TechSpot

Browser Pop-Ups and Malware

By GK-Mike
Sep 15, 2014
  1. For around a week I've been seeing pop-up windows when leaving my browser (Opera 24.0) open. Sites include delivery67(dot)com, reimageplus(dot)com and tuneuppro(dot)com; I can see from other threads that I've picked up malware somewhere along the way. PC is otherwise running reliably but from time to time suffers from high CPU usage for no apparent reason.

    I've followed the 4-step thread and the logs are below. Thanks in advance for your help.
    Mike

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 15/09/2014
    Scan Time: 11:55:50
    Logfile: MalwareBytes AM History Log 15-Sep-2014.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.15.05
    Rootkit Database: v2014.09.13.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x86
    File System: NTFS
    User: Mike Bailey

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 404003
    Time Elapsed: 32 min, 27 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 1
    PUM.Hijack.StartMenu, HKU\S-1-5-21-1345319095-2320924753-3983188208-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Good: (1), Bad: (0),Replaced,[98592dc0f3882f075a17d426877dd12f]

    Folders: 2
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [945ddb12d2a9e84eea21cd229072a759],

    Files: 14
    PUP.Optional.DigitalSites.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe, Quarantined, [fff2c32a027993a3c5d91d240bf63dc3],
    PUP.Optional.DomaIQ, C:\$Recycle.Bin\S-1-5-21-1345319095-2320924753-3983188208-1007\$R3MF2OL.exe, Quarantined, [ca279f4e0873f2448a56223137c9cd33],
    PUP.Optional.OpenCandy, C:\Users\Mike Bailey.WilliamBailey\Downloads\Riot-plugin.exe, Quarantined, [a34e19d41a61bf770e8122015ca9748c],
    PUP.Optional.Installcore, C:\Users\Mike Bailey.WilliamBailey\Downloads\ImageEditorSetup.exe, Quarantined, [638e9a53215a5ed8180bac0a659fdc24],
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\config.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\info.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
    PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, Quarantined, [945ddb12d2a9e84eea21cd229072a759],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  2. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
    Run by Mike Bailey at 13:44:34 on 2014-09-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1913.488 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\ibmpmsvc.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
    C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\Program Files\Lenovo\System Update\SUService.exe
    C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\TpShocks.exe
    C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Lenovo\Zoom\TpScrex.exe
    C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files\Opera\24.0.1558.53\opera_crashreporter.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    C:\Program Files\Opera\24.0.1558.53\opera.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://lenovo.msn.com
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [TouchFreeze] c:\users\mike bailey.williambailey\appdata\local\programs\touchfreeze\TouchFreeze.exe
    uRun: [MFP and Storage Server] "c:\program files\tp-link\mfp and storage server\MFP and Storage Server.exe" /h
    uRun: [Google Update] "c:\users\mike bailey.williambailey\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [TpShocks] TpShocks.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
    mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\mikeba~1.wil\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mike bailey.williambailey\appdata\roaming\dropbox\bin\Dropbox.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{0AEB274C-194A-40F7-BFFA-AC3D444280E8} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572633D2D4B44574 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572643D205D4E4D4 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572653D245258393 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572653D2856393E4 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\E4F4B4941402C457D6961602532303F593036363 : DHCPNameServer = 192.168.137.1
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.120\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mike bailey.williambailey\appdata\roaming\mozilla\firefox\profiles\wk2k96mn.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\citrix\ica client\npicaN.dll
    FF - plugin: c:\program files\citrix\ica client\npURLInterceptorPlugin.dll
    FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\users\mike bailey.williambailey\appdata\local\citrix\plugins\104\npappdetector.dll
    FF - plugin: c:\users\mike bailey.williambailey\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
    FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npo1d.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
    R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
    R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2013-9-24 70440]
    R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-17 13480]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-9-8 45424]
    R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\nitro\pro 9\NitroPDFDriverService9.exe [2014-8-1 197128]
    R2 NitroUpdateService;NitroUpdateService;c:\program files\nitro\pro 9\Nitro_UpdateService.exe [2014-8-1 392712]
    R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2014-8-1 69640]
    R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-2-5 462848]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-9-8 62320]
    R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2009-10-31 125568]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-20 122368]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-8 119256]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
    S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
    S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-31 29472]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-6-27 89856]
    S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [2009-10-6 173056]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-15 108032]
    S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\drivers\libusb0.sys [2014-7-6 42592]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-31 4231680]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 107392]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-7-18 295376]
    S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-8-18 20848]
    S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-8-18 20848]
    S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-31 75040]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-15 14848]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
    S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-6-27 184192]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-27 49152]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-10-14 1343400]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
    .
    =============== File Associations ===============
    .
    FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2014-09-15 12:26:50 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-15 12:10:53 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-09-15 12:10:50 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-09-15 12:10:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-09-15 12:10:29 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-09-15 12:10:28 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-09-15 12:10:28 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-09-15 12:10:27 445952 ----a-w- c:\windows\system32\aepdu.dll
    2014-09-15 12:10:26 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-09-15 12:00:10 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bc3274a3-ceee-4b3f-862e-00a5a728b773}\mpengine.dll
    2014-09-15 10:54:26 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-15 10:53:55 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-15 10:53:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-15 10:53:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-15 10:53:54 -------- d-----w- c:\programdata\Malwarebytes
    2014-09-15 10:53:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-09-14 02:19:40 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2014-09-11 11:01:36 -------- d-----w- c:\program files\Toggl
    2014-08-30 12:00:27 893248 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96237935-fc47-4283-b7b0-0bfc81e382df}\gapaengine.dll
    2014-08-23 11:19:38 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-23 11:19:32 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-23 11:19:21 619672 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-23 11:18:58 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-23 11:06:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-08-23 11:06:40 2363392 ----a-w- c:\windows\system32\msi.dll
    2014-08-23 11:06:39 337408 ----a-w- c:\windows\system32\msihnd.dll
    2014-08-23 11:06:39 1805824 ----a-w- c:\windows\system32\authui.dll
    2014-08-23 11:06:39 101824 ----a-w- c:\windows\system32\consent.exe
    2014-08-23 11:06:31 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-23 11:06:20 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-08-23 11:06:20 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-08-23 11:06:20 107520 ----a-w- c:\windows\system32\cdd.dll
    2014-08-22 10:02:30 -------- d-----w- c:\users\mike bailey.williambailey\appdata\local\Adobe
    2014-08-22 09:30:56 2425856 ----a-w- c:\windows\system32\wucltux.dll
    2014-08-22 09:30:48 92672 ----a-w- c:\windows\system32\wudriver.dll
    2014-08-22 09:30:30 33792 ----a-w- c:\windows\system32\wuapp.exe
    2014-08-22 09:30:30 179656 ----a-w- c:\windows\system32\wuwebv.dll
    2014-08-16 14:41:24 -------- d-----w- c:\users\mike bailey.williambailey\appdata\roaming\Nitro
    2014-08-16 14:36:17 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
    2014-08-16 14:36:17 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
    2014-08-16 14:35:09 -------- d-----w- c:\programdata\Nitro
    2014-08-16 14:35:09 -------- d-----w- c:\program files\common files\Nitro
    2014-08-16 14:35:08 -------- d-----w- c:\program files\Nitro
    2014-08-16 14:31:02 -------- d-----w- c:\users\mike bailey.williambailey\appdata\roaming\Downloaded Installations
    2014-08-16 14:24:38 -------- d-----w- c:\programdata\Package Cache
    .
    ==================== Find3M ====================
    .
    2014-08-22 09:35:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-08-22 09:35:53 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
    2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
    2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
    2014-08-05 20:24:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-08-01 13:21:34 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
    2014-07-25 01:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-06 18:38:31 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2014-07-06 18:37:51 67680 ----a-w- c:\windows\system32\libusb0.dll
    2014-07-06 18:37:51 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
    2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
    .
    ============= FINISH: 13:45:49.58 ===============
     
  3. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25/11/2009 19:26:14
    System Uptime: 15/09/2014 13:33:57 (0 hours ago)
    .
    Motherboard: LENOVO | | INVALID
    