Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Bubble dock, wind, thebrowser, megabackup - I'm going insane

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Tue Nov 17, 2015 10:51 am    Post subject: Bubble dock, wind, thebrowser, megabackup - I'm going insane Reply with quote

I was surfing the internet & apparently accidentally clicked on something, I don't know what. Suddenly I was receiving all sorts of popups & messages about programs installing.......

I immediately disconnected from the internet & tried to uninstall what I could. I think I have most everything under control, but I can't get rid of MegaBackup. It's still showing in my Programs & Features, my Program Files, etc. Unable to delete or rename.

I've downloaded the latest Malwarebytes, it found 31 nasties.

I've restarted in Safe mode, but I can't seem to run my Avast scans, they don't start automatically & I receive errors that my firewall isn't on, my avast didn't start...

The other thing that really has me concerned - I removed what I could & then restarted my computer. The original HP screen appeared (what came with the computer) & a small window appeared in the top left; it acted like it was a brand new computer. Naturally I panicked!! (Yes, I do have a backup hard drive & Carbonite, so no lectures please. I'm just not feeling like having to reinstall everything at this point in time). Anyhow, I restarted in Safe mode & my screen looks like it's supposed to. I downloaded HijackThis & have posted my log below.

Any advice is gratefully appreciated!! Thanks in advance for your time. Smile

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1:35:51 PM, on 11/17/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17910)

FIREFOX: 42.0 (x86 en-US)
Boot mode: Safe mode

Running processes:
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
K:\Home\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (file missing)
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (file missing)
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [GoPro Studio Importer] C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe
O4 - HKLM\..\Run: [CoreChipTiManager] C:\Windows\diskediag.exe
O4 - HKCU\..\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
O4 - HKCU\..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Keli\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Clip bookmark - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Clip image - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=4
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=3
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\Clip.html?clipAction=1
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
O8 - Extra context menu item: New note - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92}: NameServer = 208.87.151.29,208.87.151.28
O17 - HKLM\System\CCS\Services\Tcpip\..\{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2}: NameServer = 208.87.151.29,208.87.151.28
O17 - HKLM\System\CCS\Services\Tcpip\..\{5F14A3FE-3EFC-453A-B61C-B837A2B1C3FE}: NameServer = 208.87.151.29,208.87.151.28
O17 - HKLM\System\CS1\Services\Tcpip\..\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92}: NameServer = 208.87.151.29,208.87.151.28
O17 - HKLM\System\CS2\Services\Tcpip\..\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92}: NameServer = 208.87.151.29,208.87.151.28
O18 - Protocol: intu-help-qb6 - {6898B29B-BF49-43CB-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: DokanMb Service (DokanMbMounter) - Unknown owner - C:\Program Files\MegaBackup Corp\MegaBackup\DokanMb\mounter.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Neat Startup Service - The Neat Company - C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
O23 - Service: NETGEARGenieDaemon - NETGEAR - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QBIDPService (QBVSS) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18209 bytes
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 Apr 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Nov 18, 2015 2:19 am    Post subject: Reply with quote

Hi and welcome to Spyware Warrior Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Note: If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.
Quote:
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start



Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.


Next.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Wed Nov 18, 2015 9:02 am    Post subject: Update & logs Reply with quote

HI Cypher,

I must admit I did try a few other things before I received your reply. I used my Malwarebytes & Glary Utilities programs. I had to run & restart a few times, but it looked (to me) like everything was removed.

However, I do not have much experience in this, & will defer to you for guidance. Smile

I'm attaching my logs per your request:

# AdwCleaner v5.021 - Logfile created 18/11/2015 at 11:34:50
# Updated 14/11/2015 by Xplode
# Database : 2015-11-17.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Keli - KELIHOME-PC
# Running from : C:\Users\Keli\Desktop\adwcleaner_5.021.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[x] Folder Not Deleted : C:\Program Files (x86)\Innovative Solutions
[x] Folder Not Deleted : C:\Program Files (x86)\Common Files\Innovative Solutions
[x] Folder Not Deleted : C:\ProgramData\Innovative Solutions
[x] Folder Not Deleted : C:\Users\Keli\AppData\Local\Innovative Solutions
[-] Folder Deleted : C:\Users\Keli\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\Keli\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Keli\Documents\Updater

***** [ Files ] *****

[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{79F768ED-0B12-42EF-8257-36751A0ECF3A}]
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKLM\SOFTWARE\Tutorials
[-] Key Deleted : HKLM\SOFTWARE\SmartDNS
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsIo
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{39A15FDA-FADB-4BED-B094-0B4904B0B54B}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39A15FDA-FADB-4BED-B094-0B4904B0B54B}
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5F14A3FE-3EFC-453A-B61C-B837A2B1C3FE} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5F14A3FE-3EFC-453A-B61C-B837A2B1C3FE} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2} [NameServer]
[-] Data Restored : HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5F14A3FE-3EFC-453A-B61C-B837A2B1C3FE} [NameServer]

