API tools faq
paste
Advertisement
htgawm

frst 22515

htgawm
Feb 25th, 2015
33
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.26 KB | None | 0 0
raw download clone embed print report
  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
  2. Ran by One (administrator) on ONE-PC on 25-02-2015 10:11:04
  3. Running from C:\Users\One\Desktop
  4. Loaded Profiles: One (Available profiles: One)
  5. Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
  6. Internet Explorer Version 11 (Default browser: Chrome)
  7. Boot Mode: Normal
  8. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
  9.  
  10. ==================== Processes (Whitelisted) =================
  11.  
  12. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  13.  
  14. (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  15. (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
  16. (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
  17. (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
  18. (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
  19. (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
  20. (Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
  21. (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
  22. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  23. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
  24. (Intel Corporation) C:\Windows\System32\igfxtray.exe
  25. (Intel Corporation) C:\Windows\System32\hkcmd.exe
  26. (Intel Corporation) C:\Windows\System32\igfxpers.exe
  27. (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  28. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
  29. (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
  30. (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
  31. (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
  32. (Microsoft Corporation) C:\Windows\System32\regsvr32.exe
  33. (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
  34. (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  35. (Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
  36. (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
  37. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
  38. (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
  39. (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
  40. (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
  41. (Dolby Laboratories Inc.) C:\DOLBY PCEE4\pcee4.exe
  42. (CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
  43. (Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  44. (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
  45. (CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
  46. (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
  47. (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
  48. (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
  49. (CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
  50. (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
  51. (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
  52. (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
  53. (Lift Seller) C:\Users\One\AppData\Local\YgPack\01423089035499.exe
  54. () C:\Users\One\AppData\Local\Temp\oynpyai.exe
  55. (Microsoft Corporation) C:\Windows\splwow64.exe
  56. (CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
  57. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
  58. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  59. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  60. (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
  61. (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
  62. (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
  63. (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
  64. (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
  65. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
  66. (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
  67.  
  68.  
  69. ==================== Registry (Whitelisted) ==================
  70.  
  71. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  72.  
  73. HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
  74. HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
  75. HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-08] (Realtek Semiconductor)
  76. HKLM\...\Run: [Power Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1796200 2011-02-22] (Acer Incorporated)
  77. HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
  78. HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
  79. HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
  80. HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
  81. HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
  82. HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340336 2010-09-27] (Egis Technology Inc.)
  83. HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-09-17] (Egis Technology Inc.)
  84. HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-09-17] (Egis Technology Inc.)
  85. HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-03-09] (NTI Corporation)
  86. HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
  87. HKLM-x32\...\Run: [Dolby Advanced Audio v2] => C:\Dolby PCEE4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
  88. HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-02-18] (CyberLink Corp.)
  89. HKLM-x32\...\Run: [SiteAdvisor] => C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe [36640 2007-08-24] ()
  90. HKLM-x32\...\Run: [McENUI] => Ɣ\McENUI.exe /hide
  91. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
  92. HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
  93. HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
  94. HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
  95. HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
  96. HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
  97. HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
  98. HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
  99. HKLM-x32\...\Run: [] => [X]
  100. HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
  101. HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
  102. Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
  103. HKLM\...\Policies\Explorer: [NoControlPanel] 0
  104. HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
  105. HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
  106. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [AdobeBridge] => [X]
  107. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [YgPack] => C:\Users\One\AppData\Local\YgPack\01423089035499.exe [434176 2015-02-04] (Lift Seller)
  108. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [Ozzics] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\One\AppData\Local\YgPack\Compare.dll
  109. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [Ilcsoft] => regsvr32.exe C:\Users\One\AppData\Local\Ilcsoft\PDFPrevHndlrShim.dll <===== ATTENTION
  110. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [FlashPlayerUpdate] => C:\Users\One\AppData\Local\Macromedia\Flash Player\FlashPlayerUpdateService.exe [262144 2015-02-24] ()
  111. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [] => C:\Users\One\AppData\Local\Temp\oynpyai.exe [755131 2015-02-23] () <===== ATTENTION
  112. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2015-02-23] (Google Inc.)
  113. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Policies\Explorer: [NoInstrumentation] 1
  114. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\MountPoints2: E - E:\LaunchU3.exe
  115. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\MountPoints2: {89533668-6ab8-11e4-87a0-b870f4816a71} - E:\LaunchU3.exe
  116. HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
  117.  
