Solved Memory hijack

tedgen · 2015/07/12

I didn't see your last entry before saying that, here it is

ComboFix 15-07-12.01 - Ted 07/12/2015 17:11:36.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4061.2667 [GMT -4:00]
Running from: c:\users\Ted\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: PC Matic Super Shield *Disabled/Updated* {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
SP: AVG AntiVirus Free Edition 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: PC Matic Super Shield *Disabled/Updated* {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\users\Ted\g2mdlhlpx.exe
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2015-06-12 to 2015-07-12 )))))))))))))))))))))))))))))))
.
.
2015-07-12 21:37 . 2015-07-12 21:37 -------- d-----w- c:\users\Ted\AppData\Roaming\ProductData
2015-07-12 20:56 . 2015-07-12 20:56 -------- d-----w- C:\RegBackup
2015-07-12 20:22 . 2015-07-12 20:31 -------- d-----w- C:\AdwCleaner
2015-07-12 18:55 . 2015-07-12 19:29 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-07-12 18:55 . 2015-07-12 18:55 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2015-07-12 18:55 . 2015-07-12 18:55 -------- d-----w- c:\programdata\Malwarebytes
2015-07-12 18:55 . 2015-06-18 12:41 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-07-12 18:55 . 2015-06-18 12:41 109272 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-07-12 18:55 . 2015-06-18 12:41 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-07-11 12:19 . 2015-07-11 12:19 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-07-11 12:19 . 2015-07-11 13:01 -------- d-----w- c:\programdata\RogueKiller
2015-07-11 06:56 . 2015-06-24 05:22 12221144 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92D5AA98-7090-42AB-A536-B4C052398F51}\mpengine.dll
2015-07-09 02:18 . 2015-07-09 02:25 -------- d-----w- C:\FRST
2015-07-08 19:44 . 2015-07-08 19:44 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-06-24 23:46 . 2014-04-15 17:02 82872 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2015-06-20 19:12 . 2015-07-12 20:53 -------- d-----w- c:\users\Ted\AppData\Local\FullTiltPoker
2015-06-13 13:51 . 2015-07-04 14:05 -------- d-----w- c:\program files\Common Files\AV
2015-06-13 10:35 . 2015-06-13 10:35 -------- d-----w- c:\users\Ted\AppData\Roaming\Utherverse
2015-06-13 10:29 . 2015-06-13 10:29 -------- d-----w- c:\program files (x86)\Utherverse Digital Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-09 17:28 . 2014-12-18 20:03 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-09 17:28 . 2014-12-18 20:03 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-06-23 17:30 . 2014-08-22 21:24 300704 ------w- c:\windows\system32\MpSigStub.exe
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@= "{A8D448F4-0431-45AC-9F5E-E1B434AB2249} "
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowBatteryBar "= "c:\program files\BatteryBar\ShowBatteryBar.exe" [2013-04-11 89600]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2 "= "c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"HControlUser "= "c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"HDAudDeck "= "c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-17 2245120]
"hpqSRMon "= "c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"Info Center "= "c:\program files (x86)\PCPitstop\Info Center\InfoCenter.exe" [2013-12-26 28792]
"APSDaemon "= "c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"IObit Malware Fighter "= "c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2014-10-13 1802048]
"PC MaticRT "= "c:\program files (x86)\PCPitstop\Super Shield\PCMaticRT.exe" [2015-06-24 2143552]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 8 "= "c:\program files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" [2015-04-08 2429728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe -d [2010-2-19 12862]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe /f=srs_premium_sound_nopreset.zip /h [2010-2-19 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
"ConsentPromptBehaviorUser "= 3 (0x3)
"EnableLUA "= 0 (0x0)
"EnableUIADesktopToggle "= 0 (0x0)
"PromptOnSecureDesktop "= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs "=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@= "Service "
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 EagleX64;EagleX64; [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 glancedrv;glancedrv;c:\windows\system32\DRIVERS\glancedrv.sys;c:\windows\SYSNATIVE\DRIVERS\glancedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [x]
R3 Ser2ph;Microsoft USB GPS driver;c:\windows\system32\DRIVERS\ser2ph64.sys;c:\windows\SYSNATIVE\DRIVERS\ser2ph64.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS;c:\windows\SysWOW64\drivers\HWiNFO64A.SYS [x]
S2 AdvancedSystemCareService8;Advanced SystemCare Service 8;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [x]
S2 PCPitstop Realtime;PCPitstop Realtime;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe;c:\program files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [x]
S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14 17:28]
.
2015-07-12 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001.job
- c:\program files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-10 17:12]
.
2015-07-12 c:\windows\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001.job
- c:\program files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-10 17:12]
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09 11:45]
.
2015-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09 11:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@= "{A8D448F4-0431-45AC-9F5E-E1B434AB2249} "
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare "= "c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64 "= "c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"IntelliType Pro "= "c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint "= "c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
uDefault_Search_URL = www.google.com
mDefault_Search_URL = www.google.com
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mSearch Page = www.google.com
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: jmireports.com\www
Trusted Zone: jmireports.net\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\2656C6B696E6534376: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\3547E20214577657374796E65602F45747C6564737027596D26496: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\3557E6024596275602251636560245271636B602254602D20223E2437484A7: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\3557E645962756: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\7416C616879702350224C616A75602437473431383: NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}\F43736162726271667F6: NameServer = 156.154.70.22,156.154.71.22
DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} - hxxp://69.36.4.171/ReportServer/Reserved.ReportViewerWebControl.axd?ExecutionID=lxzup2554qila3m0kvoewv55&ControlID=a1e33b778cb24995b08e07775bda189e&Culture=1033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: {1FDFCFC3-B893-43E1-9138-4A2D2452A551} - hxxps://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: {C5A7D325-20E3-4183-9FBE-BEF5359188E3} - hxxps://login.siteinspections.com/Pages/Forms/RapidSketchIncludes/eRapidSketch.cab
DPF: {E9168086-63EF-4693-BF0D-F8A73988FC3B} - hxxps://www.iauditexpert.com/static/rapidsketch/eRapidSketch.2.6.23.cab
FF - ProfilePath - c:\users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\4ugwa554.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Driver Booster_is1 - c:\program files (x86)\IObit\Driver Booster\unins000.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,03,dc,26,60,01,5e,41,b8,2d,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6b,03,dc,26,60,01,5e,41,b8,2d,5b,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Shockwave Flash Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@= "0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@= "ShockwaveFlash.ShockwaveFlash.18 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "ShockwaveFlash.ShockwaveFlash "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@= "Macromedia Flash Factory Object "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx "
"ThreadingModel "= "Apartment "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@= "FlashFactory.FlashFactory.1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@= "c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@= "{D27CDB6B-AE6D-11cf-96B8-444553540000} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@= "FlashFactory.FlashFactory "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker6 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution "= "{15727DE6-F92D-4E46-ACB4-0E2C58B31A18} "
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key "= "ActionsPane3 "
"Location "= "c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd "
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
c:\program files (x86)\ASUS\ASUS Live Update\ALU.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
c:\program files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2015-07-12 17:45:04 - machine was rebooted
ComboFix-quarantined-files.txt 2015-07-12 21:45
.
Pre-Run: 377,504,198,656 bytes free
Post-Run: 377,873,088,512 bytes free
.
- - End Of File - - 73D88345BAB20AB199974FAD5EF4A33A
5C616939100B85E558DA92B899A0FC36

broni · 2015/07/13

You're running two AV programs, PC Matic Super Shield and AVG.
You must uninstall one of them.
If AVG use AVG Remover: http://www.avg.com/us-en/utilities

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double-click to run it. When the tool opens click Yes to disclaimer.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

