network issues - moved from malware by schrauber

blue_70517 · #1 August 30th, 2015, 08:19 PM

my internet has been stalling out.

I did a hijack this log and some things look suspicious to me. Can you please help? thank you

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:18:57 PM, on 8/30/2015
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16685)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\PC Care Center\Bin\WWTray.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\YouTube Downloader\ytd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dl l
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
O4 - HKLM\..\Run: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.e xe" -quiet
O4 - HKCU\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
O4 - HKCU\..\Run: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
O4 - HKCU\..\Run: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_9149B42D0196FF85199D8FE8BB2 82C8A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" (User 'Default user')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://games.myspace.com/gameshell/g...b.1.0.0.21.cab
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://games.myspace.com/gameshell/g...b.1.0.0.13.cab
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://games.myspace.com/gameshell/g...b.1.0.0.13.cab
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/G...onGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Coupon Printer Service (CouponPrinterService) - Coupons.com Inc. - C:\Program Files (x86)\Coupons\CouponPrinterService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
O23 - Service: WarrantyWare - N.E.W. North America, Corp. - C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12251 bytes

schrauber · #2 August 31st, 2015, 09:40 AM

Hello, blue_70517
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

Please take note of some guidelines for this fix:

Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Hijackthis is very outdated, so we will switch the scan tool.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.

blue_70517 · #3 September 1st, 2015, 04:55 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by blue (administrator) on BLUE-PC (31-08-2015 22:47:57)
Running from C:\Users\blue\Downloads
Loaded Profiles: blue (Available Profiles: blue)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(N.E.W. North America, Corp.) C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
(N.E.W. North America, Corp.) C:\Program Files (x86)\PC Care Center\Bin\WWTray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-11-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [GoogleChromeAutoLaunch_9149B42D0196FF85199D8FE8BB2 82C8A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009-05-15]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-11-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010-02-16]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk [2010-02-16]
ShortcutTarget: Microsoft Works Calendar Reminders.lnk -> C:\Program Files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe (No File)
Startup: C:\Users\blue\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Dell Dock.lnk [2009-08-10]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{4A8704E3-D19D-46FA-94A1-740D2C6E5096}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-705986722-864996818-1872155453-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-705986722-864996818-1872155453-1000 -> {1FFEDB73-3ACE-47C1-839C-359206732A9D} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dl l [2014-08-13] (Bitdefender)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-705986722-864996818-1872155453-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-705986722-864996818-1872155453-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-07-22] (Microsoft Corporation)
DPF: HKLM-x32 {049A470D-F818-4E34-B14D-E4E237DADCF8} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--5d5e25cc-9a71-4891-825c-de2045c90373/online/fashion_dash/en/fashiondashweb.1.0.0.21.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {21BB8360-F943-447E-98F3-3C22345375A7} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--99353d9f-7a55-41c0-aecc-92e75d9ea526/online/chocolatier/en/ChocolatierWeb.1.0.0.13.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--61b38b8e-b9ce-4a10-a6a5-e34b5d4c8776/online/the_great_chocolate_chase/en/greatchocolatechaseweb.1.0.0.13.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6BB2089-163F-466B-812A-748096614DFD} hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1. dll [2015-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1. dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll [2012-09-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll [2012-09-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-705986722-864996818-1872155453-1000: @movenetworks.com/Quantum Media Player -> C:\Users\blue\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll [2009-12-06] (Move Networks)
FF Plugin HKU\S-1-5-21-705986722-864996818-1872155453-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\blue\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll [2013-02-14] (Catalina Marketing Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2014-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011-08-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\blue\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\blue\AppData\Roaming\Move Networks [2009-12-06]
FF HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-08-29]
CHR Extension: (YouTube) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-08-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfo ngdfbl [2015-08-29]
CHR Extension: (Google Search) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-08-29]
CHR Extension: (Periscope) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbbdpfennongdhflkmilmcmgea ioedda [2015-08-30]
CHR Extension: (Google Sheets) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-08-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbmin llajkg [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-08-29]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.cr x [2013-09-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [1414128 2015-06-26] (Coupons.com Inc.)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2014-08-12] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
R2 WarrantyWare; C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe [459408 2008-09-19] (N.E.W. North America, Corp.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-13] (BitDefender SRL)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-09-26] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 22:47 - 2015-08-31 22:48 - 00025850 _____ C:\Users\blue\Downloads\FRST.txt
2015-08-31 22:47 - 2015-08-31 22:48 - 00000000 ____D C:\FRST
2015-08-31 22:47 - 2015-08-31 22:47 - 02188800 _____ (Farbar) C:\Users\blue\Downloads\FRST64.exe
2015-08-31 00:34 - 2015-08-31 00:34 - 00000000 ____D C:\Users\blue\AppData\Local\Apple Computer
2015-08-30 22:38 - 2015-08-30 22:38 - 00001654 _____ C:\Users\blue\Documents\cc_20150830_223809.reg
2015-08-29 16:26 - 2015-08-29 16:26 - 00000362 _____ C:\Users\blue\Documents\google bookmarks.txt
2015-08-29 16:13 - 2015-08-29 16:13 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 16:13 - 2015-08-29 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-29 16:12 - 2015-08-31 22:36 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-29 16:12 - 2015-08-31 00:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 16:12 - 2015-08-29 16:12 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2015-08-29 16:12 - 2015-08-29 16:12 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2015-08-29 15:37 - 2015-08-29 15:37 - 00347816 _____ (Microsoft Corporation) C:\Users\blue\Downloads\MicrosoftFixit.AudioPlayba ck.Run.exe
2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\blue\AppData\Local\Apple
2015-08-29 12:12 - 2015-08-29 12:12 - 00000000 _____ C:\Windows\SysWOW64\RENE14.tmp
2015-08-29 12:07 - 2015-08-29 12:07 - 00000000 _____ C:\Windows\SysWOW64\RENA65C.tmp
2015-08-28 17:51 - 2015-08-28 18:01 - 00056697 _____ C:\Users\blue\Downloads\cathy's ebay contacts.txt
2015-08-28 10:25 - 2015-08-28 10:25 - 01083750 _____ C:\Users\blue\Downloads\untitled.bmp
2015-08-25 22:32 - 2015-08-25 22:32 - 00000398 _____ C:\Users\blue\Documents\cc_20150825_223237.reg
2015-08-23 13:03 - 2015-08-23 13:03 - 00001758 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-23 12:59 - 2015-08-23 13:01 - 00000000 ____D C:\Users\blue\.oracle_jre_usage
2015-08-23 12:59 - 2015-08-23 12:59 - 00000000 ____D C:\Users\blue\AppData\Roaming\Sun
2015-08-22 10:46 - 2015-07-10 09:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-22 10:46 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-22 10:44 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 10:44 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 10:44 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-22 10:44 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-22 10:44 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 10:44 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-15 20:59 - 2015-08-15 20:59 - 00931408 _____ (Google Inc.) C:\Users\blue\Downloads\ChromeSetup.exe
2015-08-15 20:15 - 2015-08-15 20:15 - 00016376 _____ C:\Users\blue\Documents\cc_20150815_201526.reg
2015-08-15 14:37 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 14:37 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 14:36 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-15 14:36 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-15 14:36 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-15 14:36 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-15 14:35 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-15 14:35 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-15 14:35 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-15 14:34 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-15 14:31 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-15 14:31 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-15 14:31 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-15 14:31 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-15 14:30 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-15 14:30 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-15 14:30 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-15 14:30 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-15 14:30 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-15 14:30 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-15 14:30 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-15 14:30 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-15 14:19 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-15 14:19 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-15 14:19 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-15 14:19 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-15 14:18 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-15 14:18 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-15 14:18 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-15 14:18 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-15 14:18 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-15 14:18 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-15 14:18 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-15 14:18 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-15 14:18 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-15 14:18 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-15 14:18 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-15 14:18 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-15 14:18 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-15 14:18 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-15 14:18 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-15 14:17 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-15 14:17 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-15 14:17 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-15 14:17 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-15 14:17 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-15 14:17 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-15 14:17 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-15 14:17 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-15 14:17 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-15 14:17 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-15 14:17 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-15 14:17 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-15 14:17 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-15 14:17 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-15 14:17 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-15 14:17 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-15 14:17 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-15 14:17 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-15 14:17 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-15 14:17 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-15 14:17 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-14 18:16 - 2015-08-14 22:58 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\Users\blue\AppData\Roaming\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-14 18:15 - 2015-08-14 18:15 - 05274880 _____ (NCH Software) C:\Users\blue\Downloads\vppsetup.exe
2015-08-14 02:08 - 2015-08-14 02:08 - 00966728 _____ C:\Users\blue\Downloads\filmora_setup_full846.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 38878932 _____ C:\Users\blue\Downloads\freaks and geeks tribute.wmv
2015-08-10 17:37 - 2015-08-29 16:36 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eScheduledTaskS-1-5-21-705986722-864996818-1872155453-1000
2015-08-08 16:27 - 2015-08-08 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2015-08-05 00:03 - 2015-08-05 00:03 - 00877152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-08-05 00:03 - 2015-08-05 00:03 - 00538208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00872528 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-08-04 23:53 - 2015-08-04 23:53 - 00681552 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2015-08-02 16:17 - 2015-08-02 16:17 - 00001604 _____ C:\Users\blue\Documents\cc_20150802_161714.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 22:45 - 2014-10-23 18:49 - 00000000 ____D C:\Users\blue\AppData\Local\CrashDumps
2015-08-31 22:36 - 2009-05-15 11:05 - 01261551 _____ C:\Windows\WindowsUpdate.log
2015-08-31 22:22 - 2013-09-10 12:02 - 00125224 _____ C:\Windows\system32\spsys.log
2015-08-31 22:22 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-31 22:22 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 22:22 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 00:44 - 2006-11-02 10:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-08-30 23:53 - 2014-11-11 22:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-30 22:37 - 2015-07-09 20:15 - 00000000 ____D C:\Windows\Minidump
2015-08-30 12:29 - 2008-01-20 22:26 - 01093972 _____ C:\Windows\PFRO.log
2015-08-29 20:26 - 2014-07-12 02:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-29 16:36 - 2015-07-24 17:30 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eLogonTaskS-1-5-21-705986722-864996818-1872155453-1000
2015-08-29 16:13 - 2013-09-08 11:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-29 16:13 - 2012-10-20 00:33 - 00000000 ____D C:\Users\blue\AppData\Local\Google
2015-08-29 16:12 - 2015-03-28 20:48 - 00000000 ____D C:\Users\blue\AppData\Local\Deployment
2015-08-29 15:28 - 2013-12-25 22:41 - 00000000 ____D C:\Users\blue\AppData\Roaming\Audacity
2015-08-29 15:28 - 2013-12-25 22:41 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-08-29 12:12 - 2014-10-17 00:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 12:09 - 2014-01-20 14:12 - 00000000 ____D C:\Program Files\Java
2015-08-29 11:57 - 2014-10-17 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 11:47 - 2011-01-08 23:40 - 00000858 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-29 11:47 - 2009-10-30 22:31 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-08-29 11:46 - 2013-12-25 22:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-08-29 11:46 - 2013-12-25 22:41 - 00000848 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-08-28 18:00 - 2010-02-16 01:24 - 00010298 _____ C:\Users\blue\AppData\Roaming\wklnhst.dat
2015-08-27 20:28 - 2014-02-27 19:02 - 00000000 ____D C:\Users\blue\Documents\R & R RELATED ITEMS
2015-08-24 23:52 - 2015-04-17 00:05 - 00001878 _____ C:\Users\blue\Documents\youtube video ideas.txt
2015-08-23 13:01 - 2014-12-17 23:20 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-23 12:59 - 2009-08-10 22:55 - 00000000 ____D C:\Users\blue
2015-08-22 11:08 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2015-08-19 22:08 - 2014-12-06 18:13 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2015-08-17 00:52 - 2009-08-10 23:12 - 00240128 _____ C:\Users\blue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-15 15:03 - 2006-11-02 10:21 - 00453952 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 15:01 - 2009-05-15 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-15 15:00 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-15 14:39 - 2010-06-03 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-15 14:30 - 2013-07-16 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-08-15 14:22 - 2014-01-29 15:02 - 00000000 ____D C:\Users\blue\Documents\My Scans
2015-08-15 14:20 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-14 02:08 - 2015-04-08 21:27 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-08-11 18:53 - 2014-11-11 22:10 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 18:53 - 2014-11-11 22:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 18:53 - 2014-11-11 22:10 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 00:00 - 2014-12-05 20:12 - 00010752 _____ C:\Users\blue\Documents\pj owes us.xlr
2015-08-09 19:24 - 2009-05-15 15:37 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-09 14:56 - 2009-08-11 15:55 - 00004055 _____ C:\Users\blue\Documents\cell phone #'s.txt
2015-08-09 03:08 - 2015-02-15 18:34 - 00000000 ____D C:\Users\blue\Documents\PJ'S BOOKS
2015-08-09 03:04 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 03:00 - 2014-05-27 22:30 - 00006550 _____ C:\Windows\setupact.log
2015-08-09 02:53 - 2010-07-21 02:05 - 00000000 ____D C:\ProgramData\Roxio
2015-08-08 16:27 - 2014-12-06 17:54 - 00000887 _____ C:\Users\Public\Desktop\YTD Video Downloader.lnk
2015-08-08 15:59 - 2009-08-14 01:37 - 00000000 ____D C:\Users\blue\AppData\Roaming\Real
2015-08-05 22:40 - 2015-05-09 17:35 - 00000539 _____ C:\Users\blue\Documents\mom and cathy's cell phone numbers.txt
2015-08-05 21:36 - 2015-02-21 18:21 - 00000811 _____ C:\Users\blue\Documents\pwds.txt
2015-08-01 14:14 - 2015-04-19 12:37 - 00614432 _____ (www.patchmypc.net) C:\Users\blue\Downloads\PatchMyPC.exe