  118. ==================== Internet (Whitelisted) ====================
  119.  
  120. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  121.  
  122. HKU\S-1-5-21-2242490449-405659501-1643814704-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
  123. SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
  124. SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
  125. SearchScopes: HKU\S-1-5-21-2242490449-405659501-1643814704-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  126. BHO: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
  127. BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> No File
  128. BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  129. BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  130. BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
  131. BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  132. BHO-x32: No Name -> {089FD14D-132B-48FC-8861-0048AE113215} -> C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
  133. BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> c:\Program Files\mcafee\msk\mskapbho.dll ()
  134. BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\One\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
  135. BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
  136. BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
  137. BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  138. BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
  139. BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  140. BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  141. BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
  142. BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  143. Toolbar: HKLM - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
  144. Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
  145. Toolbar: HKLM-x32 - McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
  146. Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\One\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
  147. Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
  148. Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
  149. Toolbar: HKU\S-1-5-21-2242490449-405659501-1643814704-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
  150. Toolbar: HKU\S-1-5-21-2242490449-405659501-1643814704-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
  151. DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
  152. DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
  153. Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
  154. Handler-x32: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
  155. Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
  156.  
  157. FireFox:
  158. ========
  159. FF ProfilePath: C:\Users\One\AppData\Roaming\Mozilla\Firefox\Profiles\i1e98ss6.default
  160. FF Plugin: @microsoft.com/GENUINE -> disabled No File
  161. FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
  162. FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  163. FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
  164. FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
  165. FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
  166. FF Plugin-x32: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
  167. FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  168. FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
  169. FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  170. FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  171. FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  172. FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  173. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  174. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
  175. FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
  176. FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
  177. FF Extension: IAMExtTransport - C:\Users\One\AppData\Roaming\Mozilla\Firefox\Profiles\i1e98ss6.default\Extensions\{A03B27DE-61CA-D4C5-6F85-1EE60604E464} [2015-02-07]
  178. FF Extension: Vuze Remote - C:\Users\One\AppData\Roaming\Mozilla\Firefox\Profiles\i1e98ss6.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} [2014-06-06]
  179. FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
  180. FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-11-18]
  181. FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
  182. FF Extension: No Name - C:\Program Files\McAfee\MSK [2011-04-19]
  183. FF HKU\.DEFAULT\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
  184. FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\SiteAdvisor\6172\FF [2013-01-09]
  185. FF HKU\S-1-5-19\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
  186. FF HKU\S-1-5-20\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
  187. FF HKU\S-1-5-21-2242490449-405659501-1643814704-1000\...\Firefox\Extensions: [{1650a312-02bc-40ee-977e-83f158701739}] - C:\Program Files (x86)\SiteAdvisor\6172\FF
  188.  
  189. Chrome:
  190. =======
  191. CHR Profile: C:\Users\One\AppData\Local\Google\Chrome\User Data\Default
  192. CHR Extension: (Google Docs) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-23]
  193. CHR Extension: (Google Drive) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-23]
  194. CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-23]
  195. CHR Extension: (YouTube) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-23]
  196. CHR Extension: (Google Search) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-23]
  197. CHR Extension: (Google Wallet) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-23]
  198. CHR Extension: (Gmail) - C:\Users\One\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-23]
  199. CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path Or update_url value
  200. CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\One\AppData\Local\Torch\Plugins\TorchPlugin.crx [Not Found]
  201.  
  202. ==================== Services (Whitelisted) =================
  203.  
  204. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  205.  
  206. R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [257344 2011-03-09] (NTI Corporation)
  207. S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
  208. R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
  209. S2 0308971360889524mcinstcleanup; C:\Users\One\AppData\Local\Temp\0308971360889524mcinst.exe -cleanup -nolog [X]
  210. S2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
  211.  
  212. ==================== Drivers (Whitelisted) ====================
  213.  
  214. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  215.  
  216. U4 bdselfpr; No ImagePath
  217. U4 vsserv; No ImagePath
  218.  
  219. ==================== NetSvcs (Whitelisted) ===================
  220.  
  221. (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
  222.  
  223.  
  224. ==================== One Month Created Files and Folders ========
  225.  
  226. (If an entry is included in the fixlist, the file\folder will be moved.)
  227.  
  228. 2015-02-25 10:11 - 2015-02-25 10:12 - 00021874 _____ () C:\Users\One\Desktop\FRST.txt
  229. 2015-02-25 10:10 - 2015-02-25 10:11 - 00000000 ____D () C:\FRST
  230. 2015-02-25 10:08 - 2015-02-25 10:08 - 02087936 _____ (Farbar) C:\Users\One\Desktop\FRST64.exe
  231. 2015-02-25 09:46 - 2015-02-25 09:47 - 00000000 ____D () C:\Users\One\AppData\Local\{BD484F92-B9C2-4F0E-AF06-6CEFA79A6561}
  232. 2015-02-24 11:16 - 2015-02-24 11:16 - 00000000 ____D () C:\Users\One\AppData\Local\{A3DEC1D7-B370-4AB9-8E5D-483E1BD3CDBB}
  233. 2015-02-23 23:15 - 2015-02-23 23:15 - 00000000 ____D () C:\Users\One\AppData\Local\{3D8D4A40-F247-4EF7-8FB7-307DBA117397}
  234. 2015-02-23 21:43 - 2015-02-23 22:24 - 00001266 _____ () C:\Users\One\Documents\!Decrypt-All-Files-ivwmxpf.txt
  235. 2015-02-23 21:43 - 2015-02-23 21:43 - 04320054 _____ () C:\Users\One\Documents\!Decrypt-All-Files-ivwmxpf.bmp
  236. 2015-02-23 18:51 - 2015-02-23 17:44 - 00195072 _____ () C:\Users\One\Desktop\Jr.ZooSpringBreakInfo.PDF.ivwmxpf
  237. 2015-02-23 18:51 - 2015-02-23 17:44 - 00186848 _____ () C:\Users\One\Desktop\JrZooRegistrationSpring2015.PDF.ivwmxpf
  238. 2015-02-23 17:44 - 2015-02-23 21:43 - 01278550 _____ () C:\ProgramData\lxnntnc.html
  239. 2015-02-23 17:42 - 2015-02-23 23:30 - 00000000 ____D () C:\Users\One\AppData\Roaming\Google
  240. 2015-02-23 17:41 - 2015-02-23 22:56 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
  241. 2015-02-23 17:41 - 2015-02-23 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
  242. 2015-02-23 17:40 - 2015-02-25 09:56 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  243. 2015-02-23 17:40 - 2015-02-24 20:38 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  244. 2015-02-23 17:40 - 2015-02-23 17:51 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  245. 2015-02-23 17:40 - 2015-02-23 17:51 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  246. 2015-02-23 17:40 - 2015-02-23 17:41 - 00000000 ____D () C:\Program Files (x86)\Google
  247. 2015-02-23 17:40 - 2015-02-23 17:40 - 00000000 ____D () C:\ProgramData\Google
  248. 2015-02-23 17:40 - 2015-02-23 17:40 - 00000000 ____D () C:\Program Files\Google
  249. 2015-02-23 17:38 - 2015-02-23 17:38 - 00002998 _____ () C:\Windows\System32\Tasks\elvcrue
  250. 2015-02-23 17:38 - 2015-02-23 17:38 - 00000000 ____D () C:\Users\One\AppData\Local\Macromedia
  251. 2015-02-23 17:38 - 2015-02-23 17:38 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
  252. 2015-02-23 11:14 - 2015-02-23 11:14 - 00000000 ____D () C:\Users\One\AppData\Local\{1E0C40BC-0404-441F-AB39-1F77C48B459C}
  253. 2015-02-22 14:46 - 2015-02-22 14:46 - 00000000 ____D () C:\Users\One\AppData\Local\{79597281-5557-4357-9F53-94E77A4DB4D4}
  254. 2015-02-21 20:10 - 2015-02-21 20:10 - 00000000 ____D () C:\Users\One\AppData\Local\{73FBD3D6-428F-48DC-9718-5B854F00028E}
  255. 2015-02-21 05:44 - 2015-02-21 05:45 - 00000000 ____D () C:\Users\One\AppData\Local\{85B9B7BE-21E9-462A-A55D-E7CD4D3EA451}
  256. 2015-02-20 19:05 - 2015-02-23 18:12 - 00000000 ____D () C:\Users\One\Desktop\zoo metal stripping
  257. 2015-02-20 16:55 - 2015-02-23 17:49 - 00000000 ____D () C:\Users\One\Desktop\front garden
  258. 2015-02-20 10:49 - 2015-02-20 10:49 - 00000000 ____D () C:\Users\One\AppData\Local\{067E4A14-ED6D-4214-B626-F87F788A5AD8}
  259. 2015-02-19 12:35 - 2015-02-19 12:35 - 00000000 ____D () C:\Users\One\AppData\Local\{301137D5-EA4D-4FA1-8E93-2489F52372DC}
  260. 2015-02-11 14:42 - 2015-02-11 14:42 - 00000000 ____D () C:\Users\One\AppData\Local\{34C400C3-E419-41D4-ABDB-7A20FCFB2ECC}
  261. 2015-02-07 13:26 - 2015-02-07 13:26 - 00000000 ____D () C:\Users\One\AppData\Local\Ilcsoft
  262. 2015-02-07 13:25 - 2015-02-07 13:26 - 00000000 ____D () C:\Users\One\AppData\Local\YgPack
  263. 2015-02-03 08:57 - 2015-02-03 08:57 - 00000000 ____D () C:\Users\One\AppData\Local\{50E3092A-8C0D-4E8F-B224-02412BD5167C}
  264.  
  265. ==================== One Month Modified Files and Folders =======
  266.  
  267. (If an entry is included in the fixlist, the file\folder will be moved.)
  268.  
  269. 2015-02-25 10:10 - 2013-01-09 09:44 - 00000000 ____D () C:\Users\One\AppData\Roaming\SiteAdvisor
  270. 2015-02-25 10:02 - 2013-01-03 20:46 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5C497AA6-8DA4-4F51-9231-255D2BE41896}
  271. 2015-02-25 09:47 - 2012-05-18 21:00 - 01350770 _____ () C:\Windows\WindowsUpdate.log
  272. 2015-02-25 09:46 - 2013-02-14 13:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
  273. 2015-02-24 14:42 - 2013-04-19 11:50 - 00000000 ____D () C:\Users\One\AppData\Local\CrashDumps
  274. 2015-02-23 21:16 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  275. 2015-02-23 21:16 - 2009-07-13 20:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  276. 2015-02-23 20:24 - 2014-08-26 20:08 - 00000000 ____D () C:\Users\One\Desktop\us 4 print
  277. 2015-02-23 20:24 - 2013-01-03 17:51 - 00000000 ____D () C:\Users\One\Documents\Sherry
  278. 2015-02-23 20:24 - 2013-01-03 12:00 - 00000000 ____D () C:\ProgramData\clear.fi
  279. 2015-02-23 18:48 - 2010-11-20 19:47 - 01400532 _____ () C:\Windows\PFRO.log
  280. 2015-02-23 18:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
  281. 2015-02-23 18:48 - 2009-07-13 20:51 - 00061462 _____ () C:\Windows\setupact.log
  282. 2015-02-23 18:45 - 2013-08-06 18:27 - 00000000 ____D () C:\Users\One\AppData\Local\Google
  283. 2015-02-23 18:36 - 2014-01-12 12:23 - 00000000 ____D () C:\Users\One\Desktop\zerba cd
  284. 2015-02-23 18:28 - 2013-01-03 17:52 - 00000000 ____D () C:\Users\One\Downloads\Adobe Photoshop Lightroom 4 Classroom in a Book(BBS)
  285. 2015-02-23 18:20 - 2014-09-12 17:05 - 00000000 ____D () C:\Users\One\Desktop\animals 4 print
  286. 2015-02-23 17:53 - 2014-12-22 18:49 - 00000000 ____D () C:\Users\One\Desktop\images
  287. 2015-02-23 17:53 - 2013-01-29 20:44 - 00000000 ____D () C:\Users\One\Downloads\Adobe Photoshop Lightroom 4.3 Final (64 bit) [ChingLiu]
  288. 2015-02-23 17:49 - 2013-01-03 17:50 - 00000000 ____D () C:\Users\One\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
  289. 2015-02-23 17:47 - 2013-04-09 18:07 - 00000000 ____D () C:\Users\One\AppData\Local\Symantec
  290. 2015-02-23 17:45 - 2013-02-14 16:17 - 00000000 ____D () C:\Users\One\AppData\Roaming\Product_NU16
  291. 2015-02-23 17:44 - 2013-01-09 09:24 - 00000000 ____D () C:\Users\One\Downloads\WinRAR 4.20 Final (x86 + x64) Pre-Registered [EC]
  292. 2015-02-23 17:44 - 2013-01-06 19:31 - 00000000 ____D () C:\Users\One\Downloads\Adobe Creative Suite 6 Master Collection - Mindcrasher
  293. 2015-02-23 17:44 - 2013-01-03 18:00 - 00000000 ____D () C:\Users\One\Downloads\Office Professional 2010
  294. 2015-02-23 17:44 - 2013-01-03 17:05 - 00000000 ____D () C:\Users\One\AppData\Roaming\Memeo
  295. 2015-02-23 17:42 - 2013-01-03 10:44 - 00000000 ____D () C:\Users\One\AppData\Local\Adobe
  296. 2015-02-23 17:42 - 2012-05-18 21:02 - 00000000 ____D () C:\book
  297. 2015-02-23 17:41 - 2013-01-03 17:47 - 00000000 ____D () C:\HP_ePrint_Mobile
  298. 2015-02-23 17:41 - 2012-05-18 21:23 - 00000000 ____D () C:\ProgramData\CyberLink
  299. 2015-02-23 17:41 - 2011-04-19 20:57 - 00000000 ___HD () C:\OEM
  300. 2015-02-20 19:10 - 2013-01-03 10:44 - 00000000 ____D () C:\Users\One\AppData\Roaming\Adobe
  301. 2015-02-18 16:03 - 2012-03-30 20:39 - 00008128 _____ () C:\Users\One\Documents\Daily Cashier Report.XLS.ivwmxpf
  302. 2015-02-16 20:19 - 2009-07-13 21:13 - 00006206 _____ () C:\Windows\system32\PerfStringBackup.INI
  303. 2015-02-11 18:53 - 2012-03-30 20:39 - 00000096 _____ () C:\Users\One\Desktop\change french text.TXT.ivwmxpf
  304. 2015-02-11 14:31 - 2014-02-24 14:29 - 00000000 ____D () C:\Users\Public\Documents\Adobe
  305. 2015-02-07 13:24 - 2013-02-14 13:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
  306. 2015-02-07 13:24 - 2013-02-14 13:36 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
  307. 2015-02-07 13:24 - 2013-02-14 13:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
  308. 2015-01-28 18:54 - 2013-01-03 17:49 - 00000000 ____D () C:\Users\One\AppData\Local\Microsoft Games
  309. 2015-01-28 18:45 - 2011-04-19 20:33 - 00000000 ____D () C:\ProgramData\WildTangent
  310.  
  311. ==================== Files in the root of some directories =======
  312.  
  313. 2012-12-18 18:58 - 2013-01-03 17:29 - 0001456 _____ () C:\Users\One\AppData\Local\Adobe Save for Web 12.0 Prefs
  314. 2013-01-25 20:02 - 2014-12-22 20:56 - 0001456 _____ () C:\Users\One\AppData\Local\Adobe Save for Web 13.0 Prefs
  315. 2013-01-06 18:38 - 2013-01-06 18:38 - 0622707 _____ () C:\ProgramData\1357514372.bdinstall.bin
  316. 2012-05-18 21:23 - 2012-05-18 21:26 - 0015152 _____ () C:\ProgramData\ArcadeDeluxe5.log
  317. 2015-02-23 17:44 - 2015-02-23 21:43 - 1278550 _____ () C:\ProgramData\lxnntnc.html
  318.  
  319. Files to move or delete:
  320. ====================
  321. C:\Users\One\AppData\Local\Temp\oynpyai.exe
  322.  
  323.  
  324. Some content of TEMP:
  325. ====================
  326. C:\Users\One\AppData\Local\Temp\01423089035499.exe
  327. C:\Users\One\AppData\Local\Temp\oynpyai.exe
  328.  
  329.  
  330. ==================== Bamital & volsnap Check =================
  331.  
  332. (There is no automatic fix for files that do not pass verification.)
  333.  
  334. C:\Windows\System32\winlogon.exe => File is digitally signed
  335. C:\Windows\System32\wininit.exe => File is digitally signed
  336. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  337. C:\Windows\explorer.exe => File is digitally signed
  338. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  339. C:\Windows\System32\svchost.exe => File is digitally signed
  340. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  341. C:\Windows\System32\services.exe => File is digitally signed
  342. C:\Windows\System32\User32.dll => File is digitally signed
  343. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  344. C:\Windows\System32\userinit.exe => File is digitally signed
  345. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  346. C:\Windows\System32\rpcss.dll => File is digitally signed
  347. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
  348.  
  349.  
  350. LastRegBack: 2015-02-18 16:41
  351.  
  352. ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!