tedgen · 2015/07/16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Ted (administrator) on TED-PC on 15-07-2015 18:24:42
Running from C:\Users\Ted\Downloads
Loaded Profiles: Ted (Available Profiles: Ted & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Farbar) C:\Users\Ted\Downloads\FRST64(2).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2143552 2015-06-24] (PC Pitstop LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-02-19]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-02-19]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-630889681-938048696-2952789797-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-630889681-938048696-2952789797-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-630889681-938048696-2952789797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> {F898C6F4-461F-4800-A2B4-DBAD01BAB261} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
DPF: HKLM-x32 {0D221D00-A6ED-477C-8A91-41F3B660A832} http://69.36.4.171/ReportServer/Res...033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C5A7D325-20E3-4183-9FBE-BEF5359188E3} https://login.siteinspections.com/Pages/Forms/RapidSketchIncludes/eRapidSketch.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E9168086-63EF-4693-BF0D-F8A73988FC3B} https://www.iauditexpert.com/static/rapidsketch/eRapidSketch.2.6.23.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B80FA8F8-E158-4583-B3DD-1A127EBEAF2B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\4ugwa554.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2011-10-14] (Nexon)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-22] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-630889681-938048696-2952789797-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ted\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-630889681-938048696-2952789797-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4122968 2011-06-19] (INCA Internet Co., Ltd.)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [671040 2015-06-24] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 EagleX64; No ImagePath
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (REALiX(tm))
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2009-05-19] (Prolific Technology Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-10-28] (IObit)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-11] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-11] ()
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 18:22 - 2015-07-15 18:22 - 02133504 _____ (Farbar) C:\Users\Ted\Downloads\FRST64(2).exe
2015-07-15 18:21 - 2015-07-15 18:22 - 01636864 _____ (Farbar) C:\Users\Ted\Downloads\FRST.exe
2015-07-15 18:09 - 2015-07-15 18:12 - 00461693 _____ C:\Users\Ted\Downloads\avgremover.log
2015-07-15 18:09 - 2015-07-15 18:09 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ted\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-07-12 17:53 - 2015-07-12 17:53 - 00000000 ____D C:\ProgramData\ProductData
2015-07-12 17:45 - 2015-07-12 17:45 - 00023727 _____ C:\ComboFix.txt
2015-07-12 17:37 - 2015-07-12 17:37 - 00000000 ____D C:\Users\Ted\AppData\Roaming\ProductData
2015-07-12 17:09 - 2015-07-12 17:45 - 00000000 ____D C:\Qoobox
2015-07-12 17:09 - 2015-07-12 17:42 - 00000000 ____D C:\Windows\erdnt
2015-07-12 17:09 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-12 17:09 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-12 17:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-12 17:08 - 2015-07-12 17:08 - 05632449 ____R (Swearware) C:\Users\Ted\Downloads\ComboFix.exe
2015-07-12 17:02 - 2015-07-12 17:02 - 00003871 _____ C:\Users\Ted\Desktop\JRT.txt
2015-07-12 16:56 - 2015-07-12 16:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TED-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-12 16:56 - 2015-07-12 16:56 - 00000000 ____D C:\RegBackup
2015-07-12 16:55 - 2015-07-12 16:55 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Ted\Downloads\JRT.exe
2015-07-12 16:22 - 2015-07-12 16:31 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:21 - 2015-07-12 16:21 - 02248704 _____ C:\Users\Ted\Downloads\adwcleaner_4.208.exe
2015-07-12 15:39 - 2015-07-12 15:39 - 00000000 _____ C:\autoexec.bat
2015-07-12 15:36 - 2015-07-12 15:36 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ted\Downloads\SpyHunter-Installer.exe
2015-07-12 15:30 - 2015-07-12 15:30 - 00004998 _____ C:\malware scan.txt
2015-07-12 14:55 - 2015-07-12 15:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 14:55 - 2015-07-12 14:55 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 14:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 14:55 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 14:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 14:53 - 2015-07-12 14:54 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ted\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-11 08:19 - 2015-07-11 09:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-11 08:19 - 2015-07-11 08:19 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-11 08:17 - 2015-07-11 08:18 - 18070088 _____ C:\Users\Ted\Downloads\RogueKiller.exe
2015-07-09 07:46 - 2015-07-09 07:46 - 00002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-07-09 07:45 - 2015-07-15 18:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 07:45 - 2015-07-15 17:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 07:45 - 2015-07-15 16:27 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-09 07:45 - 2015-07-15 16:27 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-09 07:45 - 2015-07-09 07:45 - 00931408 _____ (Google Inc.) C:\Users\Ted\Downloads\GoogleEarthSetup(1).exe
2015-07-09 07:39 - 2015-07-09 07:39 - 00107264 _____ C:\Users\Ted\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-09 07:38 - 2015-07-15 18:10 - 00006320 _____ C:\Windows\PFRO.log
2015-07-09 07:38 - 2015-07-09 07:38 - 00413968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 07:32 - 2015-07-15 18:11 - 00000336 _____ C:\Windows\setupact.log
2015-07-09 07:32 - 2015-07-09 07:32 - 00000000 _____ C:\Windows\setuperr.log
2015-07-09 05:47 - 2015-07-09 05:47 - 02112512 _____ (Farbar) C:\Users\Ted\Downloads\FRST64(1).exe
2015-07-09 04:24 - 2015-07-09 04:24 - 00002864 _____ C:\Windows\System32\Tasks\ASC8_SkipUac_Ted
2015-07-09 04:23 - 2015-07-09 04:23 - 00001158 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-07-09 04:22 - 2015-07-11 08:31 - 00002111 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-07-09 04:22 - 2015-07-09 04:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2015-07-08 22:22 - 2015-07-08 22:25 - 00053797 _____ C:\Users\Ted\Downloads\Addition.txt
2015-07-08 22:18 - 2015-07-15 18:24 - 00023431 _____ C:\Users\Ted\Downloads\FRST.txt
2015-07-08 22:18 - 2015-07-15 18:24 - 00000000 ____D C:\FRST
2015-07-08 22:17 - 2015-07-08 22:17 - 02112512 _____ (Farbar) C:\Users\Ted\Downloads\FRST64.exe
2015-07-08 15:44 - 2015-07-08 15:44 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-08 15:44 - 2015-07-08 15:44 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-08 15:44 - 2015-07-08 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 15:43 - 2015-07-08 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 09:06 - 2015-07-06 09:06 - 00055296 _____ C:\Users\Ted\Downloads\SketchCodes.xls
2015-07-04 09:45 - 2015-07-04 09:45 - 00001190 _____ C:\Users\Ted\Desktop\Game Booster 3.lnk
2015-07-02 08:49 - 2015-07-14 14:32 - 00000000 ____D C:\Users\Ted\Desktop\AITV
2015-06-24 19:46 - 2014-04-15 13:02 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2015-06-20 15:12 - 2015-07-12 16:53 - 00000000 ____D C:\Users\Ted\AppData\Local\FullTiltPoker
2015-06-20 15:11 - 2015-06-20 15:12 - 01982558 _____ C:\nsisinstall.log
2015-06-20 15:05 - 2015-06-20 15:10 - 64289104 _____ C:\Users\Ted\Downloads\FullTiltSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-15 18:24 - 2014-10-30 09:07 - 00000000 ____D C:\ProgramData\PCPitstopDat
2015-07-15 18:23 - 2015-04-14 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-15 18:22 - 2010-02-19 00:41 - 02060555 _____ C:\Windows\WindowsUpdate.log
2015-07-15 18:21 - 2009-07-14 00:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 18:21 - 2009-07-14 00:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 18:14 - 2014-10-30 08:47 - 00000000 ____D C:\ProgramData\PCPitstop
2015-07-15 18:12 - 2010-09-22 16:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-15 18:12 - 2009-07-13 22:34 - 00000672 _____ C:\Windows\win.ini
2015-07-15 18:11 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 18:10 - 2013-03-13 06:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-15 18:10 - 2013-03-13 06:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-15 17:40 - 2015-03-10 09:56 - 00000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001.job
2015-07-15 17:32 - 2015-05-30 23:21 - 00000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001.job
2015-07-15 16:45 - 2013-03-13 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-15 08:49 - 2015-04-14 12:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 08:49 - 2014-12-18 16:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 08:49 - 2014-12-18 16:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 20:51 - 2013-10-31 15:54 - 00000000 ____D C:\Users\Ted\Desktop\FARA2013
2015-07-12 17:45 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-12 17:37 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 17:35 - 2009-07-13 22:34 - 88080384 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 30146560 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 00061440 _____ C:\Windows\system32\config\SAM.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-12 17:33 - 2010-09-12 18:51 - 00000000 ____D C:\Users\Ted
2015-07-12 16:57 - 2010-10-17 15:11 - 00000000 ____D C:\ProgramData\IObit
2015-07-12 16:57 - 2010-09-13 07:18 - 00000000 ____D C:\Users\Ted\AppData\Roaming\IObit
2015-07-12 16:57 - 2010-09-13 07:18 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-12 16:34 - 2010-02-19 01:16 - 00001954 _____ C:\Windows\system32\ServiceFilter.ini
2015-07-12 15:25 - 2011-02-10 08:17 - 00000000 ____D C:\Users\Ted\AppData\Local\Microsoft Help
2015-07-12 15:25 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2015-07-11 09:20 - 2012-05-17 07:27 - 00038400 _____ C:\Users\Ted\Desktop\bill-payment-schedule.xls
2015-07-10 13:12 - 2015-05-30 23:21 - 00003652 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001
2015-07-10 13:12 - 2015-03-10 09:56 - 00003556 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001
2015-07-10 11:02 - 2013-07-18 13:09 - 00000000 ____D C:\Users\Ted\Desktop\york
2015-07-10 10:20 - 2015-01-02 10:39 - 00000000 ____D C:\Users\Ted\Desktop\York2015
2015-07-09 07:45 - 2010-09-13 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-09 07:38 - 2014-11-28 17:11 - 00000000 ____D C:\IObit
2015-07-08 15:35 - 2011-10-21 14:06 - 00000000 ____D C:\Users\Guest
2015-07-08 15:35 - 2010-02-19 01:16 - 00000000 ____D C:\ProgramData\P4G
2015-07-08 15:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-04 10:05 - 2015-06-13 09:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-04 09:53 - 2012-12-11 23:34 - 00000000 ____D C:\Users\Ted\AppData\Local\AdFender
2015-07-02 08:46 - 2015-04-16 11:45 - 00000000 ____D C:\Users\Ted\Desktop\Best
2015-07-01 18:04 - 2010-02-19 01:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-23 13:30 - 2014-08-22 17:24 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 10:10 - 2014-11-28 10:50 - 00001394 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-06-23 10:10 - 2014-11-28 10:50 - 00000200 _____ C:\Windows\SysWOW64\usergui.cfg

==================== Files in the root of some directories =======

2013-12-09 11:38 - 2014-03-14 10:56 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2008-05-22 12:35 - 2008-05-22 12:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 14:31 - 2009-04-08 14:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 01:45 - 2008-08-12 01:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2014-06-19 17:00 - 2014-06-19 17:00 - 0000024 _____ () C:\Users\Ted\AppData\Roaming\temp.ini
2014-10-20 20:13 - 2015-01-29 18:01 - 0009216 _____ () C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 09:35 - 2012-12-01 09:35 - 0027520 _____ () C:\Users\Ted\AppData\Local\dt.dat
2014-11-11 12:24 - 2014-11-11 12:24 - 0007602 _____ () C:\Users\Ted\AppData\Local\Resmon.ResmonCfg
2010-11-19 15:07 - 2013-02-22 18:52 - 0009006 _____ () C:\ProgramData\hpzinstall.log
2014-02-10 10:12 - 2014-02-10 10:13 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 12:06