==================== Files in the root of some directories =======

2014-11-23 17:12 - 2014-11-23 17:13 - 0000149 _____ () C:\Users\blue\AppData\Roaming\settings.xml
2011-05-16 22:26 - 2011-05-16 22:26 - 0027528 _____ () C:\Users\blue\AppData\Roaming\UserTile.png
2015-04-08 19:19 - 2015-04-08 21:53 - 0002015 _____ () C:\Users\blue\AppData\Roaming\vidiot.ini
2010-02-16 01:24 - 2015-08-28 18:00 - 0010298 _____ () C:\Users\blue\AppData\Roaming\wklnhst.dat
2013-05-22 23:30 - 2013-12-08 15:42 - 2162416 _____ (Catalina Marketing Corp) C:\Users\blue\AppData\Local\BcsKtYcHW.dll
2013-05-22 23:41 - 2013-05-22 23:41 - 2742952 _____ (Catalina Marketing Corp) C:\Users\blue\AppData\Local\BcsKtYcIO.dll
2009-08-21 13:54 - 2015-07-13 02:15 - 0007052 _____ () C:\Users\blue\AppData\Local\d3d9caps.dat
2015-02-14 12:38 - 2015-02-14 12:38 - 0000732 _____ () C:\Users\blue\AppData\Local\d3d9caps64.dat
2009-08-10 23:12 - 2015-08-17 00:52 - 0240128 _____ () C:\Users\blue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-09 17:09 - 2010-09-09 17:09 - 0231862 _____ () C:\Users\blue\AppData\Local\dd_ATL90SP1_KB973924MS I27C6.txt
2010-09-09 17:09 - 2010-09-09 17:09 - 0012424 _____ () C:\Users\blue\AppData\Local\dd_ATL90SP1_KB973924UI 27C6.txt
2013-06-09 00:13 - 2013-06-09 00:14 - 0369392 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI0C47.txt
2012-05-25 22:49 - 2012-05-25 22:49 - 0369040 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI1F09.txt
2010-09-09 15:02 - 2010-09-09 15:02 - 0373612 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI468C.txt
2010-08-01 17:21 - 2010-08-01 17:22 - 0584908 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI49D3.txt
2011-06-26 16:17 - 2011-06-26 16:17 - 0012954 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI0284.txt
2013-06-09 00:13 - 2013-06-09 00:14 - 0013274 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI0C47.txt
2012-05-25 22:49 - 2012-05-25 22:49 - 0011202 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI1F09.txt
2010-09-09 15:02 - 2010-09-09 15:02 - 0011378 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI468C.txt
2010-08-01 17:21 - 2010-08-01 17:23 - 0014678 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI49D3.txt
2012-10-20 00:34 - 2012-10-20 00:34 - 0000085 ___SH () C:\ProgramData\.zreglib
2013-09-10 11:40 - 2013-09-10 11:40 - 1520022 _____ () C:\ProgramData\1378828099.bdinstall.bin
2010-09-09 14:40 - 2013-09-10 10:27 - 0575965 _____ () C:\ProgramData\bdinstall.bin
2009-11-06 21:30 - 2010-06-12 22:40 - 0004179 _____ () C:\ProgramData\hpzinstall.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-08-31 22:37

==================== End of FRST.txt ============================

blue_70517 · #4 September 1st, 2015, 04:57 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by blue (2015-08-31 22:49:23)
Running from C:\Users\blue\Downloads
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-705986722-864996818-1872155453-500 - Administrator - Disabled)
blue (S-1-5-21-705986722-864996818-1872155453-1000 - Administrator - Enabled) => C:\Users\blue
Guest (S-1-5-21-705986722-864996818-1872155453-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D17 02B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Download Manager (HKLM-x32\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Control Center (HKLM-x32\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1210.1622 - )
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
Bitdefender Antivirus Plus (HKLM\...\Bitdefender) (Version: 17.16.0.729 - Bitdefender)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Catalina Savings Printer (HKLM\...\{21C069A6-6934-4EF1-92C9-CC6CFF1416A0}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
Catalina Savings Printer (HKLM-x32\...\{4956ACE3-F537-4418-BB45-FD52395275A7}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
ccc-core-static (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.09 - Piriform)
Choice Guard (x32 Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_HSF) (Version: 7.74.00 - Conexant)
Convert AVI to MP4 (HKLM-x32\...\{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1) (Version: - convertavitomp4.com)
Copy (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.6) (Version: 5.0.1.6 - Coupons.com Incorporated)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\73f463568823ebbe) (Version: 6.0.0.14 - Dell)
Dell-eBay (HKLM-x32\...\{B935C985-A17F-484B-8470-09E4FC27DC26}) (Version: 1.00.0000 - Dell)
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version: 1.0.4.11327 - Blizzard Entertainment)
Digital Line Detect (HKLM-x32\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
DJ_AIO_05_F4400_Software_Min (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
F4400 (x32 Version: 120.0.235.000 - Hewlett-Packard) Hidden
FLV Converter 3.2 (HKLM-x32\...\{6EFA70F2-D6C3-4ECA-BEA9-C1A31277C63A}_is1) (Version: - FLV Converter)
Garmin BaseCamp (HKLM-x32\...\{8114290E-D0F6-4CC8-BD3D-F40278CD01EA}) (Version: 4.3.1 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Deskjet F4400 All-In-One Driver Software 12.0 Rel .5 (HKLM\...\{0167F157-DAB9-46b0-86C4-7C66DDA85B48}) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Java 8 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{901B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.6626.0 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Microsoft Works 2002 Setup Launcher (HKLM-x32\...\Works2002Setup) (Version: - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{C3A439E4-7303-491F-A678-CEA36A87D517}) (Version: 2.0.0.0000 - Microsoft Corporation)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Motorola Driver Installation (HKLM\...\{19E74155-1CA2-4807-9BF5-1AAB4F876E1A}) (Version: 2.8.0 - Motorola Inc.)
Move Media Player (HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Move Media Player) (Version: - Move Networks)
MSVCSetup (x32 Version: 1.00.0000 - HP) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NetWaiting (HKLM-x32\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.54 - BVRP Software, Inc)
P@H-Protocol (HKLM-x32\...\{14F936AB-5D31-410E-A4E2-70AE504712F2}) (Version: 3.0.8.6 - Valassis)
PC Care Center (HKLM-x32\...\{A5E0582D-85DA-4BEA-A9E9-C17099585E76}) (Version: 1.1.7.2638 - N.E.W. North America, Corp.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.1 - Dell)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.4 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.4 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Serif PagePlus 8.0 (HKLM-x32\...\{BDC83FD3-1A0F-46FB-8852-5E9A94294143}) (Version: - )
Serif PhotoPlus SE (HKLM-x32\...\{09234F0D-5971-4701-94EE-89CB6926E273}) (Version: 1.0.0.011 - Serif (Europe) Ltd)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skins (x32 Version: 2008.1210.1623.29379 - ATI) Hidden
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net) <==== ATTENTION
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Vizzed Retro Game Room (HKLM-x32\...\{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}) (Version: 2.0.0 - Vizzed)
War Thunder Launcher 1.0.1.444 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment)
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152 ) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Works Suite OS Pack (x32 Version: 1.0.0.0000 - Microsoft Corporation) Hidden
Works Synchronization (x32 Version: 1.0.0.0000 - Your Company Name) Hidden
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version: - Wargaming.net)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
YTD Video Downloader 4.9.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.9.1 - GreenTree Applications SRL) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-705986722-864996818-1872155453-1000_Classes\CLSID\{caffac23-bb21-4945-8574-40cf5a940ad0}\InprocServer32 -> C:\Users\blue\AppData\Roaming\Catalina – Print Savings\npBcsKtTcIO.dll (Catalina Marketing Corporation)

