.URL
2015-02-25 14:44 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 14:44 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-25 14:43 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-25 14:43 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-25 14:43 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-25 14:43 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-24 21:03 - 2015-03-10 22:09 - 00000000 ____D () C:\Users\mike\AppData\Local\Ehxtion
2015-02-24 15:52 - 2015-03-07 18:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-22 20:52 - 2015-03-10 22:09 - 00000000 ____D () C:\Users\mike\AppData\Local\Ibbhsoft
2015-02-20 17:52 - 2015-02-20 17:52 - 00021976 _____ () C:\Windows\system32\Drivers\SPPD.sys
2015-02-20 02:46 - 2015-02-20 02:53 - 00000000 ____D () C:\Users\mike\AppData\Roaming\avidemux
2015-02-20 02:46 - 2015-02-20 02:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux
2015-02-19 15:44 - 2015-02-19 15:44 - 00003444 _____ () C:\Windows\System32\Tasks\avayvxvaxc
2015-02-19 15:43 - 2015-02-20 17:33 - 00000000 ____D () C:\Users\mike\AppData\Local\avayvxvaxc
2015-02-19 03:43 - 2015-02-19 03:43 - 00022528 _____ () C:\Users\mike\AppData\Local\dsisetup949181842.exe
2015-02-19 03:43 - 2015-02-19 03:43 - 00000010 _____ () C:\Users\mike\AppData\Local\DSI.DAT
2015-02-17 17:41 - 2015-02-17 17:41 - 00000000 ____D () C:\Users\mike\AppData\Roaming\AMD
2015-02-16 16:43 - 2015-02-19 03:43 - 00000131 _____ () C:\Users\mike\AppData\Roaming\WB.CFG
2015-02-11 06:55 - 2015-02-03 23:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 06:55 - 2015-02-03 23:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 06:55 - 2015-02-03 23:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 06:55 - 2015-02-03 23:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 06:55 - 2015-02-03 23:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 06:55 - 2015-02-03 23:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 06:55 - 2015-02-03 23:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 06:55 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 06:50 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 06:50 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 06:50 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 06:50 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-09 08:05 - 2015-02-09 08:05 - 00000000 ____D () C:\ProgramData\ATI
2015-02-09 08:04 - 2015-02-09 08:04 - 00000000 ____D () C:\Users\mike\AppData\Roaming\library_dir
2015-02-09 08:01 - 2015-02-16 19:36 - 00000000 ____D () C:\Program Files (x86)\Raptr
2015-02-09 08:01 - 2015-02-09 08:01 - 00053564 _____ () C:\Windows\SysWOW64\CCCInstall_201502090701187985.log
2015-02-09 08:00 - 2015-02-09 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-02-09 07:59 - 2015-02-09 07:59 - 00000000 ____D () C:\Program Files (x86)\AMD
2015-02-09 07:50 - 2015-02-09 08:46 - 00000000 ____D () C:\AMD

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 20:28 - 2012-09-25 02:43 - 00000000 ____D () C:\Users\mike\Documents\DesktopReminder
2015-03-11 20:27 - 2011-12-10 08:46 - 00000000 ____D () C:\Users\mike\AppData\Roaming\Skype
2015-03-11 20:25 - 2013-05-13 06:24 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-03-11 20:23 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-11 20:22 - 2014-05-29 15:02 - 00000000 ____D () C:\Users\mike\AppData\Roaming\POP Peeper
2015-03-11 20:22 - 2011-12-13 13:49 - 00041174 _____ () C:\lxcz.log
2015-03-11 20:22 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 20:22 - 2009-07-14 00:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 20:22 - 2007-10-10 04:25 - 01721389 _____ () C:\Windows\WindowsUpdate.log
2015-03-11 20:13 - 2011-12-10 09:28 - 00000000 ____D () C:\Users\mike\Documents\PhraseExpress
2015-03-11 20:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-03-11 19:43 - 2015-02-07 20:43 - 00000288 _____ () C:\Windows\Tasks\Binkiland.job
2015-03-11 19:29 - 2015-01-29 18:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 16:30 - 2014-09-06 00:11 - 00000000 ____D () C:\Users\mike\AppData\Local\Glyph
2015-03-11 12:45 - 2014-09-05 22:53 - 00000000 ____D () C:\Program Files (x86)\Glyph
2015-03-11 10:32 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-03-11 09:46 - 2012-01-22 16:19 - 00000000 ____D () C:\Users\arathornv
2015-03-11 08:58 - 2013-09-25 12:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-03-11 08:58 - 2012-09-24 22:38 - 00000000 ____D () C:\ProgramData\InstallMate
2015-03-11 07:49 - 2009-07-14 00:45 - 00302544 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-11 07:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-11 07:46 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-11 06:30 - 2013-07-26 10:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 06:30 - 2011-12-10 16:51 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-11 03:19 - 2011-12-10 12:01 - 00000079 _____ () C:\Windows\showcalc.ini
2015-03-11 01:14 - 2011-12-12 16:05 - 00000000 ____D () C:\Users\mike\AppData\Roaming\vlc
2015-03-11 01:14 - 2009-07-14 01:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-10 14:11 - 2012-01-25 14:31 - 00000000 ____D () C:\Users\mike\Desktop\Audio-Video
2015-03-10 13:50 - 2013-05-13 06:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-10 13:50 - 2011-03-31 03:06 - 00000000 ____D () C:\ProgramData\Skype
2015-03-10 13:47 - 2014-01-16 18:18 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-03-10 13:46 - 2014-01-16 18:18 - 00000000 ____D () C:\Program Files\Java
2015-03-10 06:26 - 2012-07-07 12:52 - 00000000 ____D () C:\Users\mike\AppData\Local\CrashDumps
2015-03-07 18:54 - 2009-07-14 01:08 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-07 18:49 - 2014-05-22 05:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-06 18:56 - 2012-03-31 20:16 - 00000099 _____ () C:\Users\Public\LMDebug.log
2015-03-01 14:54 - 2013-09-25 12:53 - 00000000 ____D () C:\Users\mike\AppData\Roaming\WinPatrol
2015-03-01 14:53 - 2014-08-14 04:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-01 14:53 - 2014-08-14 04:50 - 00000000 ____D () C:\Program Files\iTunes
2015-03-01 14:53 - 2014-08-14 04:50 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-01 14:52 - 2012-11-09 23:49 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-01 09:10 - 2012-01-10 21:16 - 00000000 ____D () C:\Users\mike\AppData\Roaming\BitTorrent
2015-03-01 07:35 - 2014-01-12 23:01 - 00000000 ____D () C:\Users\mike\AppData\Roaming\dvdcss
2015-02-28 22:51 - 2012-02-29 18:25 - 00000000 ____D () C:\Users\mike\AppData\Roaming\DVD Flick
2015-02-25 15:51 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-24 21:47 - 2014-11-12 20:41 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-02-24 18:44 - 2011-12-10 13:05 - 00194560 ____R () C:\Users\Public\Documents\ESBK.mbb
2015-02-24 18:44 - 2011-12-10 13:05 - 00131072 ____R () C:\Users\Public\Documents\ESBK.mb
2015-02-24 17:31 - 2015-01-28 04:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-02-24 10:39 - 2012-01-11 17:10 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-24 04:17 - 2010-11-20 23:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-24 01:33 - 2015-01-18 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2015-02-24 01:33 - 2015-01-18 19:24 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack
2015-02-21 17:48 - 2011-12-11 23:46 - 00000000 ____D () C:\Users\mike\Downloads\Other
2015-02-19 15:42 - 2013-11-10 14:32 - 00000850 _____ () C:\Users\mike\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-02-18 14:00 - 2015-01-18 19:24 - 00127488 _____ () C:\Windows\system32\ff_vfw.dll
2015-02-18 14:00 - 2015-01-18 19:24 - 00112640 _____ () C:\Windows\SysWOW64\ff_vfw.dll
2015-02-17 19:33 - 2013-08-12 13:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDStyler
2015-02-17 19:21 - 2013-10-12 14:42 - 00000000 ____D () C:\Users\mike\AppData\Local\Battle.net
2015-02-17 17:42 - 2011-12-09 16:12 - 00000000 ____D () C:\Users\mike
2015-02-17 17:41 - 2014-06-19 11:55 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-17 14:14 - 2014-05-28 11:42 - 00000000 ____D () C:\ProgramData\Boxtools
2015-02-17 13:47 - 2011-12-19 19:11 - 00000000 ____D () C:\Users\mike\AppData\Local\Overwolf
2015-02-14 12:58 - 2014-12-11 13:06 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-14 12:58 - 2014-05-06 19:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-12 14:21 - 2014-06-26 15:01 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-09 15:56 - 2014-10-27 08:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff1dec9da53c.job
2015-02-09 09:56 - 2014-10-27 08:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff1deb9b9ac4.job
2015-02-09 09:51 - 2014-10-27 08:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cff1dec9da53c
2015-02-09 09:51 - 2014-10-27 08:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cff1deb9b9ac4
2015-02-09 08:48 - 2014-06-26 15:04 - 00000000 ____D () C:\Program Files\AMD
2015-02-09 08:01 - 2014-06-26 15:07 - 00000000 ____D () C:\ProgramData\AMD
2015-02-09 06:52 - 2011-12-11 08:50 - 00000000 ____D () C:\Windows\pss