***** [ Web browsers ] *****

[-] [C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3261 bytes] ##########
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Wed Nov 18, 2015 9:03 am    Post subject: Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-11-2015
Ran by Keli (administrator) on KELIHOME-PC (18-11-2015 11:55:16)
Running from C:\Users\Keli\Desktop
Loaded Profiles: Keli (Available Profiles: Keli)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Keli\AppData\Local\TheBrowser\Application\TheBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(GP Systems Integration) C:\Windows\diskediag.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(GP Systems Integration) C:\Windows\utimcache.exe
(GP Systems Integration) C:\Windows\sysnadr64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-09-14] ()
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-09-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2010-03-08] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-11] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.)
HKLM-x32\...\Run: [CoreChipTiManager] => C:\Windows\diskediag.exe
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Run: [HPADVISOR] => C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1685048 2009-09-29] (Hewlett-Packard)
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2015-11-09] (Glarysoft Ltd)
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-10-28] (Siber Systems)
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [603392 2015-08-26] (NETGEAR Inc.)
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {070d8a2b-f2fb-11e3-a5e2-18a905c0efe1} - "K:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {36ef201d-7583-11e4-8110-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {9d5d4bdb-5f8c-11e4-93f4-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-09] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
Startup: C:\Users\Keli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2015-11-18]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
BootExecute: autocheck autochk * BootDefrag.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4CC51FE1-F4D9-4D83-97E3-1ADA66BAAF92}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK/1
SearchScopes: HKLM -> DefaultScope {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {39A15FDA-FADB-4BED-B094-0B4904B0B54B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM -> {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> DefaultScope {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> {E551BB3E-EDC4-431C-A7D6-BC979D3286C1} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-09] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll => No File
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-05-09] (Avast Software s.r.o.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll => No File
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AcroIEToolbarHelper Class -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-10-28] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-10-28] (Siber Systems Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Keli\AppData\Roaming\Mozilla\Firefox\Profiles\ncc1kusr.default-1446817970491
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-14] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-172187430-2598185790-3716903638-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Keli\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-07-18] (Citrix Online)
FF Plugin HKU\S-1-5-21-172187430-2598185790-3716903638-1001: @hulu.com/Hulu Desktop -> C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\npHDPlg.dll [2009-10-27] (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-05-09] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-28]
FF HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi
FF Extension: RoboForm Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2015-10-28]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.msn.com/"
CHR Profile: C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-01]
CHR Extension: (Google Drive) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-01]
CHR Extension: (YouTube) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-01]
CHR Extension: (Google Search) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-01]
CHR Extension: (Avast SafePrice) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-11-01]
CHR Extension: (Google Docs Offline) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-01]
CHR Extension: (Gmail) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-01]
CHR Extension: (RoboForm Password Manager) - C:\Users\Keli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2015-11-17]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-05-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-09]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-05-16]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2014-06-15] (Adobe Systems) [File not signed]
S4 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-11-14] (Two Pilots) [File not signed]
R2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-09] (Avast Software s.r.o.)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [107448 2015-05-09] (Avast Software s.r.o.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-31] (Garmin Ltd or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S3 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [26624 2015-07-14] (The Neat Company) [File not signed]
S3 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2015-08-26] (NETGEAR)
S4 NMSAccess; C:\Windows\SysWOW64\NMSAccessU.exe [71096 2009-01-12] ()
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
S3 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2014-01-16] (Intuit Inc.) [File not signed]
S3 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-01-16] (Intuit Inc.) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-09] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-05-09] (Avast Software s.r.o.)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-09] (Avast Software s.r.o.)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449896 2015-05-09] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-09] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-09] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-09] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-09] ()
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-06-02] (Glarysoft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20160 2015-05-09] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2015-10-29] (CACE Technologies, Inc.)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-09-17] (CyberLink Corp.)
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 11:55 - 2015-11-18 11:55 - 00026094 _____ C:\Users\Keli\Desktop\FRST.txt
2015-11-18 11:52 - 2015-11-18 11:55 - 00000000 ____D C:\FRST
2015-11-18 11:51 - 2015-11-18 11:51 - 02008576 _____ (Farbar) C:\Users\Keli\Desktop\FRST64.exe
2015-11-18 11:30 - 2015-11-18 11:34 - 00000000 ____D C:\AdwCleaner
2015-11-18 11:29 - 2015-11-18 11:29 - 01732096 _____ C:\Users\Keli\Desktop\adwcleaner_5.021.exe
2015-11-18 11:27 - 2015-11-18 11:27 - 00000207 _____ C:\Windows\tweaking.com-regbackup-KELIHOME-PC-Windows-7-Home-Premium-(64-bit).dat
2015-11-18 11:27 - 2015-11-18 11:27 - 00000000 ____D C:\RegBackup
2015-11-18 11:26 - 2015-11-18 11:26 - 00002197 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-11-18 11:26 - 2015-11-18 11:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-18 11:26 - 2015-11-18 11:26 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-18 11:25 - 2015-11-18 11:25 - 04777232 _____ (Tweaking.com) C:\Users\Keli\Downloads\tweaking.com_registry_backup_setup.exe
2015-11-18 10:57 - 2015-11-18 11:36 - 00000112 _____ C:\Windows\setupact.log
2015-11-18 10:57 - 2015-11-18 10:57 - 00000358 _____ C:\Windows\PFRO.log
2015-11-18 10:57 - 2015-11-18 10:57 - 00000000 _____ C:\Windows\setuperr.log
2015-11-18 10:56 - 2015-11-18 10:56 - 00003288 ____N C:\bootsqm.dat
2015-11-18 10:55 - 2015-11-18 10:55 - 00000000 __SHD C:\found.000
2015-11-17 01:24 - 2015-11-17 01:24 - 00000000 ____D C:\Windows\pss
2015-11-17 00:34 - 2015-11-17 00:35 - 00000924 _____ C:\Windows\SysWOW64\${LOGFILE}
2015-11-17 00:17 - 2015-11-17 00:17 - 00000000 ____D C:\Users\Keli\AppData\Roaming\AdVPN
2015-11-17 00:10 - 2015-11-17 00:10 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-11-17 00:08 - 2015-11-17 00:08 - 00000000 ____D C:\ProgramData\MegaBackup Corp
2015-11-14 13:46 - 2015-11-14 13:46 - 07229440 _____ C:\Users\Keli\Desktop\Purple Frog Inc 2015 (Backup Nov 14,2015 01 45 PM).QBB
2015-11-08 16:49 - 2015-11-18 09:24 - 00002101 _____ C:\Users\Public\Desktop\Foxit Reader.lnk
2015-11-08 16:49 - 2015-11-08 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-11-06 23:12 - 2015-11-13 20:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-06 08:52 - 2015-11-06 08:52 - 00000000 ____D C:\Users\Keli\Desktop\Old Firefox Data
2015-11-01 23:53 - 2015-11-18 09:23 - 00002162 _____ C:\Users\Keli\Desktop\Google Chrome.lnk
2015-10-29 23:19 - 2015-11-18 09:24 - 00002006 _____ C:\Users\Public\Desktop\NETGEAR Genie.lnk
2015-10-26 08:28 - 2015-10-26 08:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-18 11:55 - 2014-05-13 08:04 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-18 11:49 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-18 11:49 - 2009-07-13 23:45 - 00018736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-18 11:44 - 2014-05-12 20:35 - 01647196 _____ C:\Windows\WindowsUpdate.log
2015-11-18 11:43 - 2014-05-14 20:02 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2015-11-18 11:37 - 2014-05-13 08:04 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-18 11:37 - 2010-01-09 19:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-11-18 11:36 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-18 11:17 - 2014-05-16 21:08 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-18 11:06 - 2014-05-16 20:40 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-18 11:06 - 2014-05-14 20:03 - 00003316 _____ C:\Windows\System32\Tasks\GlaryInitialize 5
2015-11-18 11:06 - 2014-05-14 20:03 - 00001054 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2015-11-18 11:06 - 2014-05-14 20:03 - 00001042 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2015-11-18 10:36 - 2014-05-16 20:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-18 09:29 - 2009-07-14 02:45 - 00000000 ____D C:\Windows\ShellNew