==================== Restore Points =========================

08-08-2015 15:17:13 Removed Java 7 Update 76
09-08-2015 14:10:22 Scheduled Checkpoint
10-08-2015 23:28:28 Scheduled Checkpoint
11-08-2015 18:48:12 Windows Update
12-08-2015 19:14:20 Scheduled Checkpoint
14-08-2015 18:51:06 Windows Update
15-08-2015 14:17:23 Windows Update
17-08-2015 19:12:24 Scheduled Checkpoint
18-08-2015 17:58:11 Windows Update
19-08-2015 18:37:09 Scheduled Checkpoint
20-08-2015 21:59:26 Scheduled Checkpoint
21-08-2015 21:53:54 Scheduled Checkpoint
22-08-2015 10:43:50 Windows Update
24-08-2015 19:34:01 Scheduled Checkpoint
25-08-2015 19:31:07 Scheduled Checkpoint
27-08-2015 23:13:07 Scheduled Checkpoint
28-08-2015 09:18:21 Windows Update
29-08-2015 11:55:33 Removed Java 8 Update 51 (64-bit)
29-08-2015 12:06:46 Removed Java 8 Update 51
29-08-2015 12:08:32 Removed Java 8 Update 45 (64-bit)
29-08-2015 12:11:33 Removed Java 8 Update 45
29-08-2015 20:10:08 Windows Update
30-08-2015 21:40:59 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 07:34 - 2006-09-18 16:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02FF7F65-103A-45A7-A024-DDD175569904} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)
Task: {05969A24-7ED4-4D92-967F-9827537BD225} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2015-08-11] (Adobe Systems Incorporated)
Task: {0CD30115-6E0C-4AD9-8B75-1CE8150BD43A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2015-08-19] (Piriform Ltd)
Task: {4C4ACA74-1BB1-47A3-A74D-5E8228474B60} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {5CF0C1DB-955E-447E-916C-7AD11F75E074} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {6F925FE2-59F2-4042-AF3A-63107922180E} - System32\Tasks\RealDownloaderDownloaderScheduledTa skS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager .exe [2014-08-12] (RealNetworks, Inc.)
Task: {74FC7F44-C523-49BD-9023-1003E4E35BAB} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {A1839E20-DE34-4AC2-9A63-C9A1FBA8A422} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A99C247C-CB89-4993-927C-1E66496965DC} - System32\Tasks\RealDownloaderRealUpgradeScheduledT askS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2014-08-12] (RealNetworks, Inc.)
Task: {B140525D-BA77-4758-9FAD-5701E86BC5BB} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {B494AACB-4C20-4E46-8E4F-D3D1378D3609} - System32\Tasks\{6E72E615-5672-42CA-9251-1599F2D4B3D5} => pcalua.exe -a J:\Setup.exe -d J:\
Task: {C51E4A1C-212E-4236-8038-B17F05EC1DB6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D0EA788A-4089-4A97-9DE7-35729AF975FE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {F447123E-F085-43F0-A942-6180D3046C8B} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-705986722-864996818-1872155453-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2014-08-29] (RealNetworks, Inc.)
Task: {F56640A4-4F89-4327-8DD4-72F3DEBF886E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2013-09-10 11:32 - 2014-10-13 18:08 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-09-10 11:33 - 2014-08-13 10:09 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-09-10 11:33 - 2014-08-13 10:09 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2015-08-27 17:48 - 2015-08-27 17:48 - 00875352 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00750_029\ ashttpbr.mdl
2015-08-27 17:48 - 2015-08-27 17:48 - 00741952 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00750_029\ ashttpdsp.mdl
2015-08-27 17:48 - 2015-08-27 17:48 - 02800952 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00750_029\ ashttpph.mdl
2015-08-27 17:48 - 2015-08-27 17:48 - 01413024 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00750_029\ ashttprbl.mdl
2014-08-12 12:34 - 2014-08-12 12:34 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
2009-05-15 18:05 - 2009-01-13 06:07 - 00118272 _____ () C:\Windows\system32\atitmm64.dll
2015-03-28 21:24 - 2008-03-17 17:50 - 00072192 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2015-03-28 21:24 - 2009-01-06 17:11 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2015-03-28 21:24 - 2008-01-18 14:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2009-05-15 15:23 - 2009-05-15 15:23 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1. 0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-09-18 09:30 - 2008-09-18 09:30 - 01186816 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Implementation\64\wbocx.ocx
2015-08-15 17:41 - 2015-08-15 17:41 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\Vis taBridgeLibrary\fe2272f495ab428b26ffd51cc56bd030\V istaBridgeLibrary.ni.dll
2013-09-10 11:32 - 2014-10-13 18:01 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil. dll
2010-02-05 15:53 - 2012-05-25 05:25 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2015-08-29 16:13 - 2015-08-18 00:23 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\Pepp erFlash\pepflashplayer.dll
2015-08-29 17:39 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\blue\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2015-08-29 17:39 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\blue\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\blue\Desktop\144-3775-louisiana_topo_install.exe:BDU
AlternateDataStreams: C:\Users\blue\Desktop\uninstall_flash_player.exe:B DU
AlternateDataStreams: C:\Users\blue\Downloads\AdobeFlashPlayer_12.0.0.38 _ActiveX_SPS.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\ChromeSetup.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\DellSystemDetect.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\filmora_setup_full846.exe: BDU
AlternateDataStreams: C:\Users\blue\Downloads\FRST64.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\hd_video.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\iTunesSetup.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\jre-7u45-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\jre-8u25-windows-x64.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\lightworks_v12.0.2_full_64 bit_setup.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\MicrosoftFixit.AudioPlayba ck.Run.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\OTL.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\PSISetup (1).exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\PSISetup.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\R219774.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\RealPlayer.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\video-editor_setup_full1107.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\Vidiot-0.3.5-win32.exe:BDU
AlternateDataStreams: C:\Users\blue\Downloads\vppsetup.exe:BDU
AlternateDataStreams: C:\Users\blue\AppData\Local\BcsKtYcHW.dll:BDU
AlternateDataStreams: C:\Users\blue\AppData\Local\BcsKtYcIO.dll:BDU