==================== Files in the root of some directories =======

2014-10-21 22:04 - 2014-10-21 22:04 - 0099384 _____ () C:\Users\mike\AppData\Roaming\inst.exe
2014-10-21 22:04 - 2014-10-21 22:04 - 0007859 _____ () C:\Users\mike\AppData\Roaming\pcouffin.cat
2014-10-21 22:04 - 2014-10-21 22:04 - 0001167 _____ () C:\Users\mike\AppData\Roaming\pcouffin.inf
2014-10-21 22:04 - 2014-10-21 22:04 - 0000055 _____ () C:\Users\mike\AppData\Roaming\pcouffin.log
2014-10-21 22:04 - 2014-10-21 22:04 - 0082816 _____ (VSO Software) C:\Users\mike\AppData\Roaming\pcouffin.sys
2014-05-26 15:33 - 2014-06-24 17:16 - 0000154 _____ () C:\Users\mike\AppData\Roaming\Rim.Desktop.Exception.log
2014-05-26 15:32 - 2014-05-26 15:32 - 0001133 _____ () C:\Users\mike\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-05-26 15:34 - 2014-06-24 17:16 - 0000154 _____ () C:\Users\mike\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-02-16 16:43 - 2015-02-19 03:43 - 0000131 _____ () C:\Users\mike\AppData\Roaming\WB.CFG
2015-03-11 08:16 - 2015-03-11 08:16 - 0000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
2015-02-07 20:42 - 2015-02-07 20:42 - 0186840 _____ () C:\Users\mike\AppData\Local\024F379A_stp.CIS
2015-02-07 20:42 - 2015-02-07 20:42 - 0000234 _____ () C:\Users\mike\AppData\Local\024F379A_stp.CIS.part
2015-02-07 20:42 - 2015-02-07 20:42 - 5421602 _____ () C:\Users\mike\AppData\Local\0B1DA3C3_stp.CIS
2015-02-07 20:42 - 2015-02-07 20:42 - 0000313 _____ () C:\Users\mike\AppData\Local\0B1DA3C3_stp.CIS.part
2015-01-07 17:40 - 2015-01-07 17:40 - 0138335 _____ () C:\Users\mike\AppData\Local\70A1BBC9_stp.CIS
2015-01-07 17:40 - 2015-01-07 17:40 - 0000314 _____ () C:\Users\mike\AppData\Local\70A1BBC9_stp.CIS.part
2015-02-19 03:43 - 2015-02-19 03:43 - 0000010 _____ () C:\Users\mike\AppData\Local\DSI.DAT
2015-02-19 03:43 - 2015-02-19 03:43 - 0022528 _____ () C:\Users\mike\AppData\Local\dsisetup949181842.exe
2011-12-11 00:01 - 2011-12-11 00:01 - 0000092 _____ () C:\Users\mike\AppData\Local\fusioncache.dat
2011-12-11 16:37 - 2011-12-11 16:37 - 0000022 _____ () C:\Users\mike\AppData\Local\kodakpcd.ini
2014-08-13 20:59 - 2014-08-13 20:59 - 0003268 _____ () C:\Users\mike\AppData\Local\recently-used.xbel
2014-01-10 02:21 - 2014-01-10 02:21 - 0000017 _____ () C:\Users\mike\AppData\Local\resmon.resmoncfg
2014-09-17 11:58 - 2014-11-24 22:08 - 0000490 _____ () C:\Users\mike\AppData\Local\TempGameCenter.main.download.log
2012-09-20 19:19 - 2014-10-21 22:22 - 0000125 ___SH () C:\ProgramData\.zreglib
2015-03-11 08:16 - 2015-03-11 20:26 - 0000664 ____H () C:\ProgramData\@system.temp
2015-03-11 08:17 - 2015-03-11 20:26 - 0000400 ____H () C:\ProgramData\@system3.att
2007-10-10 04:37 - 2014-01-14 17:30 - 0015543 _____ () C:\ProgramData\ArcadeDeluxe5.log
2014-08-15 18:58 - 2014-08-15 18:58 - 4685824 _____ () C:\ProgramData\ClassicShellSetup64_4_1_0.msi
2012-01-10 23:46 - 2012-01-10 23:47 - 0002516 ___SH () C:\ProgramData\KGyGaAvL.sys
2014-06-10 11:21 - 2014-06-10 11:21 - 0005090 _____ () C:\ProgramData\powjnvfp.pmy
2014-01-14 17:13 - 2014-01-14 17:14 - 0000032 _____ () C:\ProgramData\PS.log
2012-03-28 17:55 - 2012-03-28 17:55 - 0004910 _____ () C:\ProgramData\qjaxlkio.dss

Files to move or delete:
====================
C:\ProgramData\qjaxlkio.dss
C:\Users\mike\jagex_cl_runescape_LIVE.dat
C:\Users\mike\random.dat

Some content of TEMP:
====================
C:\Users\mike\AppData\Local\Temp\update.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-20 06:00

==================== End Of Log ============================

***
***
Additional.txt:
-------------
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by mike at 2015-03-11 21:56:03
Running from C:\Users\mike\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Leawo DVD to MP4 Converter version 4.3.0.0 (HKLM-x32\...\{E583A6F3-8F2F-4644-97FF-748F83A58D68}_is1) (Version: 4.3.0.0 - Leawo Software Co., Ltd.)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.4 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3005 - Acer Incorporated)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.0.5 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.245 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.6) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.6 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Advene 0.46 (HKLM-x32\...\Advene_is1) (Version: - )
Agatha Christie - 4:50 from Paddington (x32 Version: 2.2.0.95 - WildTangent) Hidden
Akamai NetSession Interface (HKLM-x32\...\Akamai) (Version: - )
Akamai NetSession Interface (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Allods Online 2.0.06.65.1 (HKLM-x32\...\AstrumNival Allods) (Version: 2.0.06.65.1 - gPotato)
Allods Online EN (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Allods Online EN) (Version: 1.43 - My.com B.V.)
Amazon Kindle (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Amazon Kindle) (Version: - Amazon)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Any Video Converter 5.7.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{9B3B4129-220E-42C7-9C5B-91C65E0885B4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage (HKLM-x32\...\Glyph Archeage) (Version: - Trion Worlds, Inc.)
ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM-x32\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM-x32\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM-x32\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM-x32\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM-x32\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM-x32\...\{CAE8A0F1-B498-4C23-95FA-55047E730C8F}) (Version: 2.8.255.384 - ArcSoft)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.8.9046 - )
Battle.net (HKLM-x32\...\Battle.net) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bell Internet Check-up (HKLM-x32\...\BellCanada) (Version: - )
BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.3.1 - BitRaider, LLC)
BitTorrent (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\BitTorrent) (Version: 7.9.2.38657 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Boxoft Wav to MP3 (freeware) (HKLM-x32\...\Boxoft Wav to MP3 (freeware)_is1) (Version: - Boxoft Solution)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
CalcTime (HKLM-x32\...\{61DDB570-83C6-11DC-6784-23600A5F18BE}) (Version: 4.0 - Access Business Communications, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
CCScore (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3009 - Acer Incorporated)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Desktop-Reminder 2 (HKLM-x32\...\Desktop-Reminder 2) (Version: 2.54 - Polenter - Software Solutions)
Desktop-Reminder 2 (x32 Version: 2.54 - Polenter - Software Solutions) Hidden
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version: - )
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version: - )
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
DVD Flick v2 1.3.0.9 (HKLM-x32\...\DVD Flick v2_is1) (Version: 1.3.0.9 - Dennis Meuwissen)
DVDStyler v2.9.2 (HKLM-x32\...\DVDStyler_is1) (Version: - )
Easy DVD Player (HKLM-x32\...\Easy DVD Player) (Version: 3.5.1.0833 - ZJMedia)
ESSBrwr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSCDBK (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESScore (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSgui (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
ESSini (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPCD (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
ESSPDock (x32 Version: 6.03.0001.0004 - EASTMAN KODAK Company) Hidden
ESSTOOLS (x32 Version: 5.00.0000.0004 - EASTMAN KODAK Company) Hidden
essvatgt (x32 Version: 8.00.0000.0001 - EASTMAN KODAK Company) Hidden
Far Cry (Patch 1.4) (x32 Version: 1.00.0000 - Ubisoft) Hidden
File Renamer - Basic (HKLM-x32\...\File Renamer - Basic) (Version: 6.3 - Sherrod Computers)
FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
Final Drive: Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
FM Screen Capture Codec (Remove Only) (HKLM-x32\...\FMCODEC) (Version: - )
FreeOCR 3.0 (HKLM\...\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}) (Version: 3.0 - Free OCR)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Glyph (HKLM-x32\...\Glyph) (Version: - Trion Worlds, Inc.)
GOG.com Downloader version 3.0.25 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.0.25 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}) (Version: 7.0.3.8542 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Half-Life: Blue Shift (HKLM-x32\...\Half-Life: Blue Shift) (Version: - )
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Iconoid version 3.8.6 (HKLM-x32\...\{BCD2FF98-7DF2-4FE2-B7E3-9593C5D66A4E}_is1) (Version: 3.8.6 - Sillysot Software)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
iTunes (HKLM\...\{C36440D2-5DBE-4F20-8D39-39D83FDBBE4E}) (Version: 12.1.1.4 - Apple Inc.)
Java 7 Update 17 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418040F0}) (Version: 8.0.400 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Jewel Quest Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 11.0.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.0.0 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.12.0 - Rakuten Kobo Inc.)
Kodak EasyShare software (HKLM-x32\...\{D32470A1-B10C-4059-BA53-CF0486F68EBC}) (Version: - Eastman Kodak Company)
Lagarith lossless video codec (Remove Only) (HKLM-x32\...\LAGARITH) (Version: - )
Lexmark 1200 Series (HKLM\...\Lexmark 1200 Series) (Version: - Lexmark International, Inc.)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
McAfee Internet Security (HKLM-x32\...\MSC) (Version: 13.6.1492 - McAfee, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.194 - McAfee, Inc.)
MediaEspresso (x32 Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office 2000 SR-1 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.3821 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
My.com Games (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\MyComGames) (Version: 2.22 - BENSTAR LIMITED)
Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
netbrdg (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.1.17869 - Symantec Corporation)
NoteMaker 1.0 Tryout (HKLM-x32\...\NoteMaker_is1) (Version: - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.5 - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OfotoXMI (x32 Version: 8.03.0000.0001 - EASTMAN KODAK Company) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Overwolf (HKLM-x32\...\{6FB58056-0BD1-4E42-BC61-26A840895497}) (Version: 0.41.236 - Overwolf)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{D691E998-CF53-4F6C-AC20-E4284660E0E7}) (Version: 2.1.6.19758 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PhraseExpress v10.5.40 (HKLM-x32\...\PhraseExpress_is1) (Version: 10.5.40 - Bartels Media GmbH)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAD Video Tools (HKLM-x32\...\RADVideo) (Version: - )
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.2.0-1.0.5185.0 - raidcall.com)
RealDownloader (x32 Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 17.0.15.7 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.77.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RIFT (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\RIFT) (Version: - Trion Worlds, Inc.)
RIFT (PTS) (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\RIFT-PTS) (Version: - Trion Worlds, Inc.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM-x32\...\Samsung ML-1670 Series) (Version: - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
SFR (x32 Version: 8.01.0000.0001 - Eastman Kodak Company) Hidden
SHASTA (x32 Version: 7.01.0000.0001 - EASTMAN KODAK Company) Hidden
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
SIW version 2011.10.29 (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2011.10.29 - Topala Software Solutions)
skin0001 (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
SKINXSDK (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
staticcr (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM-x32\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: - TeamSpeak Systems GmbH)
The Lord of the Rings Online™: Shadows of Angmar™ v07.12.30.54 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 07.12.30.54 - Midway Home Entertainment Inc)
tinySpell 1.9.44 (HKLM-x32\...\tinySpell_is1) (Version: - KEDMI Scientific Computing)
Tom Clancy's Splinter Cell Chaos Theory (HKLM-x32\...\{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}) (Version: 1.05.157 - Ubisoft)
Torchlight (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Runic Games Torchlight) (Version: 0.0.66.192 - )
Torchlight (x32 Version: 2.2.0.95 - WildTangent) Hidden
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.2.0 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VPRINTOL (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Winamp Detector Plug-in (HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - WinPatrol)
WinZip Driver Updater (HKLM-x32\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.11339 - WinZip Computing, S.L. (WinZip Computing))
WIRELESS (x32 Version: 8.02.0000.0001 - EASTMAN KODAK Company) Hidden
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
XfireXO Toolbar (HKLM-x32\...\XfireXO Toolbar) (Version: 6.8.5.1 - XfireXO)
XNote Stopwatch (HKLM-x32\...\XNote Stopwatch) (Version: 1.66 - dnSoft Research Group)
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-261593359-1049202612-806197226-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-261593359-1049202612-806197226-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-261593359-1049202612-806197226-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-261593359-1049202612-806197226-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-261593359-1049202612-806197226-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\mike\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