2015-11-18 09:24 - 2015-09-25 07:42 - 00001813 _____ C:\Users\Keli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-11-18 09:24 - 2015-08-22 05:00 - 00002074 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-11-18 09:24 - 2015-07-10 20:21 - 00000804 _____ C:\Users\Public\Desktop\GoPro Studio.lnk
2015-11-18 09:24 - 2015-06-16 23:51 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-18 09:24 - 2015-06-16 23:51 - 00002003 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-18 09:24 - 2015-06-16 06:23 - 00001709 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-18 09:24 - 2015-06-16 06:17 - 00000921 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-11-18 09:24 - 2015-06-16 06:17 - 00000915 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-11-18 09:24 - 2015-06-03 15:40 - 00002106 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-11-18 09:24 - 2015-05-09 19:51 - 00001952 _____ C:\Users\Public\Desktop\Avast SafeZone.lnk
2015-11-18 09:24 - 2015-05-09 19:51 - 00001922 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2015-11-18 09:24 - 2015-02-09 15:02 - 00002067 _____ C:\Users\Public\Desktop\QuickBooks Pro 2013.lnk
2015-11-18 09:24 - 2015-02-01 11:11 - 00002095 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2015-11-18 09:24 - 2015-01-10 14:44 - 00001766 _____ C:\Users\Public\Desktop\Quicken Premier 2015.lnk
2015-11-18 09:24 - 2014-12-26 00:24 - 00002132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.0.lnk
2015-11-18 09:24 - 2014-11-26 23:37 - 00001060 _____ C:\Users\Public\Desktop\GIMP 2.lnk
2015-11-18 09:24 - 2014-11-26 23:37 - 00000888 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-11-18 09:24 - 2014-11-15 11:40 - 00000999 _____ C:\Users\Public\Desktop\MediaMonkey.lnk
2015-11-18 09:24 - 2014-11-08 23:12 - 00002050 _____ C:\Users\Public\Desktop\PDFill PDF Editor.lnk
2015-11-18 09:24 - 2014-11-08 23:12 - 00001048 _____ C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
2015-11-18 09:24 - 2014-10-31 13:08 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-18 09:24 - 2014-06-15 12:34 - 00002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
2015-11-18 09:24 - 2014-06-15 12:34 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk
2015-11-18 09:24 - 2014-06-15 12:34 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
2015-11-18 09:24 - 2014-06-15 12:34 - 00001975 _____ C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
2015-11-18 09:24 - 2014-06-15 12:27 - 00002542 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS2.lnk
2015-11-18 09:24 - 2014-06-15 12:22 - 00002035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
2015-11-18 09:24 - 2014-06-15 12:22 - 00002017 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
2015-11-18 09:24 - 2014-06-15 12:22 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
2015-11-18 09:24 - 2014-06-15 12:22 - 00001992 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
2015-11-18 09:24 - 2014-06-08 09:44 - 00001812 _____ C:\Users\Public\Desktop\Neat.lnk
2015-11-18 09:24 - 2014-06-04 21:43 - 00001326 _____ C:\Users\Public\Desktop\Office Tab Center.lnk
2015-11-18 09:24 - 2014-05-18 21:39 - 00002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-11-18 09:24 - 2014-05-18 21:39 - 00002076 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-11-18 09:24 - 2014-05-18 20:49 - 00000975 _____ C:\Users\Public\Desktop\Fotosizer.lnk
2015-11-18 09:24 - 2014-05-18 20:38 - 00002045 _____ C:\Users\Public\Desktop\ViewNX 2.lnk
2015-11-18 09:24 - 2014-05-18 20:34 - 00001974 _____ C:\Users\Public\Desktop\Nikon Transfer.lnk
2015-11-18 09:24 - 2014-05-18 20:04 - 00002010 _____ C:\Users\Public\Desktop\Panorama Maker 5.lnk
2015-11-18 09:24 - 2014-05-18 10:47 - 00002012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR Genie.lnk
2015-11-18 09:24 - 2014-05-16 20:51 - 00001109 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-18 09:24 - 2014-05-16 20:40 - 00001058 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-18 09:24 - 2014-05-13 09:44 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2015-11-18 09:24 - 2014-05-13 09:43 - 00002476 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-11-18 09:24 - 2014-05-13 09:43 - 00001448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-11-18 09:24 - 2014-05-13 09:43 - 00001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2015-11-18 09:24 - 2014-05-12 17:11 - 00001391 _____ C:\Users\Keli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-18 09:24 - 2014-05-12 17:05 - 00002092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Software Store.lnk
2015-11-18 09:24 - 2014-05-12 17:05 - 00002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
2015-11-18 09:24 - 2014-05-12 17:04 - 00001912 _____ C:\Users\Keli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hulu Desktop.lnk
2015-11-18 09:24 - 2010-01-09 19:41 - 00002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2015-11-18 09:24 - 2010-01-09 19:24 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-11-18 09:24 - 2010-01-09 19:24 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-11-18 09:24 - 2009-07-13 23:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-18 09:24 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-11-18 09:24 - 2009-07-13 23:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-11-18 09:24 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-11-18 09:24 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-11-18 09:23 - 2015-09-25 07:42 - 00001807 _____ C:\Users\Keli\Desktop\Spotify.lnk
2015-11-18 09:23 - 2015-07-19 19:07 - 00001941 _____ C:\Users\Keli\Desktop\PaperPort.lnk
2015-11-18 09:23 - 2015-07-13 10:19 - 00001171 _____ C:\Users\Keli\Desktop\My PaperPort Documents - Shortcut.lnk
2015-11-18 09:23 - 2015-06-03 13:46 - 00001510 _____ C:\Users\Keli\Desktop\Scan - Shortcut.lnk
2015-11-18 09:23 - 2015-01-03 18:57 - 00000932 _____ C:\Users\Keli\Desktop\Evernote.lnk
2015-11-18 09:23 - 2014-12-21 10:36 - 00014364 _____ C:\Users\Keli\Desktop\Attach - Shortcut.lnk
2015-11-18 09:23 - 2014-11-08 23:12 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PDFill PDF Editor.lnk
2015-11-18 09:23 - 2014-09-14 17:00 - 00001171 _____ C:\Users\Keli\Desktop\SyncBackPro.lnk
2015-11-18 09:23 - 2014-05-18 10:12 - 00001868 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Software Updates.lnk
2015-11-18 09:23 - 2014-05-14 22:33 - 00002675 _____ C:\Users\Keli\Desktop\Microsoft Office Word 2007.lnk
2015-11-18 09:23 - 2014-05-14 22:33 - 00002637 _____ C:\Users\Keli\Desktop\Microsoft Office Excel 2007.lnk
2015-11-18 09:23 - 2014-05-14 22:18 - 00002619 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Microsoft Office Document.lnk
2015-11-18 09:23 - 2014-05-14 22:18 - 00002609 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Microsoft Office Document.lnk
2015-11-18 09:23 - 2014-05-12 17:05 - 00001196 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Snapfish Photos - FREE - 1st 30 Prints.lnk
2015-11-18 09:23 - 2009-07-14 00:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-11-18 09:23 - 2009-07-13 23:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-11-17 16:27 - 2015-03-28 22:48 - 00000000 ____D C:\Windows\Minidump
2015-11-17 15:52 - 2014-06-08 10:57 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-17 13:15 - 2014-05-16 20:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-16 23:22 - 2009-07-14 00:13 - 00785942 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-16 21:56 - 2014-05-18 10:21 - 00000336 _____ C:\Windows\BRCALIB.INI
2015-11-16 10:12 - 2015-09-25 07:42 - 00000000 ____D C:\Users\Keli\AppData\Local\Spotify
2015-11-16 10:04 - 2015-09-25 07:41 - 00000000 ____D C:\Users\Keli\AppData\Roaming\Spotify
2015-11-16 08:52 - 2010-01-09 19:37 - 00000000 ____D C:\ProgramData\Temp
2015-11-16 08:28 - 2014-05-18 21:35 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-11-14 15:27 - 2014-04-06 22:17 - 00000000 ____D C:\Users\Keli\Documents\Statements
2015-11-13 20:43 - 2014-05-18 09:05 - 00000000 ____D C:\Users\Keli\AppData\Local\NETGEARGenie
2015-11-13 20:37 - 2015-01-15 10:30 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForKeli.job
2015-11-13 20:37 - 2014-06-11 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-13 20:37 - 2014-05-13 22:05 - 00000000 ____D C:\Users\Keli\AppData\Roaming\DiskDefrag
2015-11-13 20:22 - 2014-06-08 09:47 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-11-12 10:23 - 2014-10-23 09:31 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForKeli
2015-11-12 10:23 - 2014-05-21 21:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-11-12 10:21 - 2014-05-21 21:51 - 00000000 ____D C:\Users\Keli\AppData\Roaming\HP Support Assistant
2015-11-12 10:21 - 2014-05-13 18:39 - 00000000 ____D C:\Users\Keli\AppData\Roaming\HpUpdate
2015-11-11 10:17 - 2014-05-16 21:08 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 10:17 - 2014-05-16 21:08 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 10:17 - 2014-05-16 21:08 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 08:17 - 2014-11-15 11:40 - 00000000 ____D C:\Users\Keli\AppData\Roaming\MediaMonkey
2015-11-10 09:59 - 2014-05-16 14:24 - 00004064 _____ C:\Windows\memgprep.dll
2015-10-31 15:40 - 2015-02-10 09:59 - 00000000 ____D C:\Users\Keli\Desktop\Bob
2015-10-31 09:17 - 2014-05-12 21:00 - 00000544 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-10-30 13:45 - 2015-06-16 23:51 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-10-29 23:19 - 2014-05-18 08:59 - 00369168 _____ (CACE Technologies, Inc.) C:\Windows\system32\wpcap.dll
2015-10-29 23:19 - 2014-05-18 08:59 - 00281104 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2015-10-29 23:19 - 2014-05-18 08:59 - 00106000 _____ (CACE Technologies, Inc.) C:\Windows\system32\packet.dll
2015-10-29 23:19 - 2014-05-18 08:59 - 00096784 _____ (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2015-10-29 23:19 - 2014-05-18 08:59 - 00035344 _____ (CACE Technologies, Inc.) C:\Windows\system32\Drivers\npf.sys
2015-10-29 23:19 - 2014-05-18 08:56 - 00000000 ____D C:\Program Files (x86)\NETGEAR Genie
2015-10-28 10:14 - 2014-05-16 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-10-26 08:28 - 2015-05-10 11:07 - 00000000 ____D C:\Program Files (x86)\GoPro