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\secunia.com -> hxxps://secunia.com
IE trusted site: HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\vizzed.com -> www.vizzed.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-705986722-864996818-1872155453-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\geneva_1920x1200_black.jp g
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{1FE03654-C466-469D-8020-9BAF390592BF}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{4BE90C19-C85F-4FB4-9F44-44BD98B96364}] => (Allow) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{1652B25E-CAB9-47D9-996D-C10DB22834E5}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\wlcsdk.exe
FirewallRules: [{B0D4DBE8-41DF-4904-9C46-85AE8C1DA0DD}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5A18AFD5-BDA2-43E2-BE62-C46D0C6EDCA4}] => (Allow) svchost.exe
FirewallRules: [{43C31073-49E2-4BDB-8511-80DA4763E6BB}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{FC3E7432-F707-4611-AA55-24C25E7AA3F0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{862AFDFB-ECA5-4E57-ACBD-ED624A530B3C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{6C5B9605-20BD-4F39-BEC6-735B32FFB58A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{4922D4A5-545C-46B6-ADC1-F488E5555285}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{8CF1D613-F918-4C44-AF64-660657499E99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{45FFA327-9986-4B14-8F8E-B593E1832FCF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{20252BE6-8A7B-4B64-B028-5DB5CE532521}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{1C34E1AD-F31D-4B3D-9C8F-616B107DF994}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{C3AADF5C-F34D-4E7D-9C31-2BDAC8CB866C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{238788A1-E341-4769-9B31-D81E64DB9C21}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [TCP Query User{D6418AB1-4977-43C4-8EA6-AEF7347F71B3}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{39F7BB05-C4AF-4AA4-95A9-F069E28172DC}C:\program files (x86)\internet explorer\iexplore.exe] => (Block) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{3A5123AA-3A4F-4358-AE78-6EA4F490F407}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{58CCB22F-16D7-4B5D-BD35-47B7E0A74FBE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{755A5118-F7F3-4B1C-83C0-7863C883EA79}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{7835C10B-18D7-4178-B0DF-A7FCBEE0EA14}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6C7558F9-B827-4052-8085-D7731307CBB5}] => (Allow) LPort=80
FirewallRules: [{99CDDBFF-4982-4008-9289-38ACA5E6AC69}] => (Allow) LPort=80
FirewallRules: [{B48F0073-C931-4626-9F3C-839F5188506E}] => (Allow) LPort=80
FirewallRules: [TCP Query User{CCC20DB0-37E6-4541-A186-D55212A1BBEE}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{49E4C5BF-9117-4A34-88AB-6F8323703DBC}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{134FEA65-53A2-4179-A61D-2B865631F7FC}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{28E02FCC-CB17-4426-8D48-63A75713ED93}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{930A9D67-DDDD-4D85-9CD5-74CC3FC31C04}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{9E4F111E-D32A-44CC-97F2-D0294D90331B}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{C4A19B83-69D8-4143-93A0-39BCA59A3E2D}C:\games\world_of_tanks\worldoftanks. exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B72897B3-FDAC-41A3-AB83-45DCD88379CF}C:\games\world_of_tanks\worldoftanks. exe] => (Block) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{94B95926-A174-4526-8EA8-569AA86744E3}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{2EBD4BE3-30D5-426C-B352-7F80F3F4F1B5}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [UDP Query User{C52CDEA7-3791-49E8-A40C-41172D56EAE9}C:\program files (x86)\real\realplayer\realplay.exe] => (Allow) C:\program files (x86)\real\realplayer\realplay.exe
FirewallRules: [{2BFE2A85-4990-48FF-B11F-F22BC2FBD69E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{069E8501-1405-4ED2-BF4C-82890F49E212}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{05B08B1A-6D39-49E2-B912-21248BA87F78}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{144A40B1-24E2-4AB8-9AB8-38D47ABF520F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3478\Agent.e xe
FirewallRules: [{28714CE0-24AF-4300-BC1B-9D3C53DB768F}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [{07A930D7-E4F3-4AB2-BC3F-8DB5E9369611}] => (Allow) C:\Program Files (x86)\WarThunder\launcher.exe
FirewallRules: [TCP Query User{F43427E6-A09C-48C0-8FCB-A5D9D098BF49}C:\games\world_of_tanks\wotlauncher.e xe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{8F125F1D-C048-44D9-A233-6DA61E482C94}C:\games\world_of_tanks\wotlauncher.e xe] => (Block) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [{DFEA2705-EBA5-4C7A-9E7B-03181673A144}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/31/2015 10:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, faulting module jucheck.exe, version 2.8.60.27, time stamp 0x55c116b1, exception code 0x40000015, fault offset 0x00052d24,
process id 0xda4, application start time 0xjucheck.exe0.

Error: (08/31/2015 10:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 12:44:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win3 2",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/30/2015 12:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 12:42:11 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/29/2015 04:36:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win3 2",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/29/2015 04:36:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win3 2",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/29/2015 04:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2015 04:26:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/29/2015 03:46:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win3 2",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (08/31/2015 10:23:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (08/31/2015 12:44:08 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: 30000VSSERV

Error: (08/30/2015 10:18:59 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/30/2015 10:18:57 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/30/2015 12:31:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (08/29/2015 08:26:50 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/29/2015 08:26:47 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (08/29/2015 04:35:40 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (08/29/2015 03:45:41 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Lbd

Error: (08/29/2015 03:45:03 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:42:05 PM on 8/29/2015 was unexpected.

Microsoft Office:
=========================
Error: (08/31/2015 10:41:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jucheck.exe2.8.60.2755c116b1jucheck.exe2.8.60.2755 c116b14000001500052d24da401d0e4681a7a5829

Error: (08/31/2015 10:23:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 12:44:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0"C:\Windows\Installer\{6935C 750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe

Error: (08/30/2015 12:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/30/2015 12:42:11 AM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/29/2015 04:36:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0"C:\Windows\Installer\{6935C 750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe

Error: (08/29/2015 04:36:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0"C:\Windows\Installer\{6935C 750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe

Error: (08/29/2015 04:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/29/2015 04:26:29 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/29/2015 03:46:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: rpshellextension.1.0,language="*",type="win32 ",version="1.0.0.0"C:\Windows\Installer\{6935C 750-2D8C-4705-B4F9-052F550D225D}\recordingmanager.exe

CodeIntegrity:
===================================
Date: 2015-08-31 22:48:41.031
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-31 22:48:40.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-31 22:48:39.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-31 22:48:38.608
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m wac.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:37.673
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:36.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:35.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:34.596
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:33.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

Date: 2015-08-29 20:38:32.459
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\m bamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD Phenom(tm) 8450e Triple-Core Processor
Percentage of memory in use: 38%
Total physical RAM: 7934.2 MB
Available physical RAM: 4902.63 MB
Total Virtual: 15932.89 MB
Available Virtual: 12668.02 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:581.12 GB) (Free:353.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:15 GB) (Free:7.63 GB) NTFS

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=581.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

schrauber · #5 September 1st, 2015, 06:53 AM

Please uninstall the following programs:
YTD Video Downloader 4.9.1
Smart File Advisor 1.1.1
Catalina Savings Printer

Next, download ComboFix Save to the Desktop

Now, close all open windows
Double-click combofix.exe to run the program
Follow the prompts.
If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
When told that the RC is installed correctly, press YES to continue scanning for malware.
ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
CF may reboot the computer and resume running when it restarts.
When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