08-02-2015 11:53:22 Removed Skype Click to Call
08-02-2015 17:24:32 Removed PCTuner
08-02-2015 17:32:41 Removed Apple Mobile Device Support
08-02-2015 17:34:01 Removed WeatherApp
08-02-2015 18:11:19 Windows Update
08-02-2015 19:48:09 Removed Apple Application Support (32-bit)
08-02-2015 19:53:34 Removed Apple Application Support (64-bit)
09-02-2015 07:52:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
09-02-2015 08:20:26 Before catalyst drivers
12-02-2015 14:03:18 Windows Update
16-02-2015 19:41:20 Removed Skype Click to Call
16-02-2015 19:47:55 Removed iTunes
18-02-2015 01:16:21 Windows Update
19-02-2015 17:02:20 Revo Uninstaller's restore point - Search Protect
25-02-2015 05:17:22 Windows Update
25-02-2015 14:43:59 Windows Update
01-03-2015 14:51:13 Installed iTunes
07-03-2015 18:38:25 Windows Update
11-03-2015 06:20:46 Windows Update
11-03-2015 06:49:49 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2013-11-22 20:13 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00E8AE5D-8B3A-4D94-AB64-2BA36CAE879D} - System32\Tasks\{F3B63D68-CE7C-498D-9966-F9AB1A2BB145} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe"
Task: {03124CEE-9776-44BA-BE1F-17B13D7113BF} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-261593359-1049202612-806197226-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {05B6132C-ECE5-407F-AF01-321488FE344E} - System32\Tasks\{66FF1E6D-C513-4DD2-AC03-2980C1A7ACAD} => pcalua.exe -a "E:\World of Warcraft\Interface\AddOns\+Wowhead_Looter\Wowhead_Client.exe" -d "E:\World of Warcraft\Interface\AddOns\+Wowhead_Looter"
Task: {06500E56-63E5-46A0-88C1-512EB777377D} - System32\Tasks\boosterpop => C:\Program Files (x86)\Tuneup computer\Probsalert.exe
Task: {1540EA80-0707-4336-B582-729FDFFE7737} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {2BF55E3D-1E0A-45FA-BEF9-17F3D32128EC} - System32\Tasks\{F7C28AB7-DBCE-4E86-8388-B39A604693CA} => pcalua.exe -a "C:\Users\mike\Downloads\HL2 etc games\Diablo 2 mods\PlugY_The_Survival_Kit_v10.00.exe" -d "C:\Users\mike\Downloads\HL2 etc games\Diablo 2 mods"
Task: {2C5FF63B-57B6-44CB-BCDC-F031544D0283} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2CB5CE13-BFFB-4F43-BA59-1058BCC070FD} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Stryder => C:\Program Files\Windows Calendar\WinCal.exe [2009-04-11] (Microsoft Corporation)
Task: {2EBBA846-18FE-4AD0-BF97-4DE08BF7A595} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {3231878C-6B71-417D-9DDA-10EDEE5CF016} - System32\Tasks\HDNINSTSCHD => C:\Windows\PCBHDNW\hdnInstaller.exe
Task: {54F1F839-436F-4EA1-B995-CCBCA093925B} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {56EEC5C2-66A5-4EB6-AC3E-311F8FF6E0C1} - \Ad-Aware Antivirus Scheduled Scan No Task File <==== ATTENTION
Task: {57C692C6-5A09-49BA-AF84-2C2ADCAA5BD3} - System32\Tasks\EasyShare Registration RunOnce Task => Rundll32.exe C:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOfferSilence@16
Task: {597DEF45-020B-4A0D-A69B-17111CAB7DCA} - \OptimizerPro1UpdaterTask{B5F963C6-E826-4059-AA8B-F7B000C1931B} No Task File <==== ATTENTION
Task: {5A387197-D32C-4B10-8A47-18D5B5710FED} - \WxDFastUpdaterTask{10EA724F-18E2-4177-B2BE-762A02EB7974} No Task File <==== ATTENTION
Task: {64BD82F8-ECD7-4AE6-B968-788D5A1FF63F} - System32\Tasks\{8DFA69B8-EB8F-47F0-A5D2-8168806B0562} => pcalua.exe -a "C:\Users\mike\Downloads\zzz-new PC install stuff\LG E2041 monitor drivers\Driver\Installation\Setup.exe" -d "C:\Users\mike\Downloads\zzz-new PC install stuff\LG E2041 monitor drivers\Driver\Installation"
Task: {6AF8058E-94CD-4E16-83A5-DE9E9C7A19AC} - System32\Tasks\{395F4D34-F795-4E5A-838A-491B18AEC77A} => pcalua.exe -a C:\Users\mike\Downloads\AdobeAIRInstaller.exe -d C:\Users\mike\Downloads
Task: {6E353697-97CD-4F6E-AE0D-ACD73416EC05} - System32\Tasks\GoogleUpdateTaskMachineCore1cff1deb9b9ac4 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {71876345-248E-497D-A1B2-E57A2D0DB5A6} - \Ad-Aware Update (Weekly) No Task File <==== ATTENTION
Task: {75652317-3053-4786-A9AB-307850F4BE02} - System32\Tasks\{C580294B-13A4-40F8-BC64-477ADB5AABDD} => pcalua.exe -a "D:\Remote Programs\7 Wonders 2\GPlrLanc.exe" -c -LOpCode 2 /RemoveContent cid=586350;name=7 Wonders II;dir=D:\Remote Programs\7 Wonders 2\;prvid=143;cmdid=1;prvdir=Default
Task: {77DB9F81-5170-4B52-BAC5-76B62A9F5A99} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {7C2E5810-C073-48EA-99DE-BA79C52A36A5} - System32\Tasks\IEError => C:\Program Files (x86)\Tuneup computer\Popialert.exe
Task: {7C45B3B6-93EB-4ACA-8954-8401342708F3} - System32\Tasks\{98962F3D-E0D0-48FD-A714-FDF2445AEBDB} => Firefox.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsOptions&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {8274E4BD-394A-48D2-83FA-D8C8A7649953} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {879DD970-57B2-4CFF-8FC7-F4DFBD3E8C9F} - System32\Tasks\Binkiland => C:\Users\mike\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {885EC9C7-6E9F-4148-A2D4-7727FF8947DC} - System32\Tasks\{17E4007D-14C6-4392-ACBA-68B2B55A2010} => Firefox.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {88D132AE-1A36-4C26-9AEB-333EC2E34DF1} - System32\Tasks\{97613CEF-C3F5-4E1B-9E1D-570D508D78B9} => Firefox.exe http://ui.skype.com/ui/0/5.0.0.152.367/en/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {89B7A004-6FEA-4A01-8641-D9DE62C89F4D} - System32\Tasks\{4B250DD9-0938-4DA7-B55F-D4FE1A55EBB0} => pcalua.exe -a C:\Users\mike\Downloads\air15_win.exe -d C:\Users\mike\Downloads
Task: {8A162704-EC07-4570-942F-2B6734F757DB} - System32\Tasks\{7C85D0EA-2001-447B-A162-D15983E14FE4} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?source=lightinstaller&page=tsPlugin
Task: {9264F0FE-3337-4B0F-AAF6-5876394FA5D7} - System32\Tasks\avayvxvaxc => C:\Users\mike\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {944B8326-B34A-435E-80AD-2737C9A39685} - \RealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {95621E6E-B801-4D9C-8F09-AD39F1D64055} - System32\Tasks\{EFDF28DB-52CC-4E10-83FF-308E73DB961A} => pcalua.exe -a C:\Users\mike\Downloads\wlsetup-all.exe -d C:\Users\mike\Downloads
Task: {A0D3E2D8-FF6C-4DA6-8811-FD242E515ADC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A928445D-557F-44FB-81BD-5DA1A7623518} - System32\Tasks\{9DC67EA8-53E7-427C-A690-A31487B9A612} => pcalua.exe -a E:\SW\swwd.exe -d E:\SW
Task: {B4D83658-6909-46CB-8A7F-030E3B8523A8} - System32\Tasks\UPDTEXE4_WDR => C:\Program Files (x86)\Portable WeatherApp\updater.exe
Task: {B54C1D16-4A40-48FE-9B6E-91792F2F757F} - System32\Tasks\{BC8D5679-65EF-4AA0-8B22-94078C91AA3D} => pcalua.exe -a C:\Users\mike\Downloads\wlsetup-all.exe -d C:\Users\mike\Downloads
Task: {C29095AE-9816-4723-9E2B-51050CBD6FFE} - System32\Tasks\{922D9A0A-BE24-4817-8FA6-335C48A52F23} => pcalua.exe -a "d:\DVD Ripper Platinum 5\Uninstall.exe"
Task: {C3E7E469-D83B-4CE1-8FEA-B5AB40667FA8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {D2BFAA96-F6ED-4DBE-9940-11EF2BC5E371} - \WinZipDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {D9B481ED-8930-43C8-A3D9-E6586BA1F161} - System32\Tasks\{EEE6E1FF-1F13-4EA9-AB8F-9CEE22960F7D} => pcalua.exe -a C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -c /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l2057
Task: {DA971E27-EEDA-4F0A-A57B-58EB784F986C} - System32\Tasks\{38628F9B-A9C6-4FC6-A4D8-B691A2FF84B7} => pcalua.exe -a C:\Users\mike\Downloads\wlsetup-web.exe -d C:\Users\mike\Downloads
Task: {DFEDEE01-939E-4E96-9F44-51B98118A4BF} - System32\Tasks\IE_ERR4WDR => C:\Program Files (x86)\Portable WeatherApp\IEError.exe
Task: {E06572A6-8B24-4F52-BE23-8EB1750709B0} - System32\Tasks\{01CB67E5-9D52-4C32-A1C1-B11FDA35ECD4} => pcalua.exe -a C:\Users\mike\Downloads\air15_win.exe -d C:\Users\mike\Downloads
Task: {E77F887F-4CC4-4533-B955-E613F68C0864} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2014-10-29] ()
Task: {E84311DA-E710-4ADE-AFC8-A363CD56476E} - System32\Tasks\EasyShare Registration Task => Rundll32.exe C:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16
Task: {EDB9FA9F-F6D3-4496-8DF3-6C4DF1235636} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {F1F61D45-6A8F-475A-B8AE-C6EFD35CE60C} - System32\Tasks\GoogleUpdateTaskMachineUA1cff1dec9da53c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: {F7A387F7-4926-4C0C-BD99-63F95DB908A8} - System32\Tasks\AI_Updater => C:\Program Files (x86)\Tuneup computer\updater.exe
Task: {F8575E65-76FE-40C0-B54B-6B2CF7E053CD} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: {F99DC998-EBB9-4BC3-A785-DA4A5FEBB4A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-27] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\mike\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\EasyShare Registration RunOnce Task.job => C:\Windows\system32\rundll32.exe C:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt
Task: C:\Windows\Tasks\EasyShare Registration Task.job => C:\Windows\system32\rundll32.exeTC:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cff1deb9b9ac4.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cff1dec9da53c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-20 20:37 - 2015-02-20 20:37 - 02623488 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityProvider.dll
2015-02-20 20:37 - 2015-02-20 20:37 - 02168320 _____ () C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
2009-01-21 19:45 - 2009-01-21 19:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2012-06-18 11:24 - 2012-06-18 11:24 - 00222720 _____ () d:\Notepad++\NppShell_05.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-261593359-1049202612-806197226-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\mike\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BRSptSvc => 3
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Leawo_service => 2
MSCONFIG\Services: lxcz_device => 2
MSCONFIG\Services: McciCMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI_LiveUpdate_Service => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: PDF Architect 2 => 3
MSCONFIG\Services: pdfforge CrashHandler => 3
MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Boxoft Tools => "C:\ProgramData\Boxtools\Boxofttoolbox.exe" -autorun
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Ibbhsoft => C:\Users\mike\AppData\Local\Ibbhsoft\tmp9137.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Media Finder => "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: Steam => "E:\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

==================== Accounts: =============================

Administrator (S-1-5-21-261593359-1049202612-806197226-500 - Administrator - Disabled)
arathornv (S-1-5-21-261593359-1049202612-806197226-1006 - Administrator - Enabled) => C:\Users\arathornv
ASPNET (S-1-5-21-261593359-1049202612-806197226-1005 - Limited - Enabled)
Guest (S-1-5-21-261593359-1049202612-806197226-501 - Limited - Disabled)
mike (S-1-5-21-261593359-1049202612-806197226-1000 - Administrator - Enabled) => C:\Users\mike

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswRdr
Description: aswRdr
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRdr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SBRE
Description: SBRE
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SBRE
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/11/2015 09:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 09:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 09:05:49 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (03/11/2015 09:00:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:57:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.

Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (03/11/2015 08:31:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:24:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 00:42:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 10:15:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (03/11/2015 09:54:24 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/11/2015 09:54:22 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (03/11/2015 09:28:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 09:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 09:05:49 PM) (Source: SignInAssistant) (EventID: 0) (User: )
Description: StartService failed with hr = 0x8007043c

Error: (03/11/2015 09:00:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:57:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (03/11/2015 08:31:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:24:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 08:16:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 00:42:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/11/2015 10:15:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe

CodeIntegrity Errors:
===================================
Date: 2012-05-28 02:18:45.173
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-05-28 02:18:45.156
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
Percentage of memory in use: 27%
Total physical RAM: 4095.24 MB
Available physical RAM: 2951.47 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 7060.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:458.49 GB) (Free:165.8 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:224.61 GB) (Free:38.1 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:228.78 GB) (Free:46.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 67932353)
Partition 1: (Not Active) - (Size=19.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=458.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=453.4 GB) - (Type=OF Extended)

==================== End Of Log ============================

Here is the aswMBR.txt file:

***
***
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-03-11 22:05:09
-----------------------------
22:05:09.088 OS Version: Windows x64 6.1.7601 Service Pack 1
22:05:09.088 Number of processors: 2 586 0x170A
22:05:09.088 ComputerName: MIKE UserName: mike
22:05:09.930 Initialize success
22:05:45.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-6
22:05:45.280 Disk 0 Vendor: WDC_WD10EADX-22TDHB0 77.04D77 Size: 953869MB BusType: 3
22:05:45.404 Disk 0 MBR read successfully
22:05:45.404 Disk 0 MBR scan
22:05:45.404 Disk 0 Windows 7 default MBR code
22:05:45.404 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
22:05:45.420 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
22:05:45.420 Disk 0 default boot code
22:05:45.436 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 469494 MB offset 41166848
22:05:45.436 Disk 0 Partition - 00 0F Extended LBA 464272 MB offset 1002692608
22:05:45.467 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 230000 MB offset 1002694656
22:05:45.467 Disk 0 Partition - 00 05 Extended 234271 MB offset 1473734656
22:05:45.498 Disk 0 Partition 5 00 07 HPFS/NTFS NTFS 234270 MB offset 1473736704
22:05:45.529 Disk 0 scanning C:\Windows\system32\drivers
22:05:51.707 Service scanning
22:06:03.734 Modules scanning
22:06:03.734 Disk 0 trace - called modules:
22:06:03.750 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
22:06:03.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800490d060]
22:06:03.750 3 CLASSPNP.SYS[fffff8800197d43f] -> nt!IofCallDriver -> [0xfffffa800442f580]
22:06:03.750 5 ACPI.sys[fffff88000f7f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-6[0xfffffa800442a060]
22:06:03.750 Disk 0 statistics 103362/0/0 @ 8.67 MB/s
22:06:03.750 Scan finished successfully
22:06:26.432 Disk 0 MBR has been saved successfully to "C:\Users\mike\Downloads\MBR.dat"
22:06:26.432 The log file has been saved successfully to "C:\Users\mike\Downloads\aswMBR.txt"

Juliet

2015-03-12, 11:31

You should uninstall this
FileHippo.AppManager.exe
http://www.herdprotect.com/filehippo.appmanager.exe-9f5d09648d200ada98de6e6f6d288ce8035c2203.aspx

~~~~~~

Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:

C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll

Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~

Using Windows Explorer navigate to and if found please delete
C:\Users\mike\AppData\Roaming\麽鎒駓覜

~~~~~~~~~~~~~~~~~~~

It's best we move Farbar's to desktop.

Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Ehxtion] => regsvr32.exe C:\Users\mike\AppData\Local\Ehxtion\QuickLibs80.dll <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112...00c89cdc2923d8
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> DefaultScope {59F8DCFE-4A1A-4DF9-AE82-3E2BFE68D929} URL = https://ca.search.yahoo.com/search?fr=mcafee&type=B011CA1056D20141112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT2304157&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SPAEB2AB49-B16F-4719-ABDA-73072D7E7DD0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {602F5D75-8B65-4BD3-B2AA-A9375593AF9D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2304157
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {B13D1B4F-05EA-436E-9EE8-CF5E9E396663} URL = http://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCzytAtBzy0ByCtGyEyCtA0CtGtD0Azy0AtGtCzz0EyEtGtDyE0DtAzy0DyE0DtCyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0D0FtAyBtA0BtGyE0F0DyDtGyEtAtCyDtGzytCtA0DtG0ByB0Czz0EzztC0AyEzytAyE2Q&cr=224970857&ir=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {C62AED4B-A13B-414F-8ACD-ECCA1C386F85} URL = http://websearch.ask.com/redirect?client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=HP&apn_dtid=YYYYYYCLCA&apn_uid=8ef85837-4f7e-4ba8-839b-81a9c5903680&apn_sauid=7A855479-006E-48CD-A030-FA557D274AB9
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO-x32: XfireXO Toolbar -> {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -> C:\Program Files (x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
FF SearchPlugin: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-1348552600720\searchplugins\delta.xml [2013-03-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-02-24]
CHR Extension: (No Name) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\mike\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
2015-02-19 15:44 - 2015-02-19 15:44 - 00003444 _____ () C:\Windows\System32\Tasks\avayvxvaxc
2015-02-19 15:43 - 2015-02-20 17:33 - 00000000 ____D () C:\Users\mike\AppData\Local\avayvxvaxc
2015-03-11 19:43 - 2015-02-07 20:43 - 00000288 _____ () C:\Windows\Tasks\Binkiland.job
C:\ProgramData\qjaxlkio.dss
C:\Users\mike\jagex_cl_runescape_LIVE.dat
C:\Users\mike\random.dat
C:\Users\mike\AppData\Local\Temp\update.exe
Task: {1540EA80-0707-4336-B582-729FDFFE7737} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {54F1F839-436F-4EA1-B995-CCBCA093925B} - \avast! Emergency Update No Task File <==== ATTENTION
Task: {56EEC5C2-66A5-4EB6-AC3E-311F8FF6E0C1} - \Ad-Aware Antivirus Scheduled Scan No Task File <==== ATTENTION
Task: {597DEF45-020B-4A0D-A69B-17111CAB7DCA} - \OptimizerPro1UpdaterTask{B5F963C6-E826-4059-AA8B-F7B000C1931B} No Task File <==== ATTENTION
Task: {5A387197-D32C-4B10-8A47-18D5B5710FED} - \WxDFastUpdaterTask{10EA724F-18E2-4177-B2BE-762A02EB7974} No Task File <==== ATTENTION
Task: {71876345-248E-497D-A1B2-E57A2D0DB5A6} - \Ad-Aware Update (Weekly) No Task File <==== ATTENTION
Task: {77DB9F81-5170-4B52-BAC5-76B62A9F5A99} - \RealDownloaderDownloaderScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {879DD970-57B2-4CFF-8FC7-F4DFBD3E8C9F} - System32\Tasks\Binkiland => C:\Users\mike\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9264F0FE-3337-4B0F-AAF6-5876394FA5D7} - System32\Tasks\avayvxvaxc => C:\Users\mike\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {944B8326-B34A-435E-80AD-2737C9A39685} - \RealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {D2BFAA96-F6ED-4DBE-9940-11EF2BC5E371} - \WinZipDriverUpdaterRunAtStartup No Task File <==== ATTENTION
Task: {F8575E65-76FE-40C0-B54B-6B2CF7E053CD} - \GoforFilesUpdate No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\mike\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
Hosts:
CMD: C:\ComboFix.txt
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~
http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you [i]know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~

Please post
File requested scanned
Fixlog.txt
AdwCleaner.txt

mikenowo

2015-03-12, 16:26

Here is what you requested:

Links from Virustotal:

https://www.virustotal.com/en/file/890c1734ed1ef6b2422a9b21d6205cf91e014add8a7f41aa5a294fcf

60631a7b/analysis/1426172370/

https://www.virustotal.com/en/file/6c41a6d3c327a17a0fb050ff85bf4e1b5391eeff14060e1cda78fe36

b8ea0dd4/analysis/1426172519/

===
===

Fixlog.txt contents:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by mike at 2015-03-12 10:28:21 Run:1
Running from C:\Users\mike\Desktop
Loaded Profiles: mike (Available profiles: mike & arathornv)
Boot Mode: Safe Mode (with Networking)
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Ehxtion] => regsvr32.exe C:

\Users\mike\AppData\Local\Ehxtion\QuickLibs80.dll <===== ATTENTION
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL => C:

\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL => "C:

\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" File Not Found
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Policies\Microsoft\Internet

Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Main,Search Page = http://feed.helperbar.com/?

publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-

0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Main,Search Bar = http://feed.helperbar.com/?

publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-aaf5-43ac-b3e6-

0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=112...00c89cdc2923d8
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Main,Start Page = about:blank
URLSearchHook: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:

\Program Files (x86)\XfireXO\prxtbXfir.dll (Conduit Ltd.)
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =

http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=CA&userid=fffa6d18-

aaf5-43ac-b3e6-0d4ef8854b78&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL =

http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> DefaultScope {59F8DCFE-

4A1A-4DF9-AE82-3E2BFE68D929} URL = https://ca.search.yahoo.com/search?

fr=mcafee&type=B011CA1056D20141112&p={searchTerms}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> BrowserMngrDefaultScope

{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {014DB5FA-EAFB-4592-

A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?

ctid=CT2304157&octid=EB_ORIGINAL_CTID&SearchSource=62&CUI=&UM=&UP=SPAEB2AB49-B16F-4719-

ABDA-73072D7E7DD0&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {0633EE93-D776-472f-

A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {602F5D75-8B65-4BD3-

B2AA-A9375593AF9D} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}

&SearchSource=4&ctid=CT2304157
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {afdbddaa-5d3f-42ee-

b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}

&SearchSource=4&ctid=CT2790392
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {B13D1B4F-05EA-436E-9EE8

-CF5E9E396663} URL = http://binkiland.com/results.php?f=4&q={searchTerms}

&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1L2X

zutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCzytAtBzy0ByCtGyEyCtA0Ct

GtD0Azy0AtGtCzz0EyEtGtDyE0DtAzy0DyE0DtCyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0D0FtAyBtA0BtGyE

0F0DyDtGyEtAtCyDtGzytCtA0DtG0ByB0Czz0EzztC0AyEzytAyE2Q&cr=224970857&ir=
SearchScopes: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> {C62AED4B-A13B-414F-

8ACD-ECCA1C386F85} URL = http://websearch.ask.com/redirect?

client=ie&tb=IMB&o=15781&src=crm&q={searchTerms}

&locale=en_US&apn_ptnrs=HP&apn_dtid=YYYYYYCLCA&apn_uid=8ef85837-4f7e-4ba8-839b-

81a9c5903680&apn_sauid=7A855479-006E-48CD-A030-FA557D274AB9
BHO: No Name -> {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -> No File
BHO-x32: XfireXO Toolbar -> {5e5ab302-7f65-44cd-8211-c1d4caaccea3} -> C:\Program Files

(x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM-x32 - XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program

Files (x86)\XfireXO\prxtbXfir.dll [2011-05-09] (Conduit Ltd.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {D4027C7F-154A-4066

-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {5E5AB302-7F65-

44CD-8211-C1D4CAACCEA3} - No File
Toolbar: HKU\S-1-5-21-261593359-1049202612-806197226-1000 -> No Name - {88C7F2AA-F93F-

432C-8F0E-B7D85967A527} - No File
FF Plugin-x32: @real.com/nprpplugin;version=17.0.15.10 -> C:\Program Files (x86)\Real

\RealPlayer\Netscape6\nprpplugin.dll No File
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks

\RealDownloader\BrowserPlugins\npdlplugin.dll No File
FF Plugin-x32: @UtilityChest_49.com/Plugin -> C:\Program Files (x86)\UtilityChest_49\bar

\1.bin\NP49Stub.dll No File
FF SearchPlugin: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-

1348552600720\searchplugins\delta.xml [2013-03-26]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions

\ffxtlbr@babylon.com [2015-02-24]
CHR Extension: (No Name) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default

\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-27]
CHR HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Google\Chrome\Extensions\...

\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike\AppData\Local\CRE

\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData

\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\mike

\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [mhfdcmehmjcclgopdodkjdicohagipid] - C:\Users\mike

\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx [2012-06-07]
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\????
2015-02-19 15:44 - 2015-02-19 15:44 - 00003444 _____ () C:\Windows\System32\Tasks

\avayvxvaxc
2015-02-19 15:43 - 2015-02-20 17:33 - 00000000 ____D () C:\Users\mike\AppData\Local

\avayvxvaxc
2015-03-11 19:43 - 2015-02-07 20:43 - 00000288 _____ () C:\Windows\Tasks\Binkiland.job
C:\ProgramData\qjaxlkio.dss
C:\Users\mike\jagex_cl_runescape_LIVE.dat
C:\Users\mike\random.dat
C:\Users\mike\AppData\Local\Temp\update.exe
Task: {1540EA80-0707-4336-B582-729FDFFE7737} - \RealPlayerRealUpgradeScheduledTaskS-1-5-21

-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {54F1F839-436F-4EA1-B995-CCBCA093925B} - \avast! Emergency Update No Task File <====

ATTENTION
Task: {56EEC5C2-66A5-4EB6-AC3E-311F8FF6E0C1} - \Ad-Aware Antivirus Scheduled Scan No Task

File <==== ATTENTION
Task: {597DEF45-020B-4A0D-A69B-17111CAB7DCA} - \OptimizerPro1UpdaterTask{B5F963C6-E826-

4059-AA8B-F7B000C1931B} No Task File <==== ATTENTION
Task: {5A387197-D32C-4B10-8A47-18D5B5710FED} - \WxDFastUpdaterTask{10EA724F-18E2-4177-

B2BE-762A02EB7974} No Task File <==== ATTENTION
Task: {71876345-248E-497D-A1B2-E57A2D0DB5A6} - \Ad-Aware Update (Weekly) No Task File <====

ATTENTION
Task: {77DB9F81-5170-4B52-BAC5-76B62A9F5A99} - \RealDownloaderDownloaderScheduledTaskS-1-5

-21-261593359-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {879DD970-57B2-4CFF-8FC7-F4DFBD3E8C9F} - System32\Tasks\Binkiland => C:\Users\mike

\AppData\Roaming\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {9264F0FE-3337-4B0F-AAF6-5876394FA5D7} - System32\Tasks\avayvxvaxc => C:\Users\mike

\AppData\Local\avayvxvaxc\avayvxvaxc.exe <==== ATTENTION
Task: {944B8326-B34A-435E-80AD-2737C9A39685} - \RealUpgradeScheduledTaskS-1-5-21-261593359

-1049202612-806197226-1000 No Task File <==== ATTENTION
Task: {D2BFAA96-F6ED-4DBE-9940-11EF2BC5E371} - \WinZipDriverUpdaterRunAtStartup No Task

File <==== ATTENTION
Task: {F8575E65-76FE-40C0-B54B-6B2CF7E053CD} - \GoforFilesUpdate No Task File <====

ATTENTION
Task: C:\Windows\Tasks\Binkiland.job => C:\Users\mike\AppData\Roaming

\BINKIL~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:373E1720
EmptyTemp:
Hosts:
CMD: C:\ComboFix.txt
End
*****************

Processes closed successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion

\Run\\Ehxtion => value deleted successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC64LO~1.DLL" => Value Data removed successfully.
"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL" => Value Data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

\00avast" => Key deleted successfully.
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => Key not found.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Policies\Microsoft\Internet

Explorer" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored

successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main

\\Search Page => Value was restored successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main

\\Search Bar => value deleted successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main

\\BrowserMngr Start Page => value deleted successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer\Main

\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-

8211-c1d4caaccea3} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}" => Key deleted

successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-

E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-

5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-

bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-

A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-

b79c-185a7020515b}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-

CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\\BrowserMngrDefaultScope => value deleted successfully.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{602F5D75-8B65-4BD3-B2AA-A9375593AF9D}" => Key deleted successfully.
HKCR\CLSID\{602F5D75-8B65-4BD3-B2AA-A9375593AF9D} => Key not found.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{B13D1B4F-05EA-436E-9EE8-CF5E9E396663}" => Key deleted successfully.
HKCR\CLSID\{B13D1B4F-05EA-436E-9EE8-CF5E9E396663} => Key not found.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{C62AED4B-A13B-414F-8ACD-ECCA1C386F85}" => Key deleted successfully.
HKCR\CLSID\{C62AED4B-A13B-414F-8ACD-ECCA1C386F85} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-

5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}

=> value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}

=> value deleted successfully.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{5e5ab302-7f65-44cd-8211-

c1d4caaccea3} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-

0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted

successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-

D17F00898D06} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-

DC866BE87DBC} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Toolbar\WebBrowser\\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} => value deleted successfully.
HKCR\CLSID\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} => Key not found.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Internet Explorer

\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => value deleted successfully.
HKCR\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=17.0.15.10" => Key

deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@realnetworks.com/npdlplugin;version=1" => Key

deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@UtilityChest_49.com/Plugin" => Key deleted

successfully.
C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-

1348552600720\searchplugins\delta.xml => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com => Moved

successfully.
C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions

\nmmhkkegccagdldgiimedpiccmgmieda => Moved successfully.
"HKU\S-1-5-21-261593359-1049202612-806197226-1000\SOFTWARE\Google\Chrome\Extensions

\mhfdcmehmjcclgopdodkjdicohagipid" => Key deleted successfully.
C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" =>

Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpihmmhdcobmllpcnpfbhnipmhamldje" =>

Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid" =>

Key deleted successfully.
"C:\Users\mike\AppData\Local\CRE\mhfdcmehmjcclgopdodkjdicohagipid.crx" => File/Directory

not found.

"C:\Users\mike\AppData\Roaming\????" directory move:

Could not move "C:\Users\mike\AppData\Roaming\????" directory. => Scheduled to move on

reboot.

C:\Windows\System32\Tasks\avayvxvaxc => Moved successfully.
C:\Users\mike\AppData\Local\avayvxvaxc => Moved successfully.
C:\Windows\Tasks\Binkiland.job => Moved successfully.
C:\ProgramData\qjaxlkio.dss => Moved successfully.
C:\Users\mike\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\mike\random.dat => Moved successfully.
C:\Users\mike\AppData\Local\Temp\update.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1540EA80-0707

-4336-B582-729FDFFE7737}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1540EA80-0707

-4336-B582-729FDFFE7737}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\RealPlayerRealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000" => Key

deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54F1F839-

436F-4EA1-B995-CCBCA093925B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54F1F839-

436F-4EA1-B995-CCBCA093925B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency

Update" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56EEC5C2-66A5

-4EB6-AC3E-311F8FF6E0C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56EEC5C2-66A5

-4EB6-AC3E-311F8FF6E0C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware

Antivirus Scheduled Scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{597DEF45-

020B-4A0D-A69B-17111CAB7DCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{597DEF45-

020B-4A0D-A69B-17111CAB7DCA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\OptimizerPro1UpdaterTask{B5F963C6-E826-4059-AA8B-F7B000C1931B}" => Key deleted

successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5A387197-

D32C-4B10-8A47-18D5B5710FED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5A387197-

D32C-4B10-8A47-18D5B5710FED}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\WxDFastUpdaterTask{10EA724F-18E2-4177-B2BE-762A02EB7974}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71876345-

248E-497D-A1B2-E57A2D0DB5A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71876345-

248E-497D-A1B2-E57A2D0DB5A6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ad-Aware Update

(Weekly)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77DB9F81-5170

-4B52-BAC5-76B62A9F5A99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77DB9F81-5170

-4B52-BAC5-76B62A9F5A99}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\RealDownloaderDownloaderScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000" => Key

deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{879DD970-57B2

-4CFF-8FC7-F4DFBD3E8C9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{879DD970-57B2

-4CFF-8FC7-F4DFBD3E8C9F}" => Key deleted successfully.
C:\Windows\System32\Tasks\Binkiland => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland" =>

Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9264F0FE-3337

-4B0F-AAF6-5876394FA5D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9264F0FE-3337

-4B0F-AAF6-5876394FA5D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\avayvxvaxc not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avayvxvaxc" =>

Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{944B8326-

B34A-435E-80AD-2737C9A39685}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{944B8326-

B34A-435E-80AD-2737C9A39685}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\RealUpgradeScheduledTaskS-1-5-21-261593359-1049202612-806197226-1000" => Key deleted

successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2BFAA96-

F6ED-4DBE-9940-11EF2BC5E371}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2BFAA96-

F6ED-4DBE-9940-11EF2BC5E371}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\WinZipDriverUpdaterRunAtStartup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8575E65-

76FE-40C0-B54B-6B2CF7E053CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8575E65-

76FE-40C0-B54B-6B2CF7E053CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

\GoforFilesUpdate" => Key deleted successfully.
C:\Windows\Tasks\Binkiland.job not found.
C:\ProgramData\Temp => ":373E1720" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= C:\ComboFix.txt =========

'C:\ComboFix.txt' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========

EmptyTemp: => Removed 592.7 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-12 10:46:45)<=

"C:\Users\mike\AppData\Roaming\????" => Directory could not move.

==== End of Fixlog 10:46:46 ====

===
===

AdwCleaner[S0].txt contents:

# AdwCleaner v4.112 - Logfile created 12/03/2015 at 11:15:42
# Updated 09/03/2015 by Xplode
# Database : 2015-03-05.1 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : mike - MIKE
# Running from : C:\Users\mike\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****

Service Deleted : SPPD

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ICQ6Toolbar
Folder Deleted : C:\Program Files (x86)\sweetpacks bundle uninstaller
Folder Deleted : C:\Program Files (x86)\xfirexo
Folder Deleted : C:\Program Files (x86)\WSE_Binkiland
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\arathornv\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\mike\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\mike\AppData\Local\Conduit
Folder Deleted : C:\Users\mike\AppData\Local\PackageAware
Folder Deleted : C:\Users\mike\AppData\Local\TNT2
Folder Deleted : C:\Users\mike\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\mike\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\mike\AppData\LocalLow\xfirexo
Folder Deleted : C:\Users\mike\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\1t1n6t9q.default

\Extensions\{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3}
Folder Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-

1348552600720\Extensions\isreaditlater@ideashower.com
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-

1348552600720\bprotector_extensions.sqlite
File Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\1t1n6t9q.default

\user.js
File Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\svwhgcrn.default-

1348552600720\user.js
File Deleted : C:\Users\arathornv\AppData\Roaming\Mozilla\Firefox\Profiles

\ofmw861d.default\searchplugins\Binkiland.xml
File Deleted : C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\1t1n6t9q.default

\searchplugins\Binkiland.xml

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aacbndibbcpajfgnkdkaakeiojmmgmnk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKCU\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node

\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\Classes\MF
Key Deleted : HKCU\Software\82d78ab53dbf47
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2304157
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{103E3C9A-E8AE-4B19-A339-01FE9439763E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{24486CE9-7BC2-4516-B743-39FFDD4F861B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{326C4F48-FE3B-4E54-9118-9B6C3B6C9B1E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{39D884BB-2881-4F3A-B9B9-2D3AF4C2C191}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{59E5BDB9-126F-4575-901E-D32132A19B94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5CF866F0-10A3-4ED4-9BE3-668F2F148E2F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CE1482C8-E8FD-4277-9A4F-094D712F6B60}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEFDBFA7-0F18-4216-8F90-6B6F71D6AB83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F12BA68C-976E-4567-BA3B-629DFCEBC5FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F66F6A81-E727-4774-B461-8A5CB7F7DE07}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98

-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-

4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3

-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E5AB302-7F65-

44CD-8211-C1D4CAACCEA3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-

4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-

49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-

484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5E5AB302-7F65-

44CD-8211-C1D4CAACCEA3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25151605-

D156-49DD-A659-20E69C1EE15F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{268CA04C-

106C-4636-B707-95E8CD5859E0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{698E7AA1-

A28E-4064-A9AB-822171AF4EF4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C428C4B-

C9E2-4B74-B791-88C3FEE48F36}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9F19923D-

2A4C-45EF-A026-AE7DEE5D022C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F67A3AA8-

88EE-4A3A-863A-B13A19F8696C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy

\{878A5A0A-DC0A-4C37-BBE2-18C30E50F449}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\GoforFiles
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\TNT2
Key Deleted : HKCU\Software\WSE_Binkiland
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\lyricspal
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKLM\SOFTWARE\BrowserMngr
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\GoforFiles
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\UtilityChest_49
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\dll-files.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XfireXO Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576

-887D-CB62727F01CA}
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-

5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-

5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings

[ProxyOverride] - <local>;*.local

***** [ Web browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v36.0.1 (x86 en-US)

[ofmw861d.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine",

"Ask.com");
[ofmw861d.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename",

"Ask.com");
[ofmw861d.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1",

"Ask.com");
[ofmw861d.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine",

"Binkiland");
[ofmw861d.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage",

"hxxp://binkiland.com/?

f=1&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1

L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1[...]
[ofmw861d.default\prefs.js] - Line Deleted : user_pref("extensions.asktb.ff-original-

keyword-url", "");
[1t1n6t9q.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage",

"hxxp://binkiland.com/?

f=1&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1

L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1[...]
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("browser.search.hiddenOneOffs", "Binkiland,Wikipedia (en),Trovi search,DuckDuckGo,Trovi");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.crossrider.bic", "13f314f0f0d2561aa077beeed44da60c");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.admin", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.aflt", "babsst");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.autoRvrt", "false");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.dfltLng", "en");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.excTlbr", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref("extensions.delta.id",

"c49c11c6000000000000c89cdc2923d8");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.instlDay", "15790");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.instlRef", "sst");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.newTab", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.prdct", "delta");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.prtnrId", "delta");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.rvrt", "false");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.smplGrp", "none");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.tlbrId", "base");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.tlbrSrchUrl", "");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.vrsn", "1.8.10.0");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.vrsnTs", "1.8.10.02:38:27");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.delta.vrsni", "1.8.10.0");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.Country", "Canada");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.DockingPositionDown", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.SmartbarDisabled", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.SmartbarStateMinimaized", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.UserID", "03f16be3-2c60-486c-ac61-fd5cff92f620");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.helperbar.Visibility", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.homepage",

"hxxp://home.mywebsearch.com/index.jhtml?ptb=E015F68F-4379-4E8F-A716-

227C01D28F94&n=77fc47a5&p2=^ZO^xdm005^YY^ca&si=CI-s1Ji0yLUCFQZV4Aodr[...]
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.initialized", true);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013022117");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm005^YY^ca");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "CI-

s1Ji0yLUCFQZV4AodrkEAYA");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.success", true);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "E015F68F-4379-4E8F-

A716-227C01D28F94");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.lastActivePing", "1364274090118");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.searchHistory", "");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark._49Members_.weather.location", "H1A+H");
[svwhgcrn.default-1348552600720\prefs.js] - Line Deleted : user_pref

("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");

-\\ Google Chrome v40.0.2214.115

[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}

&SearchSource=49&ctid=CT2790392
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.babylon.com/?q={searchTerms}

&affID=112465&tt=120912_cpc_3912_5&babsrc=SP_ss&mntrId=c49c11c6000000000000c89cdc2923d8
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.babylon.com/?q={searchTerms}

&affID=112465&tt=120912_cpc_3912_5&babsrc=SP_ss&mntrId=c49c11c6000000000000c89cdc2923d8
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://www1.delta-search.com/?q={searchTerms}

&babsrc=SP_ss&mntrId=C49CC89CDC2923D8&affID=121151&tt=070813_wc2&tsp=4973
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}

&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1L2X

zutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCzytAtBzy0ByCtGyEyCtA0Ct

GtD0Azy0AtGtCzz0EyEtGtDyE0DtAzy0DyE0DtCyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0D0FtAyBtA0BtGyE

0F0DyDtGyEtAtCyDtGzytCtA0DtG0ByB0Czz0EzztC0AyEzytAyE2Q&cr=224970857&ir=

-\\ Chromium v

[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}

&SearchSource=49&ctid=CT2790392
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.babylon.com/?q={searchTerms}

&affID=112465&tt=120912_cpc_3912_5&babsrc=SP_ss&mntrId=c49c11c6000000000000c89cdc2923d8
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://search.babylon.com/?q={searchTerms}

&affID=112465&tt=120912_cpc_3912_5&babsrc=SP_ss&mntrId=c49c11c6000000000000c89cdc2923d8
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://www1.delta-search.com/?q={searchTerms}

&babsrc=SP_ss&mntrId=C49CC89CDC2923D8&affID=121151&tt=070813_wc2&tsp=4973
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search

Provider] : hxxp://binkiland.com/results.php?f=4&q={searchTerms}

&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0Czzzy0C0D0CtBzytBtA0DzztCtC0CyCtN0D0Tzu0StCtCtAtAtN1L2X

zutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyBtCzytAtBzy0ByCtGyEyCtA0Ct

GtD0Azy0AtGtCzz0EyEtGtDyE0DtAzy0DyE0DtCyByDtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FtB0D0FtAyBtA0BtGyE

0F0DyDtGyEtAtCyDtGzytCtA0DtG0ByB0Czz0EzztC0AyEzytAyE2Q&cr=224970857&ir=

*************************

AdwCleaner[R0].txt - [18962 bytes] - [12/03/2015 11:06:39]
AdwCleaner[S0].txt - [19917 bytes] - [12/03/2015 11:15:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19977 bytes] ##########

Juliet

2015-03-12, 20:56

The links you posted for Virus total are blank

When you scanned the file did it show any infections?

Were you able to locate and delete
Using Windows Explorer navigate to and if found please delete
C:\Users\mike\AppData\Roaming\麽鎒駓覜
It might also look like
C:\Users\mike\AppData\Roaming\????

Please open Notepad, at the top of the page click on Format, please ensure wordwrap is not checked.

Tell me what is your computer doing now?

~~~~~~~~~~~~~~~~~~

Since you already have Malwarebytes onboard let's do a scan.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

********************************************

mikenowo

2015-03-12, 22:25

The links you posted for Virus total are blank

When you scanned the file did it show any infections?

Were you able to locate and delete
Using Windows Explorer navigate to and if found please delete
C:\Users\mike\AppData\Roaming\麽鎒駓覜
It might also look like
C:\Users\mike\AppData\Roaming\????

Please open Notepad, at the top of the page click on Format, please ensure wordwrap is not checked.

Tell me what is your computer doing now?

~~~~~~~~~~~~~~~~~~

Since you already have Malwarebytes onboard let's do a scan.

********************************************

1-Strange the pages were blank there was definitely data there... and no neither file found any infections from the VirusTotal scans.

2-Yes I could find and delete the C:\Users\mike\AppData\Roaming\麽鎒駓覜 file
That is significant because when I was browsing I would see the '麽鎒駓覜' characters appear over the tab's names in Firefox now and then.. also a reason I figured there was a virus.

3-Ok I checked notepad and wordwrap WAS checked. I unchecked it, is there something you want me to resend since it was checked?

4- I'll have to re-post what the computer is doing because when I run these tests you've sent I'm in safemode. I'll boot into regular mode and re-post what I see.

Juliet

2015-03-12, 22:55

Since you already have Malwarebytes onboard let's do a scan.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

Please run the above scan in normal mode if you can.

When word wrap in unchecked it makes it easier to read the logs :)

mikenowo

2015-03-12, 23:24

Hmm I ran malwarebytes and it said it found and quarantined 7 items but when I went to the scan log it was empty. Seems like they were deleted as well. I'll rerun the scan and see what it says this time.

mikenowo

2015-03-13, 00:12

Juliet

2015-03-13, 01:22

Eureka!! The iexplore replications are gone from task manager now. I seem to be able to open my browser and surf fine now as well! And a game I couldn't login to before logs in fine now too :laugh:

Looks like everything you suggested got rid of the virus, but I'll wait for your final verdict before signing off. Thanks for the detailed help all ;)

Good deal

Open MBAM, click on the History tab, then the quarantine tab...see anything listed there?

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

mikenowo

2015-03-13, 18:00

Ok here are the results from Eset... took almost 14 hours to run =O
(sure found alot, seems this stuff is mostly bundled with other programs and you can't even uncheck them at install <sigh>):

===
===

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfirexo\ldrtbXfir.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfirexo\prxtbXfir.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfirexo\tbXfir.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\xfirexo\XfireXOToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\Bundled software uninstaller\bi_client.exe.vir Win32/Somoto.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\Conduit\BackgroundContainer\TBUpdaterLogic_1.0.0.1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\Conduit\CT2304157\XfireXOAutoUpdateHelper.exe.vir a variant of Win32/Conduit.SearchProtect.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\Autorun.inf.vir Win32/Toolbar.TNT2.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\GameConsole.exe.vir a variant of Win32/Toolbar.TNT2.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\IEToolbar.dll.vir a variant of Win32/Toolbar.TNT2.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\IEToolbar64.dll.vir a variant of Win32/Toolbar.TNT2.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll.vir a variant of Win32/Toolbar.TNT2.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\npTNT2Ghost.dll.vir a variant of Win32/Toolbar.TNT2.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\passport.dll.vir a variant of Win32/Toolbar.TNT2.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\passport64.dll.vir a variant of Win32/Toolbar.TNT2.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\TNT2User.exe.vir a variant of Win32/Toolbar.TNT2.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\Local\TNT2\2.0.0.1702\TNT2UserPS64.dll.vir a variant of Win32/Toolbar.TNT2.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\hk64tbXfi0.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\hk64tbXfi2.dll.vir Win64/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\hktbXfi0.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\hktbXfi2.dll.vir Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\ldrtbXfi0.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\ldrtbXfi2.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\ldrtbXfir.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\tbXfi0.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\tbXfi1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\tbXfi2.dll.vir a variant of Win32/Toolbar.Conduit.X potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\tbXfir.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\mike\AppData\LocalLow\xfirexo\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.8\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A potentially unwanted application
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application
C:\Program Files (x86)\SIW\siw.exe a variant of Win32/RemoteAdmin.RemoteExec.AA potentially unsafe application
C:\Program Files (x86)\WinZip Driver Updater\Network.dll a variant of Win32/Systweak.M potentially unwanted application
C:\Program Files (x86)\WinZip Driver Updater\winzipduhelper.dll a variant of Win32/Systweak.N potentially unwanted application
C:\ProgramData\InstallMate\{A6D7867A-26BF-5675-608C-2282A2FB7707}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll a variant of Win64/Sathurbot.A trojan
C:\ProgramData\Microsoft\Security\Client\temp\tmp586A.exe Win32/Simda.B trojan
C:\ProgramData\Microsoft\Security\Client\temp\tmpABC3.exe Win32/Simda.B trojan
C:\Users\All Users\InstallMate\{A6D7867A-26BF-5675-608C-2282A2FB7707}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\Microsoft\Security\Client\SecurityHelper.dll a variant of Win64/Sathurbot.A trojan
C:\Users\All Users\Microsoft\Security\Client\temp\tmp586A.exe Win32/Simda.B trojan
C:\Users\All Users\Microsoft\Security\Client\temp\tmpABC3.exe Win32/Simda.B trojan
C:\Users\mike\AppData\Local\dsisetup949181842.exe Win32/Adware.DsiLoad.A application
C:\Users\mike\AppData\Local\Ehxtion\QuickLibs80.dll a variant of Win32/Boaxxe.CM trojan
C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll a variant of Win32/Boaxxe.CQ trojan
C:\Users\mike\AppData\Local\PCTuner1\PCTuner1.exe a variant of MSIL/RegProCleaner.A potentially unwanted application
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\Installer\MSI3BF2.tmp a variant of Win32/Toolbar.Visicom.A potentially unwanted application
D:\backup\z-Other-not often\Downloads\Acer PC install stuff\xfire_installer_44598.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application
Operating memory a variant of Win32/Boaxxe.CQ trojan

Juliet

2015-03-13, 19:19

You can install Unchecky (http://unchecky.com/) to make sure that the check boxes will remain clean when you install new software.
Beware the product is in beta stage.

~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CloseProcesses:
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Acer Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
C:\Program Files (x86)\SIW\siw.exe
C:\Program Files (x86)\WinZip Driver Updater\Network.dll
C:\Program Files (x86)\WinZip Driver Updater\winzipduhelper.dll
C:\ProgramData\InstallMate\{A6D7867A-26BF-5675-608C-2282A2FB7707}\_Setupx.dll
C:\ProgramData\Microsoft\Security\Client\SecurityHelper.dll
C:\ProgramData\Microsoft\Security\Client\temp\tmp586A.exe
C:\ProgramData\Microsoft\Security\Client\temp\tmpABC3.exe
C:\Users\All Users\Microsoft\Security\Client\temp\tmp586A.exe
C:\Users\All Users\Microsoft\Security\Client\temp\tmpABC3.exe
C:\Users\All Users\InstallMate\{A6D7867A-26BF-5675-608C-2282A2FB7707}\_Setupx.dll
C:\Users\All Users\Microsoft\Security\Client\SecurityHelper.dll
C:\Users\mike\AppData\Local\dsisetup949181842.exe
C:\Users\mike\AppData\Local\Ehxtion\QuickLibs80.dll
C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
C:\Users\mike\AppData\Local\PCTuner1\PCTuner1.exe
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Windows\Installer\MSI3BF2.tmp
D:\backup\z-Other-not often\Downloads\Acer PC install stuff\xfire_installer_44598.exe
EmptyTemp:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

After running the above script tell me how the computer is now.

mikenowo

2015-03-13, 21:05

Ok I ran FRST64.exe with the Fixlist.txt data that you sent. It had to reboot, everything seems to be working fine, BUT I got this message in a window (see attachment).

Any ideas why?
12144

mikenowo

2015-03-13, 21:14

I also just noticed that this dang file is BACK:

C:\Users\mike\AppData\Roaming\麽鎒駓覜

Any suggestions as to where it is coming from? I can see superimposed glyphs over my tabs again:

12146

mikenowo

2015-03-13, 21:24

Also I notice that the file mentioned in that error is different now in that "C:\Users\mike\AppData\Local\Ibbhsoft" directory. It's now named 'DRMApiDyn64.3'. Thus the error I imagine. WHAT is Ibbhsoft anyway, I never installed anything from a manufacturer with that name?

mikenowo

2015-03-13, 21:32

I've also been getting alot of these popups from the Malwarebytes software:

12147

Could my Firefox browser be being hijacked by this 'bestwaytosearch.com' ?

Juliet

2015-03-13, 23:41

Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Backup Internet Explorer Favourites (http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Backup Firefox Bookmarks (https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer)

Proceed with the reset once done.

http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
http://2-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xQlf57ne.png.pagespeed.ic.SnwgqhVB9v.jpg Firefox: Reset Firefox (https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems)

~~~~~~~~

Please download the attached fixlist.txt save it to Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~

Please download RogueKiller and save it to your desktop.

You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.

Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

mikenowo

2015-03-14, 10:26

Well, running RogueKiller now.. pity, was always a rogue myself ;-p.. in any event that C:\Users\mike\AppData\Local\Ibbhsoft message no longer comes up BUT that directory is still there. You never mentioned what that Ibbhsoft might be or why it's on my system? Should I delete the directory now too? Any idea what it is and where it came from?

mikenowo

2015-03-14, 10:59

Roque results:

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mike [Administrator]
Started from : C:\Users\mike\Downloads\RogueKiller.exe
Mode : Scan -- Date : 03/14/2015 05:33:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] EasyShare Registration RunOnce Task.job -- C:\Windows\system32\rundll32.exe (C:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOfferSilence@16) -> Found
[Suspicious.Path] EasyShare Registration Task.job -- C:\Windows\system32\rundll32.exe (C:\PROGRA~3\Kodak\EASYSH~2\$REGIS~1\Registration_8.3.30.1.sxt _RegistrationOffer@16) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADX-22TDHB0 ATA Device +++++
--- User ---
[MBR] 827b71a3dcd7830cf3758f133a5db68a
[BSP] d791f61362482ad634cec41db0842f07 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Juliet

2015-03-14, 13:05

IBBHSOFT doesn't have a product name yet and it is developed by unknown

%USERPROFILE%\AppData\Local\Oxnmics <--might be associated and which I did not find on your machine.

C:\Users\mike\AppData\Local\Ibbhsoft
Go on and delete this folder and let it stay in the recycle bin for a few days to see if something throws up an error. My thinking is, if it does it might show a path as to where it came from.
Then of course if nothing appears then permanently delete it out.

~~~~~

Quit all programs that you may have started.
Please disconnect any USB or external drives from the computer before you run this scan!

Run RogueKiller again and click Scan, Wait until the Status box shows "Scan Finished"
When the scan completes place a check by these entries

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider | (default) : {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\aswVmm (\??\C:\Users\mike\AppData\Local\Temp\aswVmm.sys) -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found

(The other entries are harmless)

click on "delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and copy/paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop
Exit/Close RogueKiller

Juliet

2015-03-14, 13:16

Also, did you download and run the fixlist I create in post #16?

Can you post that?

mikenowo

2015-03-14, 15:54

Hmm I thought I already posted those results but here they are again:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by mike at 2015-03-14 04:39:54 Run:3
Running from C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix
Loaded Profiles: mike (Available profiles: mike & arathornv)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Acxworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
C:\Users\mike\AppData\Roaming\麽鎒駓覜
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acxworks => value deleted successfully.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 58.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 04:40:15 ====

mikenowo

2015-03-14, 15:55

Here's the last rogue-results:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by mike at 2015-03-14 04:39:54 Run:3
Running from C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix
Loaded Profiles: mike (Available profiles: mike & arathornv)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKU\S-1-5-21-261593359-1049202612-806197226-1000\...\Run: [Acxworks] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\mike\AppData\Local\Ibbhsoft\DRMApiDyn64.dll
2015-03-11 08:16 - 2015-03-11 08:16 - 00000480 ____H () C:\Users\mike\AppData\Roaming\麽鎒駓覜
C:\Users\mike\AppData\Roaming\麽鎒駓覜
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-261593359-1049202612-806197226-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Acxworks => value deleted successfully.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
"C:\Users\mike\AppData\Roaming\麽鎒駓覜" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 58.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 04:40:15 ====

Juliet

2015-03-14, 17:38

OK
You've searched the computer and this is not found?
C:\Users\mike\AppData\Roaming\麽鎒駓覜"

Also, the last log you posted was the same fixlist and not the one for RogueKiller?

mikenowo

2015-03-14, 23:24

That's the last R post:

RogueKiller V10.5.4.0 [Mar 12 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : mike [Administrator]
Started from : C:\Users\mike\Downloads\Malware scanner tools\Trojan virus fix\RogueKiller.exe
Mode : Scan -- Date : 03/14/2015 18:15:34

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD10EADX-22TDHB0 ATA Device +++++
--- User ---
[MBR] 827b71a3dcd7830cf3758f133a5db68a
[BSP] d791f61362482ad634cec41db0842f07 : Windows Vista/7/8 MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

============================================
RKreport_DEL_03142015_104912.log - RKreport_SCN_03142015_053346.log - RKreport_SCN_03142015_104021.log

Juliet

2015-03-15, 02:55

Tell me what the computer is doing now.

mikenowo

2015-03-15, 09:42

Tell me what the computer is doing now.

purring like a kitten .. thanks for all your help ;-)

Juliet

2015-03-15, 13:17

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore

Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.

Juliet

2015-03-21, 18:27

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.