==================== Files in the root of some directories =======

2014-05-18 20:30 - 2014-05-18 20:30 - 0000268 ___RH () C:\Users\Keli\AppData\Roaming\Sci-Fi
2014-05-18 20:38 - 2014-05-18 20:38 - 0000268 ___RH () C:\Users\Keli\AppData\Roaming\Solid Colors
2014-05-18 20:39 - 2014-05-18 20:39 - 0000268 ___RH () C:\Users\Keli\AppData\Roaming\Sound Effects
2014-05-18 20:38 - 2014-05-18 20:38 - 0000268 ___RH () C:\Users\Keli\AppData\Roaming\Sounds
2015-01-01 11:25 - 2015-01-01 11:25 - 0003494 _____ () C:\Users\Keli\AppData\Local\recently-used.xbel
2015-02-12 21:58 - 2015-02-12 21:59 - 7527077 _____ () C:\Users\Keli\AppData\Local\tmpDSC_5904.0
2015-02-12 21:59 - 2015-02-12 21:59 - 1082614 _____ () C:\Users\Keli\AppData\Local\tmpDSC_5904.JPG
2014-05-18 20:30 - 2015-10-13 07:57 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2014-05-18 20:05 - 2014-05-18 20:14 - 0000000 ____H () C:\ProgramData\PKP_DLdw.DAT
2014-05-18 20:39 - 2014-05-18 20:39 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2014-05-18 20:38 - 2015-05-25 21:55 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2014-05-18 20:38 - 2015-07-10 20:32 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT
2014-05-18 20:30 - 2014-05-18 20:30 - 0000268 ___RH () C:\ProgramData\Services
2014-05-18 20:30 - 2014-05-18 20:30 - 0000012 ___RH () C:\ProgramData\Soundtrack
2014-05-18 20:38 - 2014-05-18 20:38 - 0000268 ___RH () C:\ProgramData\Space Choir
2014-05-18 20:39 - 2014-05-18 20:39 - 0000268 ___RH () C:\ProgramData\Spacious
2014-05-18 20:38 - 2014-05-18 20:38 - 0000268 ___RH () C:\ProgramData\Specifications
2014-05-18 20:38 - 2014-05-18 20:38 - 0000012 ___RH () C:\ProgramData\Strings
2014-05-18 20:39 - 2014-05-18 20:39 - 0000012 ___RH () C:\ProgramData\SupportPrinters
2014-05-18 20:38 - 2014-05-18 20:38 - 0000012 ___RH () C:\ProgramData\Sync Services

Some files in TEMP:
====================
C:\Users\Keli\AppData\Local\Temp\gusetup4.exe
C:\Users\Keli\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\cr2gui32.dll
C:\Windows\javexisa.dll
C:\Windows\javexisb.dll
C:\Windows\stdensrv.dll
C:\Windows\winid332.dll
C:\Windows\wnsperf32.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-10 00:33

==================== End of FRST.txt ============================
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Wed Nov 18, 2015 9:04 am    Post subject: Reply with quote

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Keli (2015-11-18 11:55:56)
Running from C:\Users\Keli\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-12 22:04:27)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-172187430-2598185790-3716903638-500 - Administrator - Disabled)
Guest (S-1-5-21-172187430-2598185790-3716903638-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-172187430-2598185790-3716903638-1002 - Limited - Enabled)
Keli (S-1-5-21-172187430-2598185790-3716903638-1001 - Administrator - Enabled) => C:\Users\Keli