==================== End of log ============================

tedgen · 2015/07/16

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Ted at 2015-07-15 18:26:18
Running from C:\Users\Ted\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-630889681-938048696-2952789797-500 - Administrator - Disabled)
Guest (S-1-5-21-630889681-938048696-2952789797-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-630889681-938048696-2952789797-1003 - Limited - Enabled)
Ted (S-1-5-21-630889681-938048696-2952789797-1001 - Administrator - Enabled) => C:\Users\Ted

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{0E3C52E0-B4F1-4D1E-B172-E390813BD9FE}) (Version: 12.1.8.158 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.3.0 - IObit)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Aurigma Image Uploader 5.7 Redistributable (HKLM-x32\...\{04A8C405-7DCC-4D12-9A69-02C063CC80D6}) (Version: 5.7.24 - Aurigma Inc.)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
BlackShot Ã¦°Ã… (HKLM-x32\...\BlackShot) (Version: - )
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
EasyGPS 4.18 (HKLM-x32\...\EasyGPS_is1) (Version: 4.18 - TopoGrafix)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Flashback Demo (HKLM-x32\...\Steam App 246540) (Version: - )
FormDocs 8.3.0 (HKLM-x32\...\FormDocs) (Version: 8.3.0 - FormDocs LLC)
Fotosizer 1.29 (HKLM-x32\...\Fotosizer) (Version: 1.29 - Fotosizer.com)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential (HKLM-x32\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.2 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
PC Matic 1.1.0.51 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.51 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.55 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.55 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.18 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)
PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Postbox (3.0.11) (HKLM-x32\...\Postbox (3.0.11)) (Version: 3.0.11 (en-US) - Postbox, Inc.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidSketch Web 2.6.21 (HKLM-x32\...\{043E71F2-A1E3-48BF-9ED1-694E80938DC9}) (Version: 2.6.21 - RapidSketch)
RapidSketch Web 2.6.23 (HKLM-x32\...\{1B39E41B-5670-4775-91B0-D34344811764}) (Version: 2.6.23 - RapidSketch)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboType (PC Magazine) (HKLM-x32\...\RoboType_is1) (Version: 3.1.2 - Ziff Davis Media, Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3 Pro_is1) (Version: 3.3 - IObit)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-630889681-938048696-2952789797-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

09-07-2015 07:32:46 hijack
12-07-2015 16:41:33 Revo Uninstaller's restore point - SpyHunter 4
12-07-2015 16:49:39 Revo Uninstaller's restore point - Full Tilt Poker
15-07-2015 16:42:24 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-12 17:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011CF248-2B95-4F55-BAEF-987A8B014FB7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {12949EA1-BD52-4022-B8A0-F88468B7F2AA} - System32\Tasks\{423D5F01-DBDF-4D6C-94DF-B2627A2D6F6F} => pcalua.exe -a C:\Users\Ted\Downloads\Glance__s51c!glance!net_5500_80_215724!6074!999106336_50000,60,5,15,5,60,0,0,1_1090314623_5501_443_viewer.exe -d C:\Users\Ted\Downloads
Task: {155C4221-5B91-45D5-AA9F-4FE200FE3657} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {180B9101-C4D1-4DEE-B6B7-B496BCC01F40} - System32\Tasks\{3A7B9574-6095-4426-9D5B-B879A38AABFD} => pcalua.exe -a E:\setup.exe -d E:\
Task: {1D4DD214-8998-4777-BD9A-618AD0A1F5E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {212E812C-914D-436B-9305-3AB504572C96} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {2F53879B-12FE-44C2-9A40-357D8D535A2E} - System32\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {39B822A6-C3DC-41A0-A7A5-B9EE473ACE64} - System32\Tasks\{0DB8F45E-317F-4284-A606-7BD5E624BA9A} => pcalua.exe -a C:\Users\Ted\AppData\Local\Temp\Temp2_robotype3.zip\setup.exe
Task: {3A0DAA23-8D88-458A-97E6-1A9B61110A96} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {4309C1A0-9CDB-4759-9109-ABB0854D74F3} - System32\Tasks\ASC8_SkipUac_Ted => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-06-16] (IObit)
Task: {4F9BD2A8-3187-4A40-A492-B6209C5DCE1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {7C4B7537-8061-4857-A336-826179556C5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {8971DC08-5C2C-47FC-99E5-4A855DA7D20E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {A06D202D-FE7A-4899-837A-65F7D8EAE825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {B2320083-CDAE-4ED0-A403-95E92B029D7F} - System32\Tasks\{F51D8FBE-44FA-4C36-9F43-CCC206DF9211} => pcalua.exe -a C:\Reliable\iPhoto\uninstall.exe
Task: {BBE16DFF-4F01-4986-B7D7-7BBED7CEC935} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-10-28] (IObit)
Task: {BDB63CEE-ECDB-46B7-8DE7-07BB89628016} - System32\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BF2A0EED-441E-46B3-BE44-A1A4263BAF3E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {C53F583E-4A1A-4E85-9D40-0F915E81AF24} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {C730E746-00EF-4ABB-8ABC-D9A84FF1EFC2} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-08] ()
Task: {D604A3AB-CCBC-493E-A56F-8C4303AE01C4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {E5359605-CC9D-4AE2-AFF5-5EC43A7837DD} - System32\Tasks\{84364E06-B991-476F-A8A5-0A932942CD22} => C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe [2015-07-09] (IObit)
Task: {EA847CE8-2F6B-4A56-ACD2-8BF5C70963F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {EFA11D57-1E4F-4B81-84C2-F2060BE8B74D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {F1E581BC-9A58-459E-9EA1-19FC941E2148} - System32\Tasks\{AC917259-48CE-4F47-9C2B-2E4B2EF49D29} => pcalua.exe -a "C:\Reliable\Diagramming Tool\uninstall.exe" -d "C:\Reliable\Diagramming Tool "
Task: {FAACD2AF-CF64-497F-A4FD-F8AB4CFEAD04} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-06] (ATK)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2007-06-15 14:28 - 2007-06-15 14:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 20:52 - 2007-06-01 20:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2008-10-01 03:02 - 2008-10-01 03:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-24 17:45 - 2009-11-24 17:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 17:12 - 2009-12-23 17:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 23:11 - 2009-12-18 23:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-04 21:43 - 2010-01-04 21:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-02-19 01:16 - 2007-11-30 15:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2012-04-23 16:48 - 2013-05-07 11:00 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-02-19 01:12 - 2009-05-07 04:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-02-19 01:12 - 2009-05-07 04:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-02-19 01:12 - 2008-01-18 02:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-02-19 01:12 - 2009-09-15 23:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2015-07-09 04:22 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\sqlite3.dll
2014-11-01 19:16 - 2014-04-15 13:02 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-10-30 09:08 - 2015-06-26 03:13 - 00184184 _____ () C:\ProgramData\PCPitstopDat\dat\libBase64.dll
2014-10-30 09:08 - 2015-06-26 03:13 - 00175992 _____ () C:\ProgramData\PCPitstopDat\dat\libMachoUniv.dll
2015-07-09 04:22 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2015-03-12 05:19 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2015-03-12 05:19 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2015-03-12 05:19 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2014-11-01 19:16 - 2015-06-24 18:29 - 00187200 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2015-01-02 23:44 - 2013-01-15 19:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2015-01-02 23:44 - 2013-01-15 19:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2015-01-02 23:44 - 2013-01-15 19:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2015-01-02 23:44 - 2013-12-12 19:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2015-01-02 23:44 - 2013-05-16 20:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2015-01-02 23:44 - 2013-10-16 23:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2015-01-02 23:44 - 2013-05-16 20:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2007-06-15 14:28 - 2007-06-15 14:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 21:08 - 2007-06-01 21:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:42D9E231
AlternateDataStreams: C:\Users\Ted\Desktop\Assignment Qualifications.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => " "= "Service "

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\jmireports.com -> hxxps://www.jmireports.com
IE trusted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\jmireports.net -> hxxps://www.jmireports.net

IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630889681-938048696-2952789797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ted\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5D661336-839B-4FDF-92A6-585A7B9F55D6}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D14C601E-6270-4C5D-806A-B5D0FA516EAF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{F898360D-FE23-457A-8191-561D76398F8E}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{74A921A9-F8BD-4E58-9AF6-9A231EB3C8BB}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{00FED1AA-D353-4E1D-B699-A85165EA4DF4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DB71DA05-3758-4065-AE31-E2A506AB5916}] => (Allow) svchost.exe
FirewallRules: [{07588F4E-1002-490B-8FFD-AFF51F48B9EE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{B4A6EC09-1BF4-48B5-BA9A-692A8BEF9902}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{1DA8C964-353A-4F16-A5D7-1369D5A7446A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{B9661A7D-1B4E-4007-8A09-7EAA0449E6F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{861E2316-7588-4D05-B4E1-69298A31D94B}] => (Allow) LPort=2869
FirewallRules: [{BD3FE53D-DCC9-4112-85B7-EDE6ACDB3227}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{604A1B71-C6FA-4B75-A7D4-5E3A369C33DE}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{60E76E39-A5BF-424D-9319-572FA4763C10}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{5738F3F7-7C51-4069-A4BE-E41D6EDDF34B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{18B3BFD1-468A-4A38-9C76-C57A917D39E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B1DE1EA5-CA10-4F32-8839-39A17DF4F7D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0764966C-1B12-4401-9FB2-817B60F42C7D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2AA10CBB-7EFA-4F77-B6AC-D68FEA7A31D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1B2EB6EB-954E-4AF1-85EE-15C0CBCCAFEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A812322D-50DE-4D95-AF02-28787E8C3468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{61311935-AC51-4BB7-B8D5-29FDBD8CA77A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A9BE6AB6-97D9-41EE-BB8A-78D139916105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BBEA9E4A-9215-4D71-B812-8C393300D768}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9ECD8615-88B3-4E49-A2F8-23C41D466474}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{CA706EC6-CEE2-4B46-A130-5FA0C2896593}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{191A997F-C248-4DC3-859B-0735662A2003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{D6068B9E-C903-4856-B698-86D4153452B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{B6CAF367-523E-46CA-A0F2-7BFFCB365130}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{572797D7-0F7E-46A6-9B2E-81667AADEAF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6D1ADD77-F71A-497A-B762-8902B3A14DC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{23482F66-6B54-4B24-B369-C08771E28000}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{33778173-C7F8-4174-AAAE-A4C4E9773A47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2BC80BCD-43B1-448C-8215-1786BE774DCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F3A02429-E3F0-4B02-9F35-92658EE2D4F3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A1B7FD2D-0B83-4E1B-953A-A4205AF9F1C6}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F9E859DF-23E9-4408-8F40-A85068B4E7F0}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{419763C7-239D-41BC-B1CC-ADA7F7543667}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8D3EA64B-FD61-435F-875E-9809D6A2F908}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{97A0DEC1-8A70-46E3-B483-11C3BE80BD9C}C:\users\ted\downloads\blackshot_garenaplus_installer.exe] => (Allow) C:\users\ted\downloads\blackshot_garenaplus_installer.exe
FirewallRules: [UDP Query User{8E4AD884-8D36-4607-8C43-547416E68338}C:\users\ted\downloads\blackshot_garenaplus_installer.exe] => (Allow) C:\users\ted\downloads\blackshot_garenaplus_installer.exe
FirewallRules: [{150D98E6-DECB-4EC1-83AE-0BED3DE63DE4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DD7A0C4A-6B1B-4968-A9DE-5AD689082F25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{1FBFC89C-0FBD-4E4B-A014-F4A63B58BBD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{AC146B50-C363-4718-940D-44E34D2BE55A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{E4E7B4E5-CD2A-4619-93C2-EF075D93E1F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{708EEC55-0ACD-4F89-BB20-75CB5057F03B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E602C911-4DA3-471C-80B8-F6F4593DD4E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{01D852A6-4E87-42C2-B9A3-F29039200686}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{83BEDC2A-77C0-4ADA-9208-802FE5EA5C3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C1DE7015-0696-4383-939F-AEC47F82E77D}] => (Allow) D:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{E2E01CE7-C615-49CB-ABD9-D91E424C1163}] => (Allow) D:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{135DA4FD-5F42-4440-BCB8-395B4ED69BAC}] => (Allow) C:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{38835C38-AACF-44B3-BBDD-536838FCB630}] => (Allow) C:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{27565E3A-133F-4960-8B91-695E3FBF4CA0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E24484A7-FCFC-4115-9CEB-8096C9C98D3E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5E5456D7-454C-4579-810B-89A8E529C027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4660FD38-A829-4929-8E2C-2CF01B2C1AF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ASUS USB2.0 UVC VGA WebCam
Description: ASUS USB2.0 UVC VGA WebCam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Azureware
Service: SNP2UVC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/05/2015 02:19:31 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/05/2015 02:19:31 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

System errors:
=============
Error: (07/15/2015 06:11:05 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/15/2015 06:10:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/15/2015 06:10:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:50 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:34:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/12/2015 05:34:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/12/2015 05:33:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (07/12/2015 05:29:10 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Microsoft Office:
=========================
Error: (07/12/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/05/2015 02:19:31 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/05/2015 02:19:31 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

CodeIntegrity Errors:
===================================
Date: 2015-07-12 17:33:51.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-12 17:33:50.851
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-02 05:20:07.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:34.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:33.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:33.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:32.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:42.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:42.400
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:41.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 73%
Total physical RAM: 4061.09 MB
Available physical RAM: 1066.89 MB
Total Virtual: 8120.35 MB
Available Virtual: 4791.09 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:351.35 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End of log ============================

tedgen · 2015/07/16

Thanks for your patience. I deleted AVG.

broni · 2015/07/16

Why did you install Advanced SystemCare?
It wasn't there when you initially posted.

In my first reply I clearly stated:

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Click to expand...

tedgen · 2015/07/16

it's always been on my machine, I may have shut it down before running the first reports but it reactivated itself. I haven't run any repair programs since we started. Some have a mind of their own.

broni · 2015/07/16

I still have my doubts.
In your Addition.txt log from July 9th it's not listed as being installed.
On a top of it I can see this:

04-07-2015 09:55:28 Revo Uninstaller's restore point - Advanced SystemCare 8
Click to expand...

Uninstalled on July 4th.
In your newest Addition.txt is listed as installed again.
See for yourself.

In any case, uninstall it for this reason...
Registry cleaners/optimizers are not recommended for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Ed Bott's Webog: Why I don't use registry cleaners

Do I need a Registry Cleaner?

When done re-run FRST and post fresh logs.
Make sure you checkmark Addition.txt box so both logs will be produced.

tedgen · 2015/07/16

------------License code of Advanced SystemCare Pro------------

License Code: FBE6C-D0191-9EF68-FE4C6
Expiration Date: 2016-03-12
License Seat: 3
License Status: Activated
One year license activated 3/12/15, probably my third or fourth. Sat at my first computer in 1985, know dos. I deleted the program and everything else from Iobit. Have to wait to run frst. Want to buy a DOS 5.0 manual?