blue_70517 · #6 September 2nd, 2015, 06:28 AM

ComboFix 15-09-01.01 - blue 09/01/2015 23:41:46.3.3 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.7934.5158 [GMT -5:00]
Running from: c:\users\blue\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-08-02 to 2015-09-02 )))))))))))))))))))))))))))))))
.
.
2015-09-02 05:20 . 2015-09-02 05:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-09-01 03:47 . 2015-09-01 03:52 -------- d-----w- C:\FRST
2015-08-31 05:34 . 2015-08-31 05:34 -------- d-----w- c:\users\blue\AppData\Local\Apple Computer
2015-08-29 20:38 . 2015-08-29 20:38 -------- d-----w- c:\users\blue\AppData\Local\ElevatedDiagnostics
2015-08-29 20:15 . 2015-08-29 20:15 -------- d-----w- c:\users\blue\AppData\Local\Apple
2015-08-29 17:12 . 2015-08-29 17:12 0 ----a-w- c:\windows\SysWow64\RENE14.tmp
2015-08-29 17:07 . 2015-08-29 17:07 0 ----a-w- c:\windows\SysWow64\RENA65C.tmp
2015-08-29 06:44 . 2015-08-29 06:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E88E04CC-8544-4E1F-A363-0E851731A3AB}\offreg.620.dll
2015-08-28 14:19 . 2015-07-31 09:21 11745192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E88E04CC-8544-4E1F-A363-0E851731A3AB}\mpengine.dll
2015-08-23 18:03 . 2015-08-23 18:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin5.dll
2015-08-23 18:03 . 2015-08-23 18:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin4.dll
2015-08-23 18:03 . 2015-08-23 18:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin3.dll
2015-08-23 18:03 . 2015-08-23 18:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin2.dll
2015-08-23 18:03 . 2015-08-23 18:03 159744 ----a-w- c:\program files (x86)\Internet Explorer\PLUGINS\npqtplugin.dll
2015-08-23 18:03 . 2015-08-23 18:03 -------- d-----w- c:\program files (x86)\QuickTime
2015-08-23 18:03 . 2015-08-23 18:03 -------- d-----w- c:\programdata\Apple Computer
2015-08-23 18:00 . 2015-08-23 18:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-08-23 17:59 . 2015-08-23 18:01 -------- d-----w- c:\users\blue\.oracle_jre_usage
2015-08-22 15:46 . 2015-07-10 14:31 2048 ----a-w- c:\windows\system32\tzres.dll
2015-08-22 15:46 . 2015-07-10 14:21 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2015-08-22 15:44 . 2015-08-14 23:37 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2015-08-22 15:44 . 2015-08-14 22:55 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2015-08-22 15:44 . 2015-08-14 23:38 2158080 ----a-w- c:\windows\system32\iertutil.dll
2015-08-22 15:44 . 2015-08-14 23:55 183024 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2015-08-22 15:44 . 2015-08-14 23:07 151184 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-08-22 15:44 . 2015-08-14 23:55 765072 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2015-08-22 15:44 . 2015-08-14 23:07 758000 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2015-08-22 15:44 . 2015-08-14 23:49 17889792 ----a-w- c:\windows\system32\mshtml.dll
2015-08-15 19:37 . 2015-07-31 20:03 124624 ----a-w- c:\windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 19:37 . 2015-07-31 19:27 103120 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 19:36 . 2015-07-10 19:37 2067968 ----a-w- c:\windows\SysWow64\mstscax.dll
2015-08-15 19:36 . 2015-07-10 19:35 2425344 ----a-w- c:\windows\system32\mstscax.dll
2015-08-15 19:36 . 2015-07-11 17:13 12901888 ----a-w- c:\windows\system32\shell32.dll
2015-08-15 19:35 . 2015-07-09 14:39 169472 ----a-w- c:\windows\system32\notepad.exe
2015-08-15 19:35 . 2015-07-09 14:39 169472 ----a-w- c:\windows\notepad.exe
2015-08-15 19:35 . 2015-07-09 14:25 151040 ----a-w- c:\windows\SysWow64\notepad.exe
2015-08-15 19:34 . 2015-07-18 15:41 80384 ----a-w- c:\windows\system32\basesrv.dll
2015-08-15 19:31 . 2015-07-10 19:37 1402368 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-15 19:31 . 2015-07-10 19:37 1253376 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-15 19:31 . 2015-07-10 19:35 1875968 ----a-w- c:\windows\system32\msxml3.dll
2015-08-15 19:31 . 2015-07-10 19:35 1796096 ----a-w- c:\windows\system32\msxml6.dll
2015-08-15 19:30 . 2015-07-21 20:59 1586304 ----a-w- c:\windows\system32\ntdll.dll
2015-08-15 19:30 . 2015-07-21 20:59 1168600 ----a-w- c:\windows\SysWow64\ntdll.dll
2015-08-15 19:30 . 2015-07-21 15:50 68544 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2015-08-15 19:30 . 2015-07-21 15:50 154048 ----a-w- c:\windows\system32\drivers\ecache.sys
2015-08-15 19:30 . 2015-07-21 15:41 11264 ----a-w- c:\windows\system32\msmmsp.dll
2015-08-15 19:30 . 2015-07-21 15:40 399360 ----a-w- c:\windows\system32\emdmgmt.dll
2015-08-15 19:30 . 2015-07-21 15:40 85504 ----a-w- c:\windows\system32\csrsrv.dll
2015-08-15 19:30 . 2015-07-21 15:50 4690880 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-08-15 19:19 . 2015-07-31 21:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2015-08-15 19:19 . 2015-07-31 21:46 189952 ----a-w- c:\windows\SysWow64\d3d10core.dll
2015-08-15 19:19 . 2015-07-31 21:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2015-08-15 19:19 . 2015-07-31 21:44 287232 ----a-w- c:\windows\system32\d3d10core.dll
2015-08-15 19:19 . 2015-07-31 21:44 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2015-08-15 19:19 . 2015-07-31 21:44 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2015-08-15 19:19 . 2015-07-31 21:10 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2015-08-15 19:19 . 2015-07-31 21:09 566272 ----a-w- c:\windows\system32\d3d10level9.dll
2015-08-15 19:19 . 2015-07-31 20:41 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-08-15 19:19 . 2015-07-31 20:40 486400 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2015-08-15 19:17 . 2015-07-22 21:56 2344448 ----a-w- c:\windows\system32\jscript9.dll
2015-08-14 23:16 . 2015-08-14 23:16 -------- d-----w- c:\users\blue\AppData\Roaming\NCH Software
2015-08-14 23:16 . 2015-08-15 03:58 -------- d-----w- c:\program files (x86)\NCH Software
2015-08-14 23:16 . 2015-08-14 23:16 -------- d-----w- c:\programdata\NCH Software
2015-08-06 16:43 . 2015-08-06 16:43 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2015-08-06 16:43 . 2015-08-06 16:43 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2015-08-05 05:03 . 2015-08-05 05:03 877152 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-08-05 05:03 . 2015-08-05 05:03 538208 ----a-w- c:\windows\SysWow64\msvcp120_clr0400.dll
2015-08-05 04:53 . 2015-08-05 04:53 872528 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-08-05 04:53 . 2015-08-05 04:53 681552 ----a-w- c:\windows\system32\msvcp120_clr0400.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2015-08-30 01:26 . 2014-07-12 07:29 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-23 18:01 . 2014-12-18 04:20 110688 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-08-15 19:20 . 2006-11-02 12:35 132483416 ----a-w- c:\windows\system32\mrt.exe
2015-08-11 23:53 . 2014-11-12 03:10 778440 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-08-11 23:53 . 2014-11-12 03:10 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-03 16:04 . 2015-07-19 15:07 1316864 ----a-w- c:\windows\SysWow64\ole32.dll
2015-07-03 15:41 . 2015-07-19 15:07 1916416 ----a-w- c:\windows\system32\ole32.dll
2015-06-27 16:03 . 2015-07-19 15:07 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2015-06-27 16:03 . 2015-07-19 15:07 678400 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2015-06-27 16:02 . 2015-07-19 15:07 218112 ----a-w- c:\windows\SysWow64\msv1_0.dll
2015-06-27 16:02 . 2015-07-19 15:07 501248 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-06-27 16:01 . 2015-07-19 15:07 801280 ----a-w- c:\windows\SysWow64\advapi32.dll
2015-06-27 15:40 . 2015-07-19 15:07 1304576 ----a-w- c:\windows\system32\rpcrt4.dll
2015-06-27 15:40 . 2015-07-19 15:07 269824 ----a-w- c:\windows\system32\msv1_0.dll
2015-06-27 15:40 . 2015-07-19 15:07 658944 ----a-w- c:\windows\system32\kerberos.dll
2015-06-27 15:39 . 2015-07-19 15:07 1065472 ----a-w- c:\windows\system32\advapi32.dll
2015-06-27 14:30 . 2015-07-19 15:07 278016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2015-06-27 14:30 . 2015-07-19 15:07 109056 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2015-06-26 20:39 . 2014-10-01 22:34 659440 ----a-w- c:\windows\couponprinter_x64.ocx
2015-06-26 20:39 . 2014-10-01 22:33 444912 ----a-w- c:\windows\CouponPrinter.ocx
2015-06-23 18:30 . 2009-10-06 04:06 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 13:41 . 2014-07-12 07:29 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-06-18 13:41 . 2014-07-12 07:29 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-06-18 13:41 . 2009-10-31 03:38 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-06-17 16:50 . 2015-07-19 15:05 2264576 ----a-w- c:\windows\SysWow64\msi.dll
2015-06-17 16:23 . 2015-07-19 15:05 3137536 ----a-w- c:\windows\system32\msi.dll
2015-06-17 15:18 . 2015-07-19 15:05 125440 ----a-w- c:\windows\system32\msiexec.exe
2015-06-17 15:09 . 2015-07-19 15:05 73216 ----a-w- c:\windows\SysWow64\msiexec.exe
2015-06-12 16:03 . 2015-07-19 15:04 304640 ----a-w- c:\windows\SysWow64\gdi32.dll
2015-06-12 15:46 . 2015-07-19 15:04 390656 ----a-w- c:\windows\system32\gdi32.dll
2015-06-12 13:13 . 2015-07-19 15:07 516544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMesse nger.exe" [2012-05-25 6595928]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-12-08 568400]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 1002048]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe" [2014-08-13 615256]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"GoogleChromeAutoLaunch_9149B42D0196FF85199D8FE8BB 282C8A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2015-08-28 815944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-04-28 17824256]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-11-28 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-08-04 597552]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2015-08-06 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-12-08 568400]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 1002048]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe" [2014-08-13 615256]
.
c:\users\blue\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-6 1312096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2009-5-15 50688]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-6 1312096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-01 23:17 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.85\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2014-11-12 23:53]
.
2015-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 21:12]
.
2015-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29 21:12]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-12-08 1757520]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: dell.com
Trusted Zone: secunia.com
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--5d5e25cc-9a71-4891-825c-de2045c90373/online/fashion_dash/en/fashiondashweb.1.0.0.21.cab
DPF: {21BB8360-F943-447E-98F3-3C22345375A7} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--99353d9f-7a55-41c0-aecc-92e75d9ea526/online/chocolatier/en/ChocolatierWeb.1.0.0.13.cab
DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} - hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--61b38b8e-b9ce-4a10-a6a5-e34b5d4c8776/online/the_great_chocolate_chase/en/greatchocolatechaseweb.1.0.0.13.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3B F-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299 817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Ty peLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2015-09-02 00:23:37
ComboFix-quarantined-files.txt 2015-09-02 05:23
.
Pre-Run: 377,562,554,368 bytes free
Post-Run: 377,426,067,456 bytes free
.
- - End Of File - - 6DB67671EB97B039E132FBA909667434
5C616939100B85E558DA92B899A0FC36

schrauber · #7 September 2nd, 2015, 06:36 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

On the Scanner tab:

Make sure the "Perform Quick Scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Exit MBAM when done.

Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search, Clean.
A logfile will automatically open after the scan has finished.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[C1].txt as well.

blue_70517 · #8 September 3rd, 2015, 02:25 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/2/2015
Scan Time: 7:29:55 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.02.09
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: blue

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 388606
Time Elapsed: 17 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

blue_70517 · #9 September 3rd, 2015, 03:35 AM

# AdwCleaner v5.005 - Logfile created 02/09/2015 at 20:55:52
# Updated 31/08/2015 by Xplode
# Database : 2015-08-31.2 [Local]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : blue - BLUE-PC
# Running from : C:\Users\blue\Downloads\adwcleaner_5.005.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CouponPrinterService

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\Program Files (x86)\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
Folder Found : C:\Users\blue\AppData\Roaming\Search Protection
Folder Found : C:\Users\blue\AppData\Roaming\catalina – print savings
Folder Found : C:\Users\blue\AppData\Roaming\download Manager
Folder Found : C:\Users\blue\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\catalina – print savings
Folder Found : C:\Users\blue\Favorites\Coupons
Folder Found : C:\Users\blue\Favorites\Coupons
Folder Found : C:\Users\blue\Favorites\Coupons
Folder Found : C:\Users\blue\Favorites\Coupons

***** [ Files ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\APN PIP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.6
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
Key Found : [x64] HKCU\Software\APN PIP

***** [ Web browsers ] *****

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [2090 bytes] ##########

schrauber · #10 September 3rd, 2015, 06:45 PM

Please run AdwCleaner again and delete the threats found by clickin on the clean button.

I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Also please post back with a fresh FRST logfile and tell me how the system is running.

blue_70517 · #11 September 5th, 2015, 12:36 AM

# AdwCleaner v5.005 - Logfile created 04/09/2015 at 18:30:19
# Updated 31/08/2015 by Xplode
# Database : 2015-09-04.4 [Server]
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (x64)
# Username : blue - BLUE-PC
# Running from : C:\Users\blue\Downloads\adwcleaner_5.005.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[#] Folder Deleted : C:\Program Files (x86)\Coupons
[#] Folder Deleted : C:\Program Files (x86)\Coupons
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[#] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[#] Folder Deleted : C:\Users\blue\AppData\Roaming\Search Protection
[#] Folder Deleted : C:\Users\blue\AppData\Roaming\catalina – print savings
[#] Folder Deleted : C:\Users\blue\AppData\Roaming\download Manager
[#] Folder Deleted : C:\Users\blue\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\catalina – print savings
[#] Folder Deleted : C:\Users\blue\Favorites\Coupons
[#] Folder Deleted : C:\Users\blue\Favorites\Coupons
[#] Folder Deleted : C:\Users\blue\Favorites\Coupons
[#] Folder Deleted : C:\Users\blue\Favorites\Coupons

***** [ Files ] *****

[-] File Deleted : C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_periscopeplayer.en.softonic.com_0.loc alstorage
[-] File Deleted : C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_periscopeplayer.en.softonic.com_0.loc alstorage-journal

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.6
[!] Key Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Coupon Printer for Windows5.0.1.6
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Protection
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Coupon Printer for Windows5.0.1.6
[!] Key Not Deleted : [x64] HKCU\Software\APN PIP

***** [ Web browsers ] *****

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2593 bytes] ##########

blue_70517 · #12 September 5th, 2015, 04:14 AM

ESET didn't find anything

schrauber · #13 September 5th, 2015, 01:48 PM

Then please post back with a fresh FRST scan log and tell me how the system is running.

blue_70517 · #14 September 5th, 2015, 06:31 PM

My internet is still timing out.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by blue (administrator) on BLUE-PC (05-09-2015 12:25:11)
Running from C:\Users\blue\Downloads
Loaded Profiles: blue (Available Profiles: blue)
Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(N.E.W. North America, Corp.) C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio64.exe
(N.E.W. North America, Corp.) C:\Program Files (x86)\PC Care Center\Bin\WWTray.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Avanquest Software ) C:\Program Files (x86)\Digital Line Detect\DLG.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Movie Maker\MOVIEMK.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1757520 2014-12-08] (Bitdefender)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [17824256 2009-04-27] (VIA)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2014-11-27] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => "C:\Program Files (x86)\BlueStacks\HD-Agent.exe"
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\RunOnce: [Adobe Speed Launcher] => 1441473213
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [568400 2014-12-08] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1002048 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [Bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppass mgr.exe [615256 2014-08-13] (Bitdefender)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2009-05-15]
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files (x86)\Digital Line Detect\DLG.exe (Avanquest Software )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2009-11-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2010-02-16]
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Users\blue\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup\Dell Dock.lnk [2009-08-10]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows \Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2009-05-15]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{4A8704E3-D19D-46FA-94A1-740D2C6E5096}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-705986722-864996818-1872155453-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-705986722-864996818-1872155453-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-705986722-864996818-1872155453-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/
SearchScopes: HKU\S-1-5-21-705986722-864996818-1872155453-1000 -> {1FFEDB73-3ACE-47C1-839C-359206732A9D} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll [2014-08-13] (Bitdefender)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dl l [2014-08-13] (Bitdefender)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll [2014-08-12] (RealDownloader)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-23] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dl l [2014-03-11] (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
Toolbar: HKU\S-1-5-21-705986722-864996818-1872155453-1000 -> &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\Windows\system32\ieframe.dll [2015-07-22] (Microsoft Corporation)
DPF: HKLM-x32 {049A470D-F818-4E34-B14D-E4E237DADCF8} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--5d5e25cc-9a71-4891-825c-de2045c90373/online/fashion_dash/en/fashiondashweb.1.0.0.21.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {21BB8360-F943-447E-98F3-3C22345375A7} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--99353d9f-7a55-41c0-aecc-92e75d9ea526/online/chocolatier/en/ChocolatierWeb.1.0.0.13.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} hxxp://games.myspace.com/gameshell/games/channel--110343720/lc--en/room--61b38b8e-b9ce-4a10-a6a5-e34b5d4c8776/online/the_great_chocolate_chase/en/greatchocolatechaseweb.1.0.0.13.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: HKLM-x32 {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E6BB2089-163F-466B-812A-748096614DFD} hxxp://cainternetsecurity.net/scanner/cascanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll [2008-12-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1. dll [2015-08-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_ 232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2014-03-31] (GARMIN Corp.)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1. dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-23] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2009-11-10] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2008-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin-x32: @nosltd.com/getPlus+(R),version=1.6.2.91 -> C:\Program Files (x86)\NOS\bin\np_gp.dll [2010-09-01] (NOS Microsystems Ltd.)
FF Plugin-x32: @real.com/nppl3260;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2014-11-27] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.4 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll [2014-08-12] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprpchromebrowserrecordext.dll [2012-09-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll [2012-09-25] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.4.19 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2014-11-27] (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll [2014-08-12] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @vizzed.com/VizzedRGR -> C:\Program Files (x86)\Vizzed\Vizzed Retro Game Room\NpVizzedRgr.dll [2013-01-11] (Vizzed.com)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-705986722-864996818-1872155453-1000: @movenetworks.com/Quantum Media Player -> C:\Users\blue\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll [2009-12-06] (Move Networks)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-02-04]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext [2014-11-27]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext [2011-08-19]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman [2013-09-10]
FF HKLM-x32\...\Firefox\Extensions: [{1B12EF76-2B5E-4DA1-B587-4762D49BFE03}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Firefox\Extensions: [moveplayer@movenetworks.com] - C:\Users\blue\AppData\Roaming\Move Networks
FF Extension: Move Media Player - C:\Users\blue\AppData\Roaming\Move Networks [2009-12-06]
FF HKU\S-1-5-21-705986722-864996818-1872155453-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

Chrome:
=======
CHR Profile: C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2015-08-29]
CHR Extension: (Google Docs) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2015-08-29]
CHR Extension: (Google Drive) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2015-08-29]
CHR Extension: (YouTube) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2015-08-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfo ngdfbl [2015-08-29]
CHR Extension: (Google Search) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2015-08-29]
CHR Extension: (Google Sheets) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2015-08-29]
CHR Extension: (Google Docs Offline) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2015-09-01]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbmin llajkg [2015-08-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2015-08-29]
CHR Extension: (Gmail) - C:\Users\blue\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2015-08-29]
CHR HKLM-x32\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxcr.cr x [2013-09-10]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-12-18] (Stardock Corporation) [File not signed]
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 nosGetPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll [66112 2010-09-01] (NOS Microsystems Ltd.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc. exe [39056 2014-08-12] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1538672 2014-12-08] (Bitdefender)
R2 WarrantyWare; C:\Program Files (x86)\PC Care Center\Bin\EndUserService.exe [459408 2008-09-19] (N.E.W. North America, Corp.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1288472 2014-12-08] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [263032 2014-12-08] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [647752 2014-08-13] (BitDefender)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [119888 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2013-11-13] (BitDefender SRL)
S1 Beep; no ImagePath
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-09-26] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-19] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-12-08] (BitDefender S.R.L.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 04:15 - 2015-09-05 04:15 - 00429137 _____ C:\Users\blue\Desktop\WWE Smackdown 392015 Full Show - Smackdown 3 September 2015 Full Show This Week HQ2.mp4
2015-09-05 03:46 - 2015-09-05 03:49 - 283109587 _____ C:\Users\blue\Downloads\WWE Smackdown 392015 Full Show - Smackdown 3 September 2015 Full Show This Week HQ.mp4
2015-09-05 03:08 - 2015-09-05 03:08 - 00463656 _____ C:\Users\blue\Desktop\Total Paige 19 Every Paige appearance on Total Divas S04E095.mp4
2015-09-05 02:08 - 2015-09-05 02:08 - 00581998 _____ C:\Users\blue\Desktop\Total Paige 18 _ Every Paige appearance on Total Divas S04E083.mp4
2015-09-05 02:00 - 2015-09-05 02:01 - 00869042 _____ C:\Users\blue\Desktop\Total Paige 15 _ Every Paige appearance on Total Divas S04E053.mp4
2015-09-05 01:43 - 2015-09-05 01:43 - 00762808 _____ C:\Users\blue\Desktop\Total Paige 18 _ Every Paige appearance on Total Divas S04E082.mp4
2015-09-05 01:35 - 2015-09-05 01:35 - 00407533 _____ C:\Users\blue\Desktop\Total Paige 19 Every Paige appearance on Total Divas S04E094.mp4
2015-09-05 01:24 - 2015-09-05 01:24 - 01494136 _____ C:\Users\blue\Desktop\Total Paige 13 _ Every Paige appearance on Total Divas S04E032.mp4
2015-09-05 00:33 - 2015-09-05 00:33 - 00294948 _____ C:\Users\blue\Desktop\Total Paige 19 Every Paige appearance on Total Divas S04E093.mp4
2015-09-05 00:25 - 2015-09-05 00:25 - 01954830 _____ C:\Users\blue\Desktop\Total Divas Bonus Clip - Paige gets a shocking Makeover!2.mp4
2015-09-05 00:13 - 2015-09-05 00:13 - 00428270 _____ C:\Users\blue\Desktop\Total Paige 19 Every Paige appearance on Total Divas S04E092.mp4
2015-09-04 23:16 - 2015-09-04 23:16 - 00771873 _____ C:\Users\blue\Desktop\WWE Network Tough Talk, August 18, 20152.mp4
2015-09-04 23:12 - 2015-09-04 23:14 - 160890962 _____ C:\Users\blue\Downloads\WWE Network Tough Talk, August 18, 2015.mp4
2015-09-04 22:29 - 2015-09-04 22:29 - 00654432 _____ C:\Users\blue\Desktop\Total Paige 16 _ Every Paige appearance on Total Divas S04E063.mp4
2015-09-04 22:28 - 2015-09-04 22:28 - 00391561 _____ C:\Users\blue\Desktop\Total Paige 16 _ Every Paige appearance on Total Divas S04E062.mp4
2015-09-04 22:01 - 2015-09-04 22:01 - 00886210 _____ C:\Users\blue\Desktop\WWE Swerved Season 1 Episode 7 - WWE Swerved S01E07 - Thank You For Swerving2.mp4
2015-09-04 21:53 - 2015-09-04 21:54 - 80953798 _____ C:\Users\blue\Downloads\WWE Swerved Season 1 Episode 7 - WWE Swerved S01E07 - Thank You For Swerving.mp4
2015-09-04 18:37 - 2015-09-04 18:37 - 02870984 _____ (ESET) C:\Users\blue\Downloads\esetsmartinstaller_enu.exe
2015-09-04 01:15 - 2015-09-04 01:15 - 00704924 _____ C:\Users\blue\Desktop\Charlotte vs. Tamina SmackDown, Sept. 3, 20152.mp4
2015-09-03 22:20 - 2015-09-03 22:20 - 01244331 _____ C:\Users\blue\Desktop\Total Paige 15 _ Every Paige appearance on Total Divas S04E052.mp4
2015-09-03 19:46 - 2015-09-03 19:46 - 01214693 _____ C:\Users\blue\Desktop\toys r us summerslam signing 820152.mp4
2015-09-03 19:05 - 2015-09-03 19:59 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2015-09-03 19:04 - 2015-09-03 19:04 - 14634624 _____ (BlueStack Systems Inc.) C:\Users\blue\Downloads\ThinInstaller_native.exe
2015-09-03 19:02 - 2015-09-03 19:02 - 00000000 ____D C:\Users\blue\AppData\Roaming\Andy
2015-09-03 19:02 - 2015-09-03 19:02 - 00000000 ____D C:\Program Files\Andy
2015-09-03 19:02 - 2015-08-26 17:10 - 00000000 ___RD C:\Users\blue\AppData\Roaming\Andy_45_Online
2015-09-03 18:49 - 2015-09-03 18:49 - 01323336 _____ C:\Users\blue\Downloads\Andy_Android_Emulator_v45_ 25.exe
2015-09-03 18:49 - 2015-09-03 18:49 - 01323336 _____ C:\Users\blue\Downloads\Andy_Android_Emulator_v45_ 25 (1).exe
2015-09-03 01:19 - 2015-09-03 01:19 - 00702662 _____ C:\Users\blue\Desktop\Total Paige 14 _ Every Paige appearance on Total Divas S04E042.mp4
2015-09-03 00:35 - 2015-09-03 00:35 - 00004416 _____ C:\Users\blue\Documents\cc_20150903_003541.reg
2015-09-03 00:34 - 2015-09-03 00:34 - 03518134 _____ C:\Users\blue\Desktop\Total Divas Bonus Clip - Paige Is Totally Smitten Over Her New Boyfriend2.mp4
2015-09-02 19:30 - 2015-09-02 19:30 - 01654272 _____ C:\Users\blue\Downloads\adwcleaner_5.005.exe
2015-09-02 00:23 - 2015-09-02 00:23 - 00021779 _____ C:\ComboFix.txt
2015-09-01 19:43 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-09-01 19:43 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-09-01 19:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-09-01 19:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-09-01 19:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-09-01 19:43 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-09-01 19:43 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-09-01 19:43 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-09-01 19:40 - 2015-09-02 00:23 - 00000000 ____D C:\Qoobox
2015-09-01 19:40 - 2015-09-02 00:21 - 00000000 ____D C:\Windows\erdnt
2015-09-01 19:39 - 2015-09-01 19:39 - 05635829 ____R (Swearware) C:\Users\blue\Downloads\ComboFix.exe
2015-08-31 22:49 - 2015-08-31 22:52 - 00044402 _____ C:\Users\blue\Downloads\Addition.txt
2015-08-31 22:47 - 2015-09-05 12:25 - 00025258 _____ C:\Users\blue\Downloads\FRST.txt
2015-08-31 22:47 - 2015-09-05 12:25 - 00000000 ____D C:\FRST
2015-08-31 22:47 - 2015-08-31 22:47 - 02188800 _____ (Farbar) C:\Users\blue\Downloads\FRST64.exe
2015-08-31 00:34 - 2015-08-31 00:34 - 00000000 ____D C:\Users\blue\AppData\Local\Apple Computer
2015-08-30 22:38 - 2015-08-30 22:38 - 00001654 _____ C:\Users\blue\Documents\cc_20150830_223809.reg
2015-08-29 16:26 - 2015-08-29 16:26 - 00000362 _____ C:\Users\blue\Documents\google bookmarks.txt
2015-08-29 16:13 - 2015-09-01 18:18 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 16:13 - 2015-08-29 16:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-29 16:12 - 2015-09-05 12:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-29 16:12 - 2015-09-05 12:13 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-29 16:12 - 2015-08-29 16:12 - 00003890 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A
2015-08-29 16:12 - 2015-08-29 16:12 - 00003638 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore
2015-08-29 15:37 - 2015-08-29 15:37 - 00347816 _____ (Microsoft Corporation) C:\Users\blue\Downloads\MicrosoftFixit.AudioPlayba ck.Run.exe
2015-08-29 15:15 - 2015-08-29 15:15 - 00000000 ____D C:\Users\blue\AppData\Local\Apple
2015-08-29 12:12 - 2015-08-29 12:12 - 00000000 _____ C:\Windows\SysWOW64\RENE14.tmp
2015-08-29 12:07 - 2015-08-29 12:07 - 00000000 _____ C:\Windows\SysWOW64\RENA65C.tmp
2015-08-28 17:51 - 2015-08-28 18:01 - 00056697 _____ C:\Users\blue\Downloads\cathy's ebay contacts.txt
2015-08-28 10:25 - 2015-08-28 10:25 - 01083750 _____ C:\Users\blue\Downloads\untitled.bmp
2015-08-25 22:32 - 2015-08-25 22:32 - 00000398 _____ C:\Users\blue\Documents\cc_20150825_223237.reg
2015-08-23 13:03 - 2015-08-23 13:03 - 00001758 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\ProgramData\Apple Computer
2015-08-23 13:03 - 2015-08-23 13:03 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-23 12:59 - 2015-08-23 13:01 - 00000000 ____D C:\Users\blue\.oracle_jre_usage
2015-08-23 12:59 - 2015-08-23 12:59 - 00000000 ____D C:\Users\blue\AppData\Roaming\Sun
2015-08-22 10:46 - 2015-07-10 09:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-22 10:46 - 2015-07-10 09:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-22 10:44 - 2015-08-14 18:49 - 17889792 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-22 10:44 - 2015-08-14 18:38 - 02158080 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-22 10:44 - 2015-08-14 18:37 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-22 10:44 - 2015-08-14 18:03 - 12386816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-22 10:44 - 2015-08-14 17:56 - 01804288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-22 10:44 - 2015-08-14 17:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-15 20:59 - 2015-08-15 20:59 - 00931408 _____ (Google Inc.) C:\Users\blue\Downloads\ChromeSetup.exe
2015-08-15 20:15 - 2015-08-15 20:15 - 00016376 _____ C:\Users\blue\Documents\cc_20150815_201526.reg
2015-08-15 14:37 - 2015-07-31 15:03 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 14:37 - 2015-07-31 14:27 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNativ e_v0300.dll
2015-08-15 14:36 - 2015-07-11 12:13 - 12901888 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-15 14:36 - 2015-07-11 10:56 - 11587584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-15 14:36 - 2015-07-10 14:37 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-15 14:36 - 2015-07-10 14:35 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-15 14:35 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-15 14:35 - 2015-07-09 09:39 - 00169472 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-15 14:35 - 2015-07-09 09:25 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-15 14:34 - 2015-07-18 10:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-15 14:31 - 2015-07-10 14:37 - 01402368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-15 14:31 - 2015-07-10 14:37 - 01253376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-15 14:31 - 2015-07-10 14:35 - 01875968 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-15 14:31 - 2015-07-10 14:35 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-15 14:30 - 2015-07-21 15:59 - 01586304 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-15 14:30 - 2015-07-21 15:59 - 01168600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-15 14:30 - 2015-07-21 10:50 - 04690880 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-15 14:30 - 2015-07-21 10:50 - 00154048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ecache.sys
2015-08-15 14:30 - 2015-07-21 10:50 - 00068544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-15 14:30 - 2015-07-21 10:41 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-15 14:30 - 2015-07-21 10:40 - 00399360 _____ (Microsoft Corporation) C:\Windows\system32\emdmgmt.dll
2015-08-15 14:30 - 2015-07-21 10:40 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-08-15 14:19 - 2015-07-31 16:46 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-08-15 14:19 - 2015-07-31 16:44 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-08-15 14:19 - 2015-07-31 16:10 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-08-15 14:19 - 2015-07-31 16:09 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-08-15 14:19 - 2015-07-31 15:41 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-15 14:19 - 2015-07-31 15:40 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-08-15 14:18 - 2015-07-31 17:31 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-15 14:18 - 2015-07-31 17:08 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-15 14:18 - 2015-07-31 16:46 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-08-15 14:18 - 2015-07-31 16:44 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-08-15 14:18 - 2015-07-31 16:26 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-15 14:18 - 2015-07-31 16:25 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-15 14:18 - 2015-07-31 16:00 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-08-15 14:18 - 2015-07-31 15:59 - 01561088 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-15 14:18 - 2015-07-31 15:59 - 01154560 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-15 14:18 - 2015-07-31 15:35 - 00682496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-08-15 14:18 - 2015-07-31 15:33 - 01072640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-15 14:18 - 2015-07-31 15:33 - 00297472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-15 14:18 - 2015-07-09 09:31 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-08-15 14:18 - 2015-07-01 10:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-15 14:18 - 2015-07-01 10:43 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-15 14:17 - 2015-07-22 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-15 14:17 - 2015-07-22 16:56 - 02344448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-15 14:17 - 2015-07-22 16:55 - 10936832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-15 14:17 - 2015-07-22 16:50 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-15 14:17 - 2015-07-22 16:50 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-15 14:17 - 2015-07-22 16:49 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-15 14:17 - 2015-07-22 16:48 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-08-15 14:17 - 2015-07-22 16:48 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-15 14:17 - 2015-07-22 16:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-08-15 14:17 - 2015-07-22 16:47 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-08-15 14:17 - 2015-07-22 16:47 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-08-15 14:17 - 2015-07-22 16:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-15 14:17 - 2015-07-22 15:54 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-15 14:17 - 2015-07-22 15:51 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-15 14:17 - 2015-07-22 15:47 - 09751040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-15 14:17 - 2015-07-22 15:46 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-15 14:17 - 2015-07-22 15:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-15 14:17 - 2015-07-22 15:45 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-15 14:17 - 2015-07-22 15:45 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-08-15 14:17 - 2015-07-22 15:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00718336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-15 14:17 - 2015-07-22 15:44 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-15 14:17 - 2015-07-22 15:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-08-15 14:17 - 2015-07-22 15:43 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-08-15 14:17 - 2015-07-22 15:43 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-08-15 14:17 - 2015-07-22 15:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-14 18:16 - 2015-08-14 22:58 - 00000000 ____D C:\Program Files (x86)\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\Users\blue\AppData\Roaming\NCH Software
2015-08-14 18:16 - 2015-08-14 18:16 - 00000000 ____D C:\ProgramData\NCH Software
2015-08-14 18:15 - 2015-08-14 18:15 - 05274880 _____ (NCH Software) C:\Users\blue\Downloads\vppsetup.exe
2015-08-14 02:08 - 2015-08-14 02:08 - 00966728 _____ C:\Users\blue\Downloads\filmora_setup_full846.exe
2015-08-14 02:05 - 2015-08-14 02:05 - 38878932 _____ C:\Users\blue\Downloads\freaks and geeks tribute.wmv
2015-08-10 17:37 - 2015-09-05 12:14 - 00003358 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eScheduledTaskS-1-5-21-705986722-864996818-1872155453-1000
2015-08-06 11:43 - 2015-08-06 11:43 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-08-06 11:43 - 2015-08-06 11:43 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-05 12:22 - 2009-05-15 11:05 - 01442977 _____ C:\Windows\WindowsUpdate.log
2015-09-05 12:14 - 2015-07-24 17:30 - 00003222 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgrad eLogonTaskS-1-5-21-705986722-864996818-1872155453-1000
2015-09-05 12:12 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-05 12:12 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-05 12:12 - 2006-11-02 10:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-05 04:21 - 2006-11-02 10:42 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-05 04:16 - 2009-08-10 23:12 - 00244736 _____ C:\Users\blue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-05 03:53 - 2014-11-11 22:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-04 22:05 - 2015-04-17 00:05 - 00001619 _____ C:\Users\blue\Documents\youtube video ideas.txt
2015-09-04 18:31 - 2008-01-20 22:26 - 01097594 _____ C:\Windows\PFRO.log
2015-09-04 18:30 - 2014-10-20 21:14 - 00000000 ____D C:\AdwCleaner
2015-09-03 00:32 - 2014-10-23 18:49 - 00000000 ____D C:\Users\blue\AppData\Local\CrashDumps
2015-09-02 19:29 - 2014-07-12 02:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-02 00:23 - 2015-03-28 20:48 - 00000000 ____D C:\Users\blue\AppData\Local\Apps\2.0
2015-09-02 00:23 - 2006-11-02 08:33 - 00000000 __RHD C:\Users\Default
2015-09-02 00:21 - 2006-11-02 07:34 - 00000215 _____ C:\Windows\system.ini
2015-09-01 23:30 - 2013-09-10 12:02 - 00125480 _____ C:\Windows\system32\spsys.log
2015-08-30 22:37 - 2015-07-09 20:15 - 00000000 ____D C:\Windows\Minidump
2015-08-29 16:13 - 2013-09-08 11:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-29 16:13 - 2012-10-20 00:33 - 00000000 ____D C:\Users\blue\AppData\Local\Google
2015-08-29 16:12 - 2015-03-28 20:48 - 00000000 ____D C:\Users\blue\AppData\Local\Deployment
2015-08-29 15:28 - 2013-12-25 22:41 - 00000000 ____D C:\Users\blue\AppData\Roaming\Audacity
2015-08-29 15:28 - 2013-12-25 22:41 - 00000000 ____D C:\Program Files (x86)\Audacity
2015-08-29 12:12 - 2014-10-17 00:07 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-29 12:09 - 2014-01-20 14:12 - 00000000 ____D C:\Program Files\Java
2015-08-29 11:57 - 2014-10-17 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-29 11:47 - 2011-01-08 23:40 - 00000858 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-08-29 11:47 - 2009-10-30 22:31 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-08-29 11:46 - 2013-12-25 22:41 - 00000860 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-08-29 11:46 - 2013-12-25 22:41 - 00000848 _____ C:\Users\Public\Desktop\Audacity.lnk
2015-08-28 18:00 - 2010-02-16 01:24 - 00010298 _____ C:\Users\blue\AppData\Roaming\wklnhst.dat
2015-08-27 20:28 - 2014-02-27 19:02 - 00000000 ____D C:\Users\blue\Documents\R & R RELATED ITEMS
2015-08-23 13:01 - 2014-12-17 23:20 - 00110688 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-08-23 12:59 - 2009-08-10 22:55 - 00000000 ____D C:\Users\blue
2015-08-22 11:08 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\rescache
2015-08-15 15:03 - 2006-11-02 10:21 - 00453952 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-15 15:01 - 2009-05-15 15:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-15 15:00 - 2006-11-02 10:07 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2015-08-15 14:39 - 2010-06-03 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-15 14:30 - 2013-07-16 11:49 - 00000000 ____D C:\Windows\system32\MRT
2015-08-15 14:22 - 2014-01-29 15:02 - 00000000 ____D C:\Users\blue\Documents\My Scans
2015-08-15 14:20 - 2006-11-02 07:35 - 132483416 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-08-14 02:08 - 2015-04-08 21:27 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2015-08-11 18:53 - 2014-11-11 22:10 - 00778440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-08-11 18:53 - 2014-11-11 22:10 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-11 18:53 - 2014-11-11 22:10 - 00003682 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 00:00 - 2014-12-05 20:12 - 00010752 _____ C:\Users\blue\Documents\pj owes us.xlr
2015-08-09 19:24 - 2009-05-15 15:37 - 00000000 ____D C:\Windows\PCHEALTH
2015-08-09 14:56 - 2009-08-11 15:55 - 00004055 _____ C:\Users\blue\Documents\cell phone #'s.txt
2015-08-09 03:08 - 2015-02-15 18:34 - 00000000 ____D C:\Users\blue\Documents\PJ'S BOOKS
2015-08-09 03:04 - 2006-11-02 07:46 - 00759582 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-09 03:00 - 2014-05-27 22:30 - 00006550 _____ C:\Windows\setupact.log
2015-08-09 02:53 - 2010-07-21 02:05 - 00000000 ____D C:\ProgramData\Roxio
2015-08-08 15:59 - 2009-08-14 01:37 - 00000000 ____D C:\Users\blue\AppData\Roaming\Real

blue_70517 · #15 September 5th, 2015, 06:32 PM

==================== Files in the root of some directories =======

2014-11-23 17:12 - 2014-11-23 17:13 - 0000149 _____ () C:\Users\blue\AppData\Roaming\settings.xml
2011-05-16 22:26 - 2011-05-16 22:26 - 0027528 _____ () C:\Users\blue\AppData\Roaming\UserTile.png
2015-04-08 19:19 - 2015-04-08 21:53 - 0002015 _____ () C:\Users\blue\AppData\Roaming\vidiot.ini
2010-02-16 01:24 - 2015-08-28 18:00 - 0010298 _____ () C:\Users\blue\AppData\Roaming\wklnhst.dat
2013-05-22 23:30 - 2013-12-08 15:42 - 2162416 _____ (Catalina Marketing Corp) C:\Users\blue\AppData\Local\BcsKtYcHW.dll
2009-08-21 13:54 - 2015-07-13 02:15 - 0007052 _____ () C:\Users\blue\AppData\Local\d3d9caps.dat
2015-02-14 12:38 - 2015-02-14 12:38 - 0000732 _____ () C:\Users\blue\AppData\Local\d3d9caps64.dat
2009-08-10 23:12 - 2015-09-05 04:16 - 0244736 _____ () C:\Users\blue\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-09-09 17:09 - 2010-09-09 17:09 - 0231862 _____ () C:\Users\blue\AppData\Local\dd_ATL90SP1_KB973924MS I27C6.txt
2010-09-09 17:09 - 2010-09-09 17:09 - 0012424 _____ () C:\Users\blue\AppData\Local\dd_ATL90SP1_KB973924UI 27C6.txt
2013-06-09 00:13 - 2013-06-09 00:14 - 0369392 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI0C47.txt
2012-05-25 22:49 - 2012-05-25 22:49 - 0369040 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI1F09.txt
2010-09-09 15:02 - 2010-09-09 15:02 - 0373612 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI468C.txt
2010-08-01 17:21 - 2010-08-01 17:22 - 0584908 _____ () C:\Users\blue\AppData\Local\dd_vcredistMSI49D3.txt
2011-06-26 16:17 - 2011-06-26 16:17 - 0012954 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI0284.txt
2013-06-09 00:13 - 2013-06-09 00:14 - 0013274 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI0C47.txt
2012-05-25 22:49 - 2012-05-25 22:49 - 0011202 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI1F09.txt
2010-09-09 15:02 - 2010-09-09 15:02 - 0011378 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI468C.txt
2010-08-01 17:21 - 2010-08-01 17:23 - 0014678 _____ () C:\Users\blue\AppData\Local\dd_vcredistUI49D3.txt
2012-10-20 00:34 - 2012-10-20 00:34 - 0000085 ___SH () C:\ProgramData\.zreglib
2010-09-09 14:40 - 2013-09-10 10:27 - 0575965 _____ () C:\ProgramData\bdinstall.bin
2009-11-06 21:30 - 2010-06-12 22:40 - 0004179 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\blue\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-09-05 12:20

==================== End of FRST.txt ============================

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Firefox stop responding & computer freezing-Moved from malware by schrauber	perplexed	Windows Vista	42	July 8th, 2019 01:27 AM
Firefox stop responding computer freezing Moved from malware by schrauber	Soaddyrara	Malware Removal	1	September 20th, 2017 05:53 PM
Vrodrigu13 C.exe - moved by schrauber	Vrodrigu13	Malware Removal	32	January 11th, 2010 07:17 PM
punkydiamond - moved by schrauber	punkydiamond	Malware Removal	1	January 8th, 2010 06:43 PM
-=BULLETPROOF=- C.EXE - moved by schrauber	-=BULLETPROOF=-	Malware Removal	23	January 5th, 2010 09:49 PM