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Adobe Acrobat 7.0 Professional - English, Franšais, Deutsch (HKLM-x32\...\Adobe Acrobat 7.0 Professional - English, Franšais, Deutsch - V) (Version: 7.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe Digital Editions 4.0 (HKLM-x32\...\Adobe Digital Editions 4.0) (Version: 4.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version: 3.0 - Adobe Systems, Inc.)
AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{5A569CBA-9BE4-EAB0-9B43-468CEA2323B7}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite)
ccc-core-static (x32 Version: 2009.0908.2225.38429 - ATI) Hidden
Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
CyberLink DVD Suite Deluxe (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.2115 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DVD Menu Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}) (Version: 3.1.3224 - Hewlett-Packard)
DVD Menu Pack for HP MediaSmart Video (x32 Version: 3.1.3224 - Hewlett-Packard) Hidden
Elevated Installer (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)
File Uploader (HKLM-x32\...\{237CD223-1B9D-47E8-A76C-E478B83CCEA2}) (Version: 1.2.5 - Nikon)
Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Garmin Express (HKLM-x32\...\{855d8086-4275-4bd3-a7a8-b44da3a56d7a}) (Version: 3.2.27.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.27.0 - Garmin Ltd or its subsidiaries) Hidden
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities PRO 5.38 (HKLM-x32\...\Glary Utilities 5) (Version: 5.38.0.58 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoPro App (x32 Version: 5.7.549 - GoPro, Inc.) Hidden
GoPro Studio 2.5.7 (HKLM-x32\...\{b996dca2-156c-4d2c-b9a3-59fac08cef33}) (Version: 2.5.7.549 - GoPro, Inc.)
GoToMeeting 7.1.7.2539 (HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\GoToMeeting) (Version: 7.1.7.2539 - CitrixOnline)
Hardware Diagnostic Tools (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5247.34 - PC-Doctor, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Advisor (HKLM-x32\...\{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}) (Version: 3.3.9512.3162 - Hewlett-Packard)
HP MediaSmart Demo (HKLM-x32\...\{9DEF9686-CCB2-47B7-BF83-B49EA21FA016}) (Version: 1.00.0000 - Hewlett-Packard)
HP MediaSmart DVD (HKLM-x32\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 3.1.3317 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.1.3422 - Hewlett-Packard)
HP MediaSmart SmartMenu (HKLM\...\{88E60521-1E4E-4785-B9F1-1798A4BD0C30}) (Version: 3.1.0.1 - Hewlett-Packard)
HP MediaSmart/TouchSmart Netflix (HKLM-x32\...\{35021DFB-F9CA-402A-89A2-47F91E506465}) (Version: 1.0.2.0 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{17B4760F-334B-475D-829F-1A3E94A6A4E6}) (Version: 1.2.3560.3170 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
Hulu Desktop (HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\HuluDesktop) (Version: 0.9.9 - Hulu LLC)
HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2017 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.2017 - CyberLink Corp.) Hidden
LightScribe System Software (HKLM-x32\...\{CC8E94A2-55C7-4460-953C-2A790180578C}) (Version: 1.18.8.1 - LightScribe)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Theme Pack for HP MediaSmart Video (HKLM-x32\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.1.3310 - Hewlett-Packard)
Movie Theme Pack for HP MediaSmart Video (x32 Version: 3.1.3310 - Hewlett-Packard) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Neat (HKLM-x32\...\Neat) (Version: 5.7.1.474 - The Neat Company)
Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.5 - The Neat Company)
Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.5 - The Neat Company)
Neat Core Files (x32 Version: 5.7.1.474 - The Neat Company) Hidden
Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.5 - The Neat Company)
Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.4.16.00 - NETGEAR Inc.)
Nikon Message Center (HKLM-x32\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Transfer (HKLM-x32\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.5.3 - Nikon)
Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
Office Tab FreeEdition 9.70 (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: - Detong Technology Ltd.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.1.9 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.2 - Nikon)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.3304 - CyberLink Corp.)
Power2Go (x32 Version: 6.0.3304 - CyberLink Corp.) Hidden
PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.3503 - CyberLink Corp.)
PowerDirector (x32 Version: 7.0.3503 - CyberLink Corp.) Hidden
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4012.2305 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
QuickBooks_VC10_Debug (HKLM-x32\...\{2421E8FE-AE35-493A-94F5-66307E006ECF}) (Version: 1.00.0000 - Intuit Inc.)
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)
Quicken 2015 (HKLM-x32\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.5.11 - Intuit)
Quicken WillMaker Plus 2010 (HKLM-x32\...\Quicken WillMaker Plus 2010) (Version: - Nolo)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6196 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.2216 - CyberLink Corp.) Hidden
RoboForm 7-9-16-7 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-16-7 - Siber Systems)
Scansoft PDF Professional (x32 Version: - ) Hidden
Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
Spotify (HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\Spotify) (Version: 1.0.16.104.g3b776c9e - Spotify AB)
SyncBackPro (HKLM-x32\...\SyncBackPro_is1) (Version: 7.3.0.5 - 2BrightSparks)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VFW_Codec32 (x32 Version: 0.1.160.0 - GoPro, Inc.) Hidden
VFW_Codec64 (Version: 0.1.160.0 - GoPro, Inc.) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.3.0 - Nikon)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-172187430-2598185790-3716903638-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2489\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

24-07-2015 23:00:00 Scheduled Checkpoint
26-07-2015 15:12:42 Installed Evernote v. 5.8.13
28-07-2015 01:15:31 Windows Update
31-07-2015 03:37:22 Windows Update
04-08-2015 01:12:28 Windows Update
08-08-2015 04:44:25 Windows Update
14-08-2015 04:27:01 Windows Update
18-08-2015 04:34:57 Windows Update
21-08-2015 04:36:44 Windows Update
25-08-2015 04:27:05 Windows Update
29-08-2015 04:24:46 Windows Update
05-09-2015 09:52:39 Scheduled Checkpoint
06-09-2015 03:33:47 Windows Update
13-09-2015 04:07:10 Windows Update
18-09-2015 04:21:09 Windows Update
22-09-2015 03:27:05 Windows Update
29-09-2015 04:11:18 Windows Update
03-10-2015 03:57:33 Windows Update
08-10-2015 03:27:18 Windows Update
11-10-2015 04:57:04 Windows Update
17-10-2015 01:18:43 Windows Update
22-10-2015 01:05:06 Windows Update
26-10-2015 08:27:35 GoPro Studio 2.5.7
26-10-2015 08:29:11 Windows Modules Installer
27-10-2015 03:30:33 Windows Update
01-11-2015 04:15:06 Windows Update
06-11-2015 05:18:59 Windows Update
10-11-2015 05:32:32 Windows Update
13-11-2015 05:38:19 Windows Update
17-11-2015 00:10:48 Device Driver Package Install: TAP-Win32 Provider V9 Network adapters

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {05BE9F19-8AE3-4829-BB92-3702EBA0D54B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-18] (Avast Software s.r.o.)
Task: {175237E8-A2A7-47CB-AAEA-304B5F5D912A} - \WebDnsio2 -> No File <==== ATTENTION
Task: {4C0E6D7C-427C-49C5-89BE-1E1A9BF8C570} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {4F2CE628-D710-4603-99D2-3A7D0EF5588C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {52CF3D7F-AB8F-4A84-B29E-3EDADA275483} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {58086AD1-6AFB-46C7-8FAF-F2F2C08683A8} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18] (PC-Doctor, Inc.)
Task: {59FDD69E-9DDD-4386-B1BA-91DFC15722CF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {678A9D6D-FC8E-42A8-81B1-41CA626437CA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {68B9B12F-9AF3-4783-BC3E-39A612568095} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {6D71748B-4C74-45A1-8496-A473833AD0C6} - \amiupdaterExd -> No File <==== ATTENTION
Task: {74BD7EA5-10AD-42A8-BA67-2EAFC024D110} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-31] ()
Task: {80BD6D4C-8EBF-4558-A51C-FA7287A2A2A9} - System32\Tasks\DVDAgent => c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {84AD8981-3121-49BB-96EE-CDB9A718BDA9} - System32\Tasks\CLMLSvc => c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-10-22] (CyberLink)
Task: {9438A304-8782-40AF-91F8-105B9B730465} - System32\Tasks\G2MUpdateTask-S-1-5-21-172187430-2598185790-3716903638-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\2539\g2mupdate.exe [2015-04-05] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {969263C1-7DDE-42F8-92AC-2E3A515AB80C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {9F44009D-0E3B-47D1-AF5A-D82EAB41C54F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {B3C81681-0E16-4CDE-B66D-3EFD4B683B67} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {C2414005-1772-4021-8999-A776756458A2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-10-20] (Hewlett-Packard)
Task: {C54C6BCC-913F-4E5A-B291-8EFFFC4FF926} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C8DF587E-5C84-402C-BC72-ECDE7548D284} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {D1381CFF-8D57-4BA3-9404-91D1C1FA6151} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {D4867506-DD55-45F1-A15D-808F260CC897} - \amiupdaterExi -> No File <==== ATTENTION
Task: {D9F2DC4F-C809-48CF-BA93-18377A4EA24B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2015-11-10] (Microsoft)
Task: {E729CE8B-524C-4145-A5EF-6532A248DCA8} - System32\Tasks\{C0601D95-B16A-4732-9FD3-6BDD09C651A8} => pcalua.exe -a "C:\Users\Keli\Desktop\Clean Install Tool.exe" -d C:\Users\Keli\Desktop
Task: {E9A6345F-F200-44B3-8395-9A7165A32CED} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2015-11-09] (Glarysoft Ltd)
Task: {EB8C1F4F-AC9A-4D96-BBB0-1B7E39635026} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {F4F10300-E88E-455B-8138-94968DE5C461} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FC1C13FA-718A-4FCE-B7B4-3D7B1BB971D8} - System32\Tasks\HPCeeScheduleForKeli => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-172187430-2598185790-3716903638-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\2539\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForKeli.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdrcui.exe5-fh scripts\monthly.xml

==================== Loaded Modules (Whitelisted) ==============

2014-06-08 09:43 - 2013-11-14 03:05 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
2009-09-19 17:38 - 2009-09-19 17:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-16 14:24 - 2014-05-16 14:24 - 00345096 _____ () C:\Windows\CoreComp\ntdrsys64.dll
2009-09-14 19:17 - 2009-09-14 19:17 - 00610360 _____ () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2014-05-18 10:18 - 2010-03-15 18:18 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2009-09-19 17:40 - 2009-09-19 17:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 17:40 - 2009-09-19 17:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2015-08-26 09:21 - 2015-08-26 09:21 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2015-05-09 19:50 - 2015-05-09 19:50 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-09 19:50 - 2015-05-09 19:50 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-11-18 06:33 - 2015-11-18 06:33 - 02991104 _____ () C:\Program Files\AVAST Software\Avast\defs\15111800\algo.dll
2009-09-07 16:54 - 2009-09-07 16:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2014-05-16 14:24 - 2014-05-16 14:24 - 00335368 _____ () C:\Windows\CoreComp\mdaxml32.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00061440 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00131072 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00040960 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00005632 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00018944 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00036864 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00007680 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
2009-09-29 18:25 - 2009-09-29 18:25 - 00028672 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 20:14 - 2013-09-28 20:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2015-09-24 06:14 - 2015-09-24 06:14 - 00669696 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2015-09-22 02:34 - 2015-09-22 02:34 - 01691136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2015-05-25 04:44 - 2015-05-25 04:44 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2015-09-22 04:10 - 2015-09-22 04:10 - 00598528 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2015-09-22 02:36 - 2015-09-22 02:36 - 06936064 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 21:05 - 2014-06-29 21:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2015-09-24 06:09 - 2015-09-24 06:09 - 02978318 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 15:27 - 2012-10-15 15:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2015-07-30 06:14 - 2015-07-30 06:14 - 01057792 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 03:39 - 2014-09-11 03:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2015-09-24 06:09 - 2015-09-24 06:09 - 01203200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2015-09-24 06:05 - 2015-09-24 06:05 - 11163136 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2015-09-24 06:10 - 2015-09-24 06:10 - 02588160 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2015-05-25 05:03 - 2015-05-25 05:03 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2015-07-30 06:15 - 2015-07-30 06:15 - 00892416 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2015-05-25 05:05 - 2015-05-25 05:05 - 00438272 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-08-25 14:07 - 2013-08-25 14:07 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-08-25 14:16 - 2013-08-25 14:16 - 00381952 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qmng.dll
2013-08-25 14:09 - 2013-08-25 14:09 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2013-08-25 14:16 - 2013-08-25 14:16 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtga.dll
2013-08-25 14:16 - 2013-08-25 14:16 - 00390144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qtiff.dll
2013-08-25 14:16 - 2013-08-25 14:16 - 00045056 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qwbmp.dll
2014-06-29 20:55 - 2014-06-29 20:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2015-04-17 05:36 - 2015-04-17 05:36 - 00146944 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2015-08-24 03:41 - 2015-08-24 03:41 - 02360622 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2015-03-28 09:50 - 2015-03-28 09:50 - 00113152 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\NETGEAR_PLC_L2_API.dll
2015-02-03 05:09 - 2015-02-03 05:09 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 15:28 - 2012-10-15 15:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 20:13 - 2013-09-28 20:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2015-07-30 06:15 - 2015-07-30 06:15 - 00642560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2015-05-25 05:06 - 2015-05-25 05:06 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 21:33 - 2014-06-29 21:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 01:00 - 2014-09-04 01:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
2009-10-22 21:50 - 2009-10-22 21:50 - 00931112 _____ () c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2015-05-09 19:50 - 2015-05-09 19:50 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-11-09 01:19 - 2015-11-09 01:19 - 00080160 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\ProgramData\Temp:58A5270D

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\safemls.net -> hxxps://safemls.net

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-172187430-2598185790-3716903638-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Keli\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Agent => 2
MSCONFIG\Services: NMSAccess => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^MegaBackup.lnk => C:\Windows\pss\MegaBackup.lnk.CommonStartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{93AFC8AC-0DBB-4C4F-A313-CDD6DB5BCE82}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector\PDR.EXE
FirewallRules: [{A721662E-621D-4D5B-BEB9-25E3E4634763}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
FirewallRules: [{B25C71EB-910C-4DBF-89D5-45585542A7E0}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
FirewallRules: [{3C50927C-E917-4062-8DE6-0BD9648C6DDA}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
FirewallRules: [{B31567E3-A0DA-4E68-AA16-2358D74C5937}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
FirewallRules: [{940D8A12-F8FA-457C-9DA0-70C636790E2C}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{77A44BA7-8A7D-48D7-A063-78EC4DE8EA2D}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe
FirewallRules: [{E7820AF0-9CAA-41B4-8DF0-2639B9A531E4}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe
FirewallRules: [{017621D3-0086-4E58-B8A9-4A322513EBAC}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe
FirewallRules: [{272AFA93-1AC2-4FAC-9AEA-2BDC6F00A898}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\TSMAgent.exe
FirewallRules: [{ABEC8F33-AB61-4689-871E-2952312649A7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{AF0F4B64-3DC3-40AC-8692-9525069ED9A7}] => (Allow) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\HPDVDSmart.exe
FirewallRules: [{1E1A7FF3-D6D6-46EF-8BD1-FCC3666EF8D8}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DDC395BE-BA9D-41D7-9FD5-673DEA31E437}] => (Allow) svchost.exe
FirewallRules: [{1AEB4A12-7CE2-4B78-8C09-D3024F06CA50}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{55DE402C-C6D3-4D34-BFA6-10541B0F0D09}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{4EC22D0D-8EE5-4DDC-96DE-E045D53AF327}] => (Allow) LPort=2869
FirewallRules: [{F5A6E8CF-8A78-420D-B377-56467B955ECB}] => (Allow) LPort=1900
FirewallRules: [{27CCF6B9-E0A4-455A-8CDF-3CD25A7ADF44}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{6F5A9EC6-B7CC-41D2-B7A9-A6264AF657AC}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{1D3705BC-1D41-4C7C-95D4-3C41D5E1C783}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{C910F080-2C65-4DC0-BDBA-7C57F96E4FE5}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Allow) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{53C59EAF-2D80-4C9F-814B-4FE1188E9C19}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{01853B02-2AF2-4C0E-A696-BCF841B74C26}] => (Allow) C:\Program Files (x86)\Brother\Brmfl10e\FAXRX.exe
FirewallRules: [{86980E75-23B5-4D38-BB23-CE957C1E161C}] => (Allow) LPort=54925
FirewallRules: [TCP Query User{7ECCD91C-AC9F-4142-9438-E946540C794C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [UDP Query User{8F74D34C-D975-4B09-A779-0CC6653BDEFF}C:\program files (x86)\netgear genie\bin\netgeargenie.exe] => (Block) C:\program files (x86)\netgear genie\bin\netgeargenie.exe
FirewallRules: [{28120278-45BD-4E1F-9F5D-F1B7E1ECA61C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DEA693C0-EFC6-447D-832F-3B73E03F11CC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{347C02A3-3624-48A2-9F2C-A2CDD609CF9B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90FF9FCB-1751-442D-B220-ADEDE3C5D535}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{035F5D65-9147-4F1A-A07B-D641DB61F295}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{8B785827-2555-4E9E-95FA-93D886622364}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [{B711006E-1864-4937-9EAB-022E25D1F0FB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D1E7D5D5-1D42-43B9-8FBE-CC0B302DA658}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{A3D0B10E-237B-4CDA-8DBD-24C142A97E94}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{1D149A9B-DC55-4BC1-97B4-7826125CBE7B}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{54E5D5AF-89B5-4679-BADA-BCE520D5D07F}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{8ABC64BD-1D70-4221-9935-813DB34A5349}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{E4632829-76F2-4836-B4FE-804487458E00}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [UDP Query User{C4E5011F-42C2-49CA-A012-B36463453681}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe
FirewallRules: [{884DA8A1-A5AC-45E7-A932-015AD00F07FC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8C0FA74D-EF16-4754-BC46-9ED514ED466D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DC811C76-D996-42B1-8559-4D8B834096B3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A8348292-63F2-4935-93A8-955AADC62BCE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D1EDA158-C632-4DEE-AAEF-39B1B71D87C3}C:\users\keli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1A02ABCA-2D9B-4B97-A930-7350227AB683}C:\users\keli\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\keli\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F1707A6D-CA1C-49F4-9800-684A2B04F8FB}C:\users\keli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\keli\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{FC3C6DB2-AA92-445D-AA65-B0DC40BEA28B}C:\users\keli\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\keli\appdata\roaming\spotify\spotify.exe
FirewallRules: [{D98F3AAD-3BE6-4BE4-994B-BFE102BCE221}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93E67A36-C626-4ED0-B6F5-2B9B5CC0CA42}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BEA89F06-877A-4EB0-ADF3-67EF3E74E061}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EA88CEDA-31E9-489F-810F-5C6BF678C766}] => (Allow) C:\Users\Keli\AppData\Local\TheBrowser\Application\TheBrowser.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/18/2015 11:23:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 42.0.0.5780, time stamp: 0x5632d0a4
Faulting module name: mozglue.dll, version: 42.0.0.5780, time stamp: 0x5632ba58
Exception code: 0x80000003
Fault offset: 0x0000ed50
Faulting process id: 0x1450
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (11/18/2015 11:05:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: StartupManager.exe, version: 5.10.0.105, time stamp: 0x55e4094b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18869, time stamp: 0x556363bc
Exception code: 0xe06d7363
Fault offset: 0x0000c42d
Faulting process id: 0xe74
Faulting application start time: 0xStartupManager.exe0
Faulting application path: StartupManager.exe1
Faulting module path: StartupManager.exe2
Report Id: StartupManager.exe3

Error: (11/17/2015 03:52:35 PM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4596) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_DateModified0 of table SystemIndex_0A is corrupted (0).

Error: (11/17/2015 03:52:35 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2015 03:52:35 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=3800}. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/17/2015 03:52:35 PM) (Source: ESENT) (EventID: 467) (User: )
Description: Windows (4596) Windows: Database C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb: Index System_DateModified0 of table SystemIndex_0A is corrupted (0).

Error: (11/17/2015 01:35:51 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2708) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (11/17/2015 00:57:13 AM) (Source: ESENT) (EventID: 454) (User: )
Description: DllHost (1272) WebCacheLocal: Database recovery/restore failed with unexpected error -501.

Error: (11/17/2015 00:57:12 AM) (Source: ESENT) (EventID: 529) (User: )
Description: DllHost (1272) WebCacheLocal: The log range read from the file "C:\Users\Keli\AppData\Local\Microsoft\Windows\WebCache\V0100944.log" at offset 198656 (0x0000000000030800) for 512 (0x00000200) bytes failed verification due to a corrupted checksum log record. The read operation will fail with error -501 (0xfffffe0b). If this condition persists then please restore the logfile from a previous backup.

Error: (11/17/2015 00:30:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WindApp Uninstall.exe version 3.0.673.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 11cc

Start Time: 01d120f8bae470bb

Termination Time: 5

Application Path: C:\Users\Keli\AppData\Local\Temp\1711201502802\WindApp Uninstall.exe

Report Id: 38714d0e-8cec-11e5-9c88-d56a50fa3f6d


System errors:
=============
Error: (11/18/2015 11:39:17 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KELI-TOSHIBALAP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{4FAB951C-9F2A-41AC-97D4-16A630A5FCB2}.
The master browser is stopping or an election is being forced.

Error: (11/18/2015 11:35:19 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (11/18/2015 11:34:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PDFProFiltSrvPP service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The CarboniteService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/18/2015 11:34:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: AMD Phenom(tm) II X4 925 Processor
Percentage of memory in use: 35%
Total physical RAM: 8183.89 MB
Available physical RAM: 5262.37 MB
Total Virtual: 16365.99 MB
Available Virtual: 13681.02 MB

==================== Drives ================================

Drive c: (HP) (Fixed) (Total:919.94 GB) (Free:190.75 GB) NTFS
Drive d: (FACTORY_IMAGE) (Fixed) (Total:11.28 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.3 GB) (Disk ID: 4930B6DC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=919.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 Apr 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Nov 18, 2015 9:46 am    Post subject: Reply with quote

Hi,
Looks like the scans you ran did a good job of cleaning things up.
There are a few minor things in your logs that need to be dealt with, we will take care of those now.
Then to be sure we got everything i need you to run another scan for me.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {070d8a2b-f2fb-11e3-a5e2-18a905c0efe1} - "K:\WD Drive Unlock.exe" autoplay=true
    HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {36ef201d-7583-11e4-8110-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
    HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {9d5d4bdb-5f8c-11e4-93f4-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {39A15FDA-FADB-4BED-B094-0B4904B0B54B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
    2015-11-18 10:55 - 2015-11-18 10:55 - 00000000 __SHD C:\found.000
    C:\Users\Keli\AppData\Local\Temp\gusetup4.exe
    C:\Users\Keli\AppData\Local\Temp\sqlite3.dll
    C:\Windows\cr2gui32.dll
    C:\Windows\javexisa.dll
    C:\Windows\javexisb.dll
    C:\Windows\stdensrv.dll
    C:\Windows\winid332.dll
    C:\Windows\wnsperf32.dll
    Task: {175237E8-A2A7-47CB-AAEA-304B5F5D912A} - \WebDnsio2 -> No File <==== ATTENTION
    Task: {6D71748B-4C74-45A1-8496-A473833AD0C6} - \amiupdaterExd -> No File <==== ATTENTION
    Task: {D4867506-DD55-45F1-A15D-808F260CC897} - \amiupdaterExi -> No File <==== ATTENTION
    AlternateDataStreams: C:\ProgramData\Temp:054203E4
    AlternateDataStreams: C:\ProgramData\Temp:58A5270D

    EmptyTemp:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Logs/Information to Post in your Next Reply
  • FRST Fixlog.txt
  • ESET log.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Wed Nov 18, 2015 3:02 pm    Post subject: Reply with quote

Hi Cypher,

Logs you requested are below. Computer performance is about the same or slightly better. At least I don't seem to have any more nasties!! LOL HOwever, my computer is about 6 years old, so I don't expect lightning fast.




Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Keli (2015-11-18 14:10:14) Run:1
Running from C:\Users\Keli\Desktop
Loaded Profiles: Keli (Available Profiles: Keli)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {070d8a2b-f2fb-11e3-a5e2-18a905c0efe1} - "K:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {36ef201d-7583-11e4-8110-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\...\MountPoints2: {9d5d4bdb-5f8c-11e4-93f4-18a905c0efe1} - K:\VZW_Software_upgrade_assistant.exe
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {39A15FDA-FADB-4BED-B094-0B4904B0B54B} URL = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-172187430-2598185790-3716903638-1001 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
2015-11-18 10:55 - 2015-11-18 10:55 - 00000000 __SHD C:\found.000
C:\Users\Keli\AppData\Local\Temp\gusetup4.exe
C:\Users\Keli\AppData\Local\Temp\sqlite3.dll
C:\Windows\cr2gui32.dll
C:\Windows\javexisa.dll
C:\Windows\javexisb.dll
C:\Windows\stdensrv.dll
C:\Windows\winid332.dll
C:\Windows\wnsperf32.dll
Task: {175237E8-A2A7-47CB-AAEA-304B5F5D912A} - \WebDnsio2 -> No File <==== ATTENTION
Task: {6D71748B-4C74-45A1-8496-A473833AD0C6} - \amiupdaterExd -> No File <==== ATTENTION
Task: {D4867506-DD55-45F1-A15D-808F260CC897} - \amiupdaterExi -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:054203E4
AlternateDataStreams: C:\ProgramData\Temp:58A5270D

EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKU\S-1-5-21-172187430-2598185790-3716903638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{070d8a2b-f2fb-11e3-a5e2-18a905c0efe1}" => key removed successfully
HKCR\CLSID\{070d8a2b-f2fb-11e3-a5e2-18a905c0efe1} => key not found.
"HKU\S-1-5-21-172187430-2598185790-3716903638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{36ef201d-7583-11e4-8110-18a905c0efe1}" => key removed successfully
HKCR\CLSID\{36ef201d-7583-11e4-8110-18a905c0efe1} => key not found.
"HKU\S-1-5-21-172187430-2598185790-3716903638-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9d5d4bdb-5f8c-11e4-93f4-18a905c0efe1}" => key removed successfully
HKCR\CLSID\{9d5d4bdb-5f8c-11e4-93f4-18a905c0efe1} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39A15FDA-FADB-4BED-B094-0B4904B0B54B}" => key removed successfully
HKCR\CLSID\{39A15FDA-FADB-4BED-B094-0B4904B0B54B} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-172187430-2598185790-3716903638-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => value removed successfully
HKCR\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\found.000 => moved successfully
C:\Users\Keli\AppData\Local\Temp\gusetup4.exe => moved successfully
C:\Users\Keli\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Windows\cr2gui32.dll => moved successfully
C:\Windows\javexisa.dll => moved successfully
C:\Windows\javexisb.dll => moved successfully
C:\Windows\stdensrv.dll => moved successfully
C:\Windows\winid332.dll => moved successfully
C:\Windows\wnsperf32.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{175237E8-A2A7-47CB-AAEA-304B5F5D912A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{175237E8-A2A7-47CB-AAEA-304B5F5D912A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebDnsio2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D71748B-4C74-45A1-8496-A473833AD0C6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D71748B-4C74-45A1-8496-A473833AD0C6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4867506-DD55-45F1-A15D-808F260CC897}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4867506-DD55-45F1-A15D-808F260CC897}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\amiupdaterExi => key not found.
C:\ProgramData\Temp => ":054203E4" ADS removed successfully.
C:\ProgramData\Temp => ":58A5270D" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 487.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:10:33 ====





C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReader620.0429_enu_Setup.exe a variant of Win32/OpenCandy.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.be.android.tritower-37-3.17.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-28-1.0.26.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-29-1.0.27.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.omgpop.dstfree-1003006-1.3.6.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\goldenshorestechnologies.brightestflashlight.free-19-1.9.7.apk a variant of Android/Plankton.H trojan
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-20800-2.8.apk a variant of Android/Inmobi.A potentially unsafe application
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-30005-3.0.5.apk a variant of Android/Inmobi.A potentially unsafe application
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 Apr 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Nov 19, 2015 2:22 am    Post subject: Reply with quote

Hi,
Quote:
Computer performance is about the same or slightly better.

That's good to hear.
We need to run another fix, then if you are still having no problems i will give you final instructions.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.be.android.tritower-37-3.17.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-28-1.0.26.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-29-1.0.27.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.omgpop.dstfree-1003006-1.3.6.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\goldenshorestechnologies.brightestflashlight.free-19-1.9.7.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-20800-2.8.apk
    C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-30005-3.0.5.apk

    EmptyTemp:

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Thu Nov 19, 2015 5:44 am    Post subject: Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version:18-11-2015
Ran by Keli (2015-11-19 08:34:59) Run:2
Running from C:\Users\Keli\Desktop
Loaded Profiles: Keli (Available Profiles: Keli)
Boot Mode: Normal
==============================================

fixlist content:
*****************

C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.be.android.tritower-37-3.17.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-28-1.0.26.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-29-1.0.27.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.omgpop.dstfree-1003006-1.3.6.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\goldenshorestechnologies.brightestflashlight.free-19-1.9.7.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-20800-2.8.apk
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-30005-3.0.5.apk

EmptyTemp:
*****************

C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.be.android.tritower-37-3.17.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-28-1.0.26.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.nix.game.mahjong-29-1.0.27.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\com.omgpop.dstfree-1003006-1.3.6.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\goldenshorestechnologies.brightestflashlight.free-19-1.9.7.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-20800-2.8.apk => moved successfully
C:\Users\Keli\Documents\Keli Thunderbolt\App_Backup_Restore\net.zedge.android-30005-3.0.5.apk => moved successfully
EmptyTemp: => 418.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 08:35:11 ====
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 Apr 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Nov 19, 2015 7:15 am    Post subject: Reply with quote

Hi,
Good work.
Your latest logs appear to be clean so you should be good to go.
Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools

  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
klbrown
Newbie


Joined: 17 Nov 2015
Last Visit: 19 Nov 2015
Posts: 7

PostPosted: Thu Nov 19, 2015 8:00 am    Post subject: Reply with quote

Hi Cypher,

THANK YOU so much for your help!!! I have followed your instructions in the last post & all the programs have disappeared as promised. Smile

How can I donate to help your website stay up & show my appreciation for your hard work?
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 17 Apr 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Nov 21, 2015 3:07 am    Post subject: Reply with quote

Hi,
Sorry for the delay in getting back to you, my internet connection was down.
Quote:
THANK YOU so much for your help!!!

You're most welcome Smile
Quote:
How can I donate to help your website stay up & show my appreciation for your hard work?

Thank you for your donation it's much appreciated, please see the donation link below.
As your problems appear to be resolved i will close this topic, good luck and stay safe.
Quote:
As your Malware issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group