broni · 2015/07/16

Go on with FRST

tedgen · 2015/07/16

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015
Ran by Ted (administrator) on TED-PC on 16-07-2015 21:58:56
Running from C:\Users\Ted\Downloads
Loaded Profiles: Ted (Available Profiles: Ted & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
(ATK) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS CopyProtect\ASPG.exe
() C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
() C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(AlcorMicro Co., Ltd.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe
(PC Pitstop LLC) C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Postbox, Inc.) C:\Program Files (x86)\Postbox\postbox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\Ted\Downloads\FRST64(3).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-01] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [IntelliType Pro] => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1464944 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2076272 2012-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [6998656 2009-10-27] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-09-17] (VIA)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Info Center] => C:\Program Files (x86)\PCPitstop\Info Center\InfoCenter.exe [28792 2013-12-26] (PC Pitstop LLC)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [PC MaticRT] => C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRT.exe [2143552 2015-06-24] (PC Pitstop LLC)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2013-04-11] ()
HKU\S-1-5-18\...\Run: [Advanced SystemCare 8] => "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2010-02-19]
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2010-11-29]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2010-02-19]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)
ShellIconOverlayIdentifiers: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll [2007-06-15] ()
ShellIconOverlayIdentifiers: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll [2007-06-01] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon] -> {A825576B-0042-4F0F-8FB0-93CE0F054E69} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll [2007-06-15] ()
ShellIconOverlayIdentifiers-x32: [ADSMOverlayIcon1] -> {A8D448F4-0431-45AC-9F5E-E1B434AB2249} => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll [2007-06-01] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-630889681-938048696-2952789797-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-630889681-938048696-2952789797-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-630889681-938048696-2952789797-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-630889681-938048696-2952789797-1001 -> {F898C6F4-461F-4800-A2B4-DBAD01BAB261} URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-23] (Hewlett-Packard Co.)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-02-01] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-23] (Hewlett-Packard Co.)
DPF: HKLM-x32 {0D221D00-A6ED-477C-8A91-41F3B660A832} http://69.36.4.171/ReportServer/Res...033&UICulture=9&ReportStack=1&OpType=PrintCab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {1FDFCFC3-B893-43E1-9138-4A2D2452A551} https://www.t-mobilepictures.com/myalbum/scripts/downloader/FileDownloader7.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C5A7D325-20E3-4183-9FBE-BEF5359188E3} https://login.siteinspections.com/Pages/Forms/RapidSketchIncludes/eRapidSketch.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {E9168086-63EF-4693-BF0D-F8A73988FC3B} https://www.iauditexpert.com/static/rapidsketch/eRapidSketch.2.6.23.cab
Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-12-02] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{718B0176-164B-4BBA-8716-ED99E060ED08}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{B80FA8F8-E158-4583-B3DD-1A127EBEAF2B}: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Ted\AppData\Roaming\Mozilla\Firefox\Profiles\4ugwa554.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-04-17] (Adobe Systems, Inc.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-02-01] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2010-06-01] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2011-10-14] (Nexon)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll [2013-07-26] (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [2012-05-22] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [2012-05-22] (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-630889681-938048696-2952789797-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Ted\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-03-10] (Citrix Online)
FF Plugin HKU\S-1-5-21-630889681-938048696-2952789797-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Ted\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ADSMService; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [225280 2008-03-31] (ASUSTek Computer Inc.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-23] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-23] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2904864 2015-06-02] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4122968 2011-06-19] (INCA Internet Co., Ltd.)
R2 PCPitstop Realtime; C:\Program Files (x86)\PCPitstop\Super Shield\PCPitstopRTService.exe [671040 2015-06-24] (PC Pitstop LLC)
R2 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [86632 2014-04-28] (PC Pitstop LLC)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-05-07] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-07-20] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
S3 EagleX64; No ImagePath
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 glancedrv; C:\Windows\System32\DRIVERS\glancedrv.sys [36384 2009-05-13] (Glance Networks, Inc)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-03-12] (REALiX(tm))
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) [File not signed]
R4 RegFilter; No ImagePath
S3 Ser2ph; C:\Windows\System32\DRIVERS\ser2ph64.sys [89600 2009-05-19] (Prolific Technology Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-10-28] (IObit)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-11] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-07-11] ()
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 21:58 - 2015-07-16 21:58 - 02133504 _____ (Farbar) C:\Users\Ted\Downloads\FRST64(3).exe
2015-07-16 21:32 - 2015-07-16 21:32 - 00000364 _____ C:\Users\Ted\Desktop\ASC License.txt
2015-07-15 18:22 - 2015-07-15 18:22 - 02133504 _____ (Farbar) C:\Users\Ted\Downloads\FRST64(2).exe
2015-07-15 18:21 - 2015-07-15 18:22 - 01636864 _____ (Farbar) C:\Users\Ted\Downloads\FRST.exe
2015-07-15 18:09 - 2015-07-15 18:12 - 00461693 _____ C:\Users\Ted\Downloads\avgremover.log
2015-07-15 18:09 - 2015-07-15 18:09 - 03681088 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Ted\Downloads\avg_remover_stf_x64_2015_5501.exe
2015-07-12 17:53 - 2015-07-16 21:27 - 00000000 ____D C:\ProgramData\ProductData
2015-07-12 17:45 - 2015-07-12 17:45 - 00023727 _____ C:\ComboFix.txt
2015-07-12 17:37 - 2015-07-12 17:37 - 00000000 ____D C:\Users\Ted\AppData\Roaming\ProductData
2015-07-12 17:09 - 2015-07-12 17:45 - 00000000 ____D C:\Qoobox
2015-07-12 17:09 - 2015-07-12 17:42 - 00000000 ____D C:\Windows\erdnt
2015-07-12 17:09 - 2011-06-26 02:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-12 17:09 - 2010-11-07 13:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-12 17:09 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-12 17:09 - 2000-08-30 20:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-12 17:08 - 2015-07-12 17:08 - 05632449 ____R (Swearware) C:\Users\Ted\Downloads\ComboFix.exe
2015-07-12 17:02 - 2015-07-12 17:02 - 00003871 _____ C:\Users\Ted\Desktop\JRT.txt
2015-07-12 16:56 - 2015-07-12 16:56 - 00000207 _____ C:\Windows\tweaking.com-regbackup-TED-PC-Windows-7-Home-Premium-(64-bit).dat
2015-07-12 16:56 - 2015-07-12 16:56 - 00000000 ____D C:\RegBackup
2015-07-12 16:55 - 2015-07-12 16:55 - 03034102 _____ (Malwarebytes Corporation) C:\Users\Ted\Downloads\JRT.exe
2015-07-12 16:22 - 2015-07-12 16:31 - 00000000 ____D C:\AdwCleaner
2015-07-12 16:21 - 2015-07-12 16:21 - 02248704 _____ C:\Users\Ted\Downloads\adwcleaner_4.208.exe
2015-07-12 15:39 - 2015-07-12 15:39 - 00000000 _____ C:\autoexec.bat
2015-07-12 15:36 - 2015-07-12 15:36 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Ted\Downloads\SpyHunter-Installer.exe
2015-07-12 15:30 - 2015-07-12 15:30 - 00004998 _____ C:\malware scan.txt
2015-07-12 14:55 - 2015-07-12 15:29 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-12 14:55 - 2015-07-12 14:55 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-12 14:55 - 2015-07-12 14:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-12 14:55 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-12 14:55 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-12 14:55 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-12 14:53 - 2015-07-12 14:54 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Ted\Downloads\mbam-setup-2.1.8.1057.exe
2015-07-11 08:19 - 2015-07-11 09:01 - 00000000 ____D C:\ProgramData\RogueKiller
2015-07-11 08:19 - 2015-07-11 08:19 - 00035064 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-07-11 08:17 - 2015-07-11 08:18 - 18070088 _____ C:\Users\Ted\Downloads\RogueKiller.exe
2015-07-09 07:46 - 2015-07-09 07:46 - 00002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-07-09 07:45 - 2015-07-16 21:32 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 07:45 - 2015-07-16 20:47 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 07:45 - 2015-07-15 16:27 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-09 07:45 - 2015-07-15 16:27 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-09 07:45 - 2015-07-09 07:45 - 00931408 _____ (Google Inc.) C:\Users\Ted\Downloads\GoogleEarthSetup(1).exe
2015-07-09 07:39 - 2015-07-09 07:39 - 00107264 _____ C:\Users\Ted\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-09 07:38 - 2015-07-15 18:10 - 00006320 _____ C:\Windows\PFRO.log
2015-07-09 07:38 - 2015-07-09 07:38 - 00413968 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-09 07:32 - 2015-07-15 18:11 - 00000336 _____ C:\Windows\setupact.log
2015-07-09 07:32 - 2015-07-09 07:32 - 00000000 _____ C:\Windows\setuperr.log
2015-07-09 05:47 - 2015-07-09 05:47 - 02112512 _____ (Farbar) C:\Users\Ted\Downloads\FRST64(1).exe
2015-07-08 22:22 - 2015-07-15 18:27 - 00052851 _____ C:\Users\Ted\Downloads\Addition.txt
2015-07-08 22:18 - 2015-07-16 21:59 - 00022404 _____ C:\Users\Ted\Downloads\FRST.txt
2015-07-08 22:18 - 2015-07-16 21:59 - 00000000 ____D C:\FRST
2015-07-08 22:17 - 2015-07-08 22:17 - 02112512 _____ (Farbar) C:\Users\Ted\Downloads\FRST64.exe
2015-07-08 15:44 - 2015-07-08 15:44 - 00001161 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-08 15:44 - 2015-07-08 15:44 - 00001149 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-08 15:44 - 2015-07-08 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-08 15:43 - 2015-07-08 15:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-06 09:06 - 2015-07-06 09:06 - 00055296 _____ C:\Users\Ted\Downloads\SketchCodes.xls
2015-07-04 09:45 - 2015-07-04 09:45 - 00001190 _____ C:\Users\Ted\Desktop\Game Booster 3.lnk
2015-07-02 08:49 - 2015-07-16 15:17 - 00000000 ____D C:\Users\Ted\Desktop\AITV
2015-06-24 19:46 - 2014-04-15 13:02 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2015-06-20 15:12 - 2015-07-12 16:53 - 00000000 ____D C:\Users\Ted\AppData\Local\FullTiltPoker
2015-06-20 15:11 - 2015-06-20 15:12 - 01982558 _____ C:\nsisinstall.log
2015-06-20 15:05 - 2015-06-20 15:10 - 64289104 _____ C:\Users\Ted\Downloads\FullTiltSetup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-16 21:58 - 2014-10-30 09:07 - 00000000 ____D C:\ProgramData\PCPitstopDat
2015-07-16 21:40 - 2015-03-10 09:56 - 00000534 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001.job
2015-07-16 21:35 - 2010-09-13 07:18 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-16 21:34 - 2009-07-13 22:34 - 00000672 _____ C:\Windows\win.ini
2015-07-16 21:32 - 2015-05-30 23:21 - 00000630 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001.job
2015-07-16 21:28 - 2010-09-13 07:18 - 00000000 ____D C:\Users\Ted\AppData\Roaming\IObit
2015-07-16 21:23 - 2015-04-14 12:58 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-16 20:50 - 2013-10-31 15:54 - 00000000 ____D C:\Users\Ted\Desktop\FARA2013
2015-07-16 20:35 - 2010-02-19 00:41 - 01053724 _____ C:\Windows\WindowsUpdate.log
2015-07-16 15:34 - 2015-01-02 10:39 - 00000000 ____D C:\Users\Ted\Desktop\York2015
2015-07-16 00:12 - 2014-10-30 08:47 - 00000000 ____D C:\ProgramData\PCPitstop
2015-07-15 18:21 - 2009-07-14 00:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-15 18:21 - 2009-07-14 00:45 - 00019056 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-15 18:12 - 2010-09-22 16:52 - 00000000 ____D C:\Program Files (x86)\AVG
2015-07-15 18:11 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-15 18:10 - 2013-03-13 06:34 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-15 18:10 - 2013-03-13 06:34 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-15 16:45 - 2013-03-13 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-15 08:49 - 2015-04-14 12:58 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 08:49 - 2014-12-18 16:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 08:49 - 2014-12-18 16:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-12 17:45 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Default
2015-07-12 17:37 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini
2015-07-12 17:35 - 2009-07-13 22:34 - 88080384 _____ C:\Windows\system32\config\SOFTWARE.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 30146560 _____ C:\Windows\system32\config\SYSTEM.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 01048576 _____ C:\Windows\system32\config\DEFAULT.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 00061440 _____ C:\Windows\system32\config\SAM.bak
2015-07-12 17:35 - 2009-07-13 22:34 - 00028672 _____ C:\Windows\system32\config\SECURITY.bak
2015-07-12 17:33 - 2010-09-12 18:51 - 00000000 ____D C:\Users\Ted
2015-07-12 16:57 - 2010-10-17 15:11 - 00000000 ____D C:\ProgramData\IObit
2015-07-12 16:34 - 2010-02-19 01:16 - 00001954 _____ C:\Windows\system32\ServiceFilter.ini
2015-07-12 15:25 - 2011-02-10 08:17 - 00000000 ____D C:\Users\Ted\AppData\Local\Microsoft Help
2015-07-12 15:25 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Performance
2015-07-11 09:20 - 2012-05-17 07:27 - 00038400 _____ C:\Users\Ted\Desktop\bill-payment-schedule.xls
2015-07-10 13:12 - 2015-05-30 23:21 - 00003652 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001
2015-07-10 13:12 - 2015-03-10 09:56 - 00003556 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001
2015-07-10 11:02 - 2013-07-18 13:09 - 00000000 ____D C:\Users\Ted\Desktop\york
2015-07-09 07:45 - 2010-09-13 15:48 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-09 07:38 - 2014-11-28 17:11 - 00000000 ____D C:\IObit
2015-07-08 15:35 - 2011-10-21 14:06 - 00000000 ____D C:\Users\Guest
2015-07-08 15:35 - 2010-02-19 01:16 - 00000000 ____D C:\ProgramData\P4G
2015-07-08 15:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2015-07-04 10:05 - 2015-06-13 09:51 - 00000000 ____D C:\Program Files\Common Files\AV
2015-07-04 09:53 - 2012-12-11 23:34 - 00000000 ____D C:\Users\Ted\AppData\Local\AdFender
2015-07-02 08:46 - 2015-04-16 11:45 - 00000000 ____D C:\Users\Ted\Desktop\Best
2015-07-01 18:04 - 2010-02-19 01:02 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-23 13:30 - 2014-08-22 17:24 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-06-23 10:10 - 2014-11-28 10:50 - 00001394 _____ C:\Windows\SysWOW64\userawacs.cfg
2015-06-23 10:10 - 2014-11-28 10:50 - 00000200 _____ C:\Windows\SysWOW64\usergui.cfg

==================== Files in the root of some directories =======

2013-12-09 11:38 - 2014-03-14 10:56 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2008-05-22 12:35 - 2008-05-22 12:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 14:31 - 2009-04-08 14:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 01:45 - 2008-08-12 01:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2014-06-19 17:00 - 2014-06-19 17:00 - 0000024 _____ () C:\Users\Ted\AppData\Roaming\temp.ini
2014-10-20 20:13 - 2015-01-29 18:01 - 0009216 _____ () C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 09:35 - 2012-12-01 09:35 - 0027520 _____ () C:\Users\Ted\AppData\Local\dt.dat
2014-11-11 12:24 - 2014-11-11 12:24 - 0007602 _____ () C:\Users\Ted\AppData\Local\Resmon.ResmonCfg
2010-11-19 15:07 - 2013-02-22 18:52 - 0009006 _____ () C:\ProgramData\hpzinstall.log
2014-02-10 10:12 - 2014-02-10 10:13 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-13 12:06

==================== End of log ============================

broni · 2015/07/17

I still need Addition.txt log.

tedgen · 2015/07/18

Sorry

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by Ted at 2015-07-16 22:00:15
Running from C:\Users\Ted\Downloads
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-630889681-938048696-2952789797-500 - Administrator - Disabled)
Guest (S-1-5-21-630889681-938048696-2952789797-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-630889681-938048696-2952789797-1003 - Limited - Enabled)
Ted (S-1-5-21-630889681-938048696-2952789797-1001 - Administrator - Enabled) => C:\Users\Ted

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: PC Matic Super Shield (Enabled - Up to date) {A75D148F-9EA0-5C05-DCC3-E2888D63FFEC}
AS: PC Matic Super Shield (Enabled - Up to date) {1C3CF56B-B89A-538B-E673-D9FAF6E4B551}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4500_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.144 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{0E3C52E0-B4F1-4D1E-B172-E390813BD9FE}) (Version: 12.1.8.158 - Adobe Systems, Inc)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}) (Version: 1.5.17.25482 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.5.17.25482 - Alcor Micro Corp.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}) (Version: 1.0.8 - ASUS)
ASUS CopyProtect (HKLM-x32\...\{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}) (Version: 1.0.0015 - ASUS)
ASUS Data Security Manager (HKLM-x32\...\{FA2092C5-7979-412D-A962-6485274AE1EE}) (Version: 1.00.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS)
ASUS Live Update (HKLM-x32\...\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}) (Version: 2.5.9 - ASUS)
ASUS MultiFrame (HKLM-x32\...\{9D48531D-2135-49FC-BC29-ACCDA5396A76}) (Version: 1.0.0019 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}) (Version: 1.1.28 - ASUS)
ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0008 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0028 - ASUS)
ASUS USB2.0 UVC VGA WebCam (HKLM\...\ASUS USB2.0 UVC VGA WebCam) (Version: 5.8.53120.203 - Sonix)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.19 - asus)
ASUS_Screensaver (HKLM-x32\...\ASUS_Screensaver) (Version: - )
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0001 - ASUS)
Aurigma Image Uploader 5.7 Redistributable (HKLM-x32\...\{04A8C405-7DCC-4D12-9A69-02C063CC80D6}) (Version: 5.7.24 - Aurigma Inc.)
BatteryBar (remove only) (HKLM\...\BatteryBar) (Version: - )
BlackShot Ã¦°Ã… (HKLM-x32\...\BlackShot) (Version: - )
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Canon G.726 WMP-Decoder (HKLM-x32\...\Canon G.726 WMP-Decoder) (Version: 1.1.0.4 - Canon Inc.)
Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 2.6.0.4 - Canon Inc.)
Canon RAW Image Task for ZoomBrowser EX (HKLM-x32\...\RAW Image Task) (Version: 0.9.3.9 - Canon Inc.)
Canon Utilities MyCamera DC (HKLM-x32\...\MyCameraDC) (Version: 7.0.1.8 - Canon Inc.)
Canon Utilities RemoteCapture Task for ZoomBrowser EX (HKLM-x32\...\RemoteCaptureTask) (Version: 1.7.1.9 - Canon Inc.)
Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.1.0.20 - Canon Inc.)
Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.4.11245.0 - Cisco Consumer Products LLC)
Citrix Online Launcher (HKLM-x32\...\{1EFF9E6C-76E1-43F9-81FB-BC8C037B0902}) (Version: 1.0.258 - Citrix)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ControlDeck (HKLM-x32\...\{5B65EF64-1DFA-414A-8C94-7BB726158E21}) (Version: 1.0.5 - ASUS)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
EasyGPS 4.18 (HKLM-x32\...\EasyGPS_is1) (Version: 4.18 - TopoGrafix)
ETDWare PS/2-x64 7.0.5.9_WHQL (HKLM\...\Elantech) (Version: - )
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.5 - ASUS)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
Flashback Demo (HKLM-x32\...\Steam App 246540) (Version: - )
FormDocs 8.3.0 (HKLM-x32\...\FormDocs) (Version: 8.3.0 - FormDocs LLC)
Fotosizer 1.29 (HKLM-x32\...\Fotosizer) (Version: 1.29 - Fotosizer.com)
Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)
Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)
GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
GoToMeeting 7.2.3.3019 (HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\GoToMeeting) (Version: 7.2.3.3019 - CitrixOnline)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential (HKLM-x32\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.2 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ieSpell (HKLM-x32\...\ieSpell) (Version: 2.6.4 (build 573) - Red Egg Software)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
J4500 (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.0.162.0 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Streets & Trips 2013 (HKLM-x32\...\{C82185E8-C27B-4EF4-2013-4444BC2C2B6D}) (Version: 19.0.18.2600 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
Nexon Game Manager (HKLM-x32\...\{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}) (Version: - )
Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Officejet J4500 Series (HKLM\...\{E11448F2-0B44-4239-B04E-D88FE743E929}) (Version: 13.0 - HP)
PC Matic 1.1.0.51 (HKLM-x32\...\PC Matic_is1) (Version: 1.1.0.51 - PC Pitstop LLC)
PC Matic Super Shield 1.0.0.55 (HKLM-x32\...\PC Pitstop SuperShield_is1) (Version: 1.0.0.55 - PC Pitstop LLC)
PC Pitstop Info Center 1.0.0.18 (HKLM-x32\...\PCPitstopInfoCenter_is1) (Version: 1.0.0.18 - PC Pitstop LLC.)
PDF-XChange 3 (HKLM-x32\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
Postbox (3.0.11) (HKLM-x32\...\Postbox (3.0.11)) (Version: 3.0.11 (en-US) - Postbox, Inc.)
ProductContext (x32 Version: 50.0.165.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
RapidSketch Web 2.6.21 (HKLM-x32\...\{043E71F2-A1E3-48BF-9ED1-694E80938DC9}) (Version: 2.6.21 - RapidSketch)
RapidSketch Web 2.6.23 (HKLM-x32\...\{1B39E41B-5670-4775-91B0-D34344811764}) (Version: 2.6.23 - RapidSketch)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RoboType (PC Magazine) (HKLM-x32\...\RoboType_is1) (Version: 3.1.2 - Ziff Davis Media, Inc.)
SAMSUNG Intelli-studio (HKLM-x32\...\Intelli-studio) (Version: - )
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.21 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.21.104 - Skype Technologies S.A.)
Smart Defrag 3 (HKLM-x32\...\Smart Defrag 3 Pro_is1) (Version: 3.3 - IObit)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.2300 - SRS Labs, Inc.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.26.0 - ASUS)
Winmail Opener 1.6 (HKLM-x32\...\Winmail Opener) (Version: 1.6 - Eolsoft)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.15 - ASUS)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-630889681-938048696-2952789797-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\2553\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

12-07-2015 16:41:33 Revo Uninstaller's restore point - SpyHunter 4
12-07-2015 16:49:39 Revo Uninstaller's restore point - Full Tilt Poker
15-07-2015 16:42:24 Windows Update
16-07-2015 21:25:54 Revo Uninstaller's restore point - IObit Malware Fighter
16-07-2015 21:29:34 Revo Uninstaller's restore point - IObit Uninstaller
16-07-2015 21:33:08 Revo Uninstaller's restore point - Advanced SystemCare 8
16-07-2015 21:34:36 Revo Uninstaller's restore point - Advanced SystemCare 8

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2015-07-12 17:37 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {011CF248-2B95-4F55-BAEF-987A8B014FB7} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)
Task: {12949EA1-BD52-4022-B8A0-F88468B7F2AA} - System32\Tasks\{423D5F01-DBDF-4D6C-94DF-B2627A2D6F6F} => pcalua.exe -a C:\Users\Ted\Downloads\Glance__s51c!glance!net_5500_80_215724!6074!999106336_50000,60,5,15,5,60,0,0,1_1090314623_5501_443_viewer.exe -d C:\Users\Ted\Downloads
Task: {155C4221-5B91-45D5-AA9F-4FE200FE3657} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2009-07-23] (ATK)
Task: {180B9101-C4D1-4DEE-B6B7-B496BCC01F40} - System32\Tasks\{3A7B9574-6095-4426-9D5B-B879A38AABFD} => pcalua.exe -a E:\setup.exe -d E:\
Task: {1D4DD214-8998-4777-BD9A-618AD0A1F5E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {212E812C-914D-436B-9305-3AB504572C96} - System32\Tasks\ASPG => C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe [2009-06-29] (ASUS)
Task: {2F53879B-12FE-44C2-9A40-357D8D535A2E} - System32\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {39B822A6-C3DC-41A0-A7A5-B9EE473ACE64} - System32\Tasks\{0DB8F45E-317F-4284-A606-7BD5E624BA9A} => pcalua.exe -a C:\Users\Ted\AppData\Local\Temp\Temp2_robotype3.zip\setup.exe
Task: {3A0DAA23-8D88-458A-97E6-1A9B61110A96} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {4F9BD2A8-3187-4A40-A492-B6209C5DCE1D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {7C4B7537-8061-4857-A336-826179556C5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {8971DC08-5C2C-47FC-99E5-4A855DA7D20E} - System32\Tasks\ASUSControlDeck => C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe [2009-11-24] ()
Task: {A06D202D-FE7A-4899-837A-65F7D8EAE825} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-09] (Google Inc.)
Task: {B2320083-CDAE-4ED0-A403-95E92B029D7F} - System32\Tasks\{F51D8FBE-44FA-4C36-9F43-CCC206DF9211} => pcalua.exe -a C:\Reliable\iPhoto\uninstall.exe
Task: {BBE16DFF-4F01-4986-B7D7-7BBED7CEC935} - System32\Tasks\SmartDefrag3_Update => C:\Program Files (x86)\IObit\Smart Defrag 3\AutoUpdate.exe [2014-10-28] (IObit)
Task: {BDB63CEE-ECDB-46B7-8DE7-07BB89628016} - System32\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001 => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe [2015-07-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {BF2A0EED-441E-46B3-BE44-A1A4263BAF3E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2012-11-02] (Microsoft Corporation)
Task: {C53F583E-4A1A-4E85-9D40-0F915E81AF24} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2012-11-02] (Microsoft Corporation)
Task: {C730E746-00EF-4ABB-8ABC-D9A84FF1EFC2} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2013-06-08] ()
Task: {D604A3AB-CCBC-493E-A56F-8C4303AE01C4} - System32\Tasks\WC3 => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-01-04] ()
Task: {E5359605-CC9D-4AE2-AFF5-5EC43A7837DD} - System32\Tasks\{84364E06-B991-476F-A8A5-0A932942CD22} => C:\Program Files (x86)\IObit\IObit Uninstaller\Uninstaler_SkipUac.exe
Task: {EA847CE8-2F6B-4A56-ACD2-8BF5C70963F2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2012-11-02] (Microsoft)
Task: {EFA11D57-1E4F-4B81-84C2-F2060BE8B74D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe [2007-11-30] ()
Task: {F1E581BC-9A58-459E-9EA1-19FC941E2148} - System32\Tasks\{AC917259-48CE-4F47-9C2B-2E4B2EF49D29} => pcalua.exe -a "C:\Reliable\Diagramming Tool\uninstall.exe" -d "C:\Reliable\Diagramming Tool "
Task: {FAACD2AF-CF64-497F-A4FD-F8AB4CFEAD04} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-01-06] (ATK)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-630889681-938048696-2952789797-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-630889681-938048696-2952789797-1001.job => C:\Program Files (x86)\Citrix\GoToMeeting\3019\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2007-06-15 14:28 - 2007-06-15 14:28 - 00104960 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt64.dll
2007-06-01 20:52 - 2007-06-01 20:52 - 00159744 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
2014-05-01 15:29 - 2014-05-01 15:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2008-10-01 03:02 - 2008-10-01 03:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2009-11-24 17:45 - 2009-11-24 17:45 - 00053888 _____ () C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
2009-12-23 17:12 - 2009-12-23 17:12 - 00017920 _____ () C:\Program Files\P4G\DevMng.dll
2009-12-18 23:11 - 2009-12-18 23:11 - 00033280 _____ () C:\Program Files\P4G\OvrClk.dll
2010-01-04 21:43 - 2010-01-04 21:43 - 01597440 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
2010-02-19 01:16 - 2007-11-30 15:20 - 00051768 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
2012-04-23 16:48 - 2013-05-07 11:00 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-02-19 01:12 - 2009-05-07 04:51 - 00071680 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2010-02-19 01:12 - 2009-05-07 04:53 - 00379392 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2010-02-19 01:12 - 2008-01-18 02:49 - 00098816 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2010-02-19 01:12 - 2009-09-15 23:37 - 47601664 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2014-11-01 19:16 - 2014-04-15 13:02 - 00524288 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\SQLiteEncrypt.dll
2014-10-30 09:08 - 2015-06-26 03:13 - 00184184 _____ () C:\ProgramData\PCPitstopDat\dat\libBase64.dll
2014-10-30 09:08 - 2015-06-26 03:13 - 00175992 _____ () C:\ProgramData\PCPitstopDat\dat\libMachoUniv.dll
2014-11-01 19:16 - 2015-06-24 18:29 - 00187200 _____ () C:\Program Files (x86)\PCPitstop\Super Shield\PCMaticRTen.dll
2014-04-19 20:58 - 2014-06-04 19:02 - 01826816 _____ () C:\Program Files (x86)\Postbox\mozjs.dll
2014-04-19 20:58 - 2014-06-04 19:02 - 00155648 _____ () C:\Program Files (x86)\Postbox\NSLDAP32V60.dll
2014-04-19 20:58 - 2014-06-04 19:02 - 00015360 _____ () C:\Program Files (x86)\Postbox\NSLDAPPR32V60.dll
2007-06-15 14:28 - 2007-06-15 14:28 - 00147456 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
2007-06-01 21:08 - 2007-06-01 21:08 - 00143360 _____ () C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:42D9E231
AlternateDataStreams: C:\Users\Ted\Desktop\Assignment Qualifications.eml:OECustomProperty

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\jmireports.com -> hxxps://www.jmireports.com
IE trusted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\jmireports.net -> hxxps://www.jmireports.net

IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-630889681-938048696-2952789797-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4791 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-630889681-938048696-2952789797-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ted\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ADSMTray => C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5D661336-839B-4FDF-92A6-585A7B9F55D6}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D14C601E-6270-4C5D-806A-B5D0FA516EAF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{F898360D-FE23-457A-8191-561D76398F8E}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{74A921A9-F8BD-4E58-9AF6-9A231EB3C8BB}C:\program files (x86)\google\google earth\client\googleearth.exe] => (Allow) C:\program files (x86)\google\google earth\client\googleearth.exe
FirewallRules: [{00FED1AA-D353-4E1D-B699-A85165EA4DF4}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{DB71DA05-3758-4065-AE31-E2A506AB5916}] => (Allow) svchost.exe
FirewallRules: [{07588F4E-1002-490B-8FFD-AFF51F48B9EE}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [TCP Query User{B4A6EC09-1BF4-48B5-BA9A-692A8BEF9902}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [UDP Query User{1DA8C964-353A-4F16-A5D7-1369D5A7446A}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Allow) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe
FirewallRules: [{B9661A7D-1B4E-4007-8A09-7EAA0449E6F1}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{861E2316-7588-4D05-B4E1-69298A31D94B}] => (Allow) LPort=2869
FirewallRules: [{BD3FE53D-DCC9-4112-85B7-EDE6ACDB3227}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{604A1B71-C6FA-4B75-A7D4-5E3A369C33DE}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{60E76E39-A5BF-424D-9319-572FA4763C10}C:\program files (x86)\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files (x86)\google\google earth\plugin\geplugin.exe
FirewallRules: [{5738F3F7-7C51-4069-A4BE-E41D6EDDF34B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{18B3BFD1-468A-4A38-9C76-C57A917D39E6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{B1DE1EA5-CA10-4F32-8839-39A17DF4F7D3}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{0764966C-1B12-4401-9FB2-817B60F42C7D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{2AA10CBB-7EFA-4F77-B6AC-D68FEA7A31D4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{1B2EB6EB-954E-4AF1-85EE-15C0CBCCAFEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{A812322D-50DE-4D95-AF02-28787E8C3468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{61311935-AC51-4BB7-B8D5-29FDBD8CA77A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{A9BE6AB6-97D9-41EE-BB8A-78D139916105}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{BBEA9E4A-9215-4D71-B812-8C393300D768}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{9ECD8615-88B3-4E49-A2F8-23C41D466474}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{CA706EC6-CEE2-4B46-A130-5FA0C2896593}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{191A997F-C248-4DC3-859B-0735662A2003}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{D6068B9E-C903-4856-B698-86D4153452B2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{B6CAF367-523E-46CA-A0F2-7BFFCB365130}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{572797D7-0F7E-46A6-9B2E-81667AADEAF5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{6D1ADD77-F71A-497A-B762-8902B3A14DC8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{23482F66-6B54-4B24-B369-C08771E28000}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{33778173-C7F8-4174-AAAE-A4C4E9773A47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{2BC80BCD-43B1-448C-8215-1786BE774DCD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F3A02429-E3F0-4B02-9F35-92658EE2D4F3}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A1B7FD2D-0B83-4E1B-953A-A4205AF9F1C6}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F9E859DF-23E9-4408-8F40-A85068B4E7F0}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{419763C7-239D-41BC-B1CC-ADA7F7543667}] => (Allow) C:\ProgramData\NexonUS\NGM\NGM.exe
FirewallRules: [{8D3EA64B-FD61-435F-875E-9809D6A2F908}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [TCP Query User{97A0DEC1-8A70-46E3-B483-11C3BE80BD9C}C:\users\ted\downloads\blackshot_garenaplus_installer.exe] => (Allow) C:\users\ted\downloads\blackshot_garenaplus_installer.exe
FirewallRules: [UDP Query User{8E4AD884-8D36-4607-8C43-547416E68338}C:\users\ted\downloads\blackshot_garenaplus_installer.exe] => (Allow) C:\users\ted\downloads\blackshot_garenaplus_installer.exe
FirewallRules: [{150D98E6-DECB-4EC1-83AE-0BED3DE63DE4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DD7A0C4A-6B1B-4968-A9DE-5AD689082F25}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{1FBFC89C-0FBD-4E4B-A014-F4A63B58BBD3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{AC146B50-C363-4718-940D-44E34D2BE55A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{E4E7B4E5-CD2A-4619-93C2-EF075D93E1F5}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1544\Agent.exe
FirewallRules: [{708EEC55-0ACD-4F89-BB20-75CB5057F03B}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{E602C911-4DA3-471C-80B8-F6F4593DD4E1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{01D852A6-4E87-42C2-B9A3-F29039200686}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{83BEDC2A-77C0-4ADA-9208-802FE5EA5C3A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C1DE7015-0696-4383-939F-AEC47F82E77D}] => (Allow) D:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{E2E01CE7-C615-49CB-ABD9-D91E424C1163}] => (Allow) D:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{135DA4FD-5F42-4440-BCB8-395B4ED69BAC}] => (Allow) C:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{38835C38-AACF-44B3-BBDD-536838FCB630}] => (Allow) C:\Program Files\BlackShot\BlackShot\system\blackshot.exe
FirewallRules: [{27565E3A-133F-4960-8B91-695E3FBF4CA0}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{E24484A7-FCFC-4115-9CEB-8096C9C98D3E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe
FirewallRules: [{5E5456D7-454C-4579-810B-89A8E529C027}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4660FD38-A829-4929-8E2C-2CF01B2C1AF6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: ASUS USB2.0 UVC VGA WebCam
Description: ASUS USB2.0 UVC VGA WebCam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Azureware
Service: SNP2UVC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

Name: Atheros AR9285 Wireless Network Adapter
Description: Atheros AR9285 Wireless Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Atheros Communications Inc.
Service: athr
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action ", and then click "Enable Device ". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/16/2015 08:36:28 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Shockwave Player 12.1 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/16/2015 08:36:28 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Shockwave Player 12.1 -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/12/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location G:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

System errors:
=============
Error: (07/16/2015 09:35:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Advanced SystemCare Service 8 service terminated unexpectedly. It has done this 1 time(s).

Error: (07/15/2015 06:11:05 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/15/2015 06:10:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/15/2015 06:10:48 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:50 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:35:34 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (07/12/2015 05:34:46 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/12/2015 05:34:38 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (07/12/2015 05:33:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Microsoft Office:
=========================
Error: (07/16/2015 08:36:28 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Shockwave Player 12.1 -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/16/2015 08:36:28 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Shockwave Player 12.1 -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/12/2015 05:48:54 AM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:50:46 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/08/2015 03:30:32 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/05/2015 07:00:01 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: G:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

CodeIntegrity Errors:
===================================
Date: 2015-07-12 17:33:51.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-12 17:33:50.851
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-04-02 05:20:07.051
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:34.462
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:33.869
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:33.229
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-04-02 01:21:32.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:42.931
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:42.400
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-03-31 12:22:41.652
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\PCPitstop\Super Shield\pcmaticrt-wsc.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 54%
Total physical RAM: 4061.09 MB
Available physical RAM: 1867.65 MB
Total Virtual: 8120.35 MB
Available Virtual: 5927.64 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.11 GB) (Free:352.51 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 76692CA8)
Partition 1: (Not Active) - (Size=14.6 GB) - (Type=1C)
Partition 2: (Active) - (Size=451.1 GB) - (Type=07 NTFS)

==================== End of log ============================

broni · 2015/07/18

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

tedgen · 2015/07/18

Fix result of Farbar Recovery Scan Tool (x64) Version:18-07-2015 01
Ran by Ted at 2015-07-18 12:09:55 Run:1
Running from C:\Users\Ted\Downloads
Loaded Profiles: Ted (Available Profiles: Ted & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-630889681-938048696-2952789797-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
S3 EagleX64; No ImagePath
S3 MREMPR5; No ImagePath
S3 MRENDIS5; No ImagePath
R4 RegFilter; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
2013-12-09 11:38 - 2014-03-14 10:56 - 0003745 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2008-05-22 12:35 - 2008-05-22 12:35 - 0051962 _____ () C:\Program Files (x86)\Common Files\banner.jpg
2009-04-08 14:31 - 2009-04-08 14:31 - 0106496 _____ () C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 01:45 - 2008-08-12 01:45 - 0155648 _____ (ASUS) C:\Program Files (x86)\Common Files\MSIactionall.dll
2014-06-19 17:00 - 2014-06-19 17:00 - 0000024 _____ () C:\Users\Ted\AppData\Roaming\temp.ini
2014-10-20 20:13 - 2015-01-29 18:01 - 0009216 _____ () C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-12-01 09:35 - 2012-12-01 09:35 - 0027520 _____ () C:\Users\Ted\AppData\Local\dt.dat
2014-11-11 12:24 - 2014-11-11 12:24 - 0007602 _____ () C:\Users\Ted\AppData\Local\Resmon.ResmonCfg
2010-11-19 15:07 - 2013-02-22 18:52 - 0009006 _____ () C:\ProgramData\hpzinstall.log
2014-02-10 10:12 - 2014-02-10 10:13 - 0000458 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
AlternateDataStreams: C:\ProgramData\TEMP:42D9E231
AlternateDataStreams: C:\Users\Ted\Desktop\Assignment Qualifications.eml:OECustomProperty

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-630889681-938048696-2952789797-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
EagleX64 => Service removed successfully
MREMPR5 => Service removed successfully
MRENDIS5 => Service removed successfully
RegFilter => Unable to stop service.
RegFilter => Service could not remove
catchme => Service removed successfully
xhunter1 => Service removed successfully
C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml => moved successfully.
C:\Program Files (x86)\Common Files\banner.jpg => moved successfully.
C:\Program Files (x86)\Common Files\CPInstallAction.dll => moved successfully.
C:\Program Files (x86)\Common Files\MSIactionall.dll => moved successfully.
C:\Users\Ted\AppData\Roaming\temp.ini => moved successfully.
C:\Users\Ted\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
C:\Users\Ted\AppData\Local\dt.dat => moved successfully.
C:\Users\Ted\AppData\Local\Resmon.ResmonCfg => moved successfully.
C:\ProgramData\hpzinstall.log => moved successfully.
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully.
C:\ProgramData\TEMP => ":42D9E231" ADS removed successfully.
C:\Users\Ted\Desktop\Assignment Qualifications.eml => ":OECustomProperty" ADS removed successfully.

==== End of Fixlog 12:10:01 ====

broni · 2015/07/18

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Other Services

Press "Scan ".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

Double click the icon and select Run

Click Next

Select I accept the terms in this license agreement, then click Next twice

Click Install

Click Finish to launch the program

Once the virus database has been updated click Start Scanning

If any threats are found click Details, then View log file... (bottom left hand corner)

Copy and paste the results in your reply

Close the Notepad document, close the Threat Details screen, then click Start cleanup

Click Exit to close the program

tedgen · 2015/07/18

Results of screen317's Security Check version 1.005
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
PC Matic Super Shield
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.1
Java 7 Update 72
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Reader XI
Mozilla Firefox (39.0)
````````Process Check: objlist.exe by Laurent````````
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

tedgen · 2015/07/18

Farbar Service Scanner Version: 17-01-2015
Ran by Ted (administrator) on 18-07-2015 at 14:24:25
Running from "C:\Users\Ted\Downloads "
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Google.com is unreachable
Attempt to access Yahoo.com returned error: Yahoo.com is unreachable

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

tedgen · 2015/07/19

zero threats found.

broni · 2015/07/19

Update your Java version here: http://www.java.com/en/download/manual.jsp
Alternate download: http://www.filehippo.com/search?q=java

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.
Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

====================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)

Remove disinfection tools

Create registry backup

Purge System Restore

Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

Log in or Sign up

Solved Memory hijack

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Memory hijack

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Attached Files:

fixlist.txt

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

tedgen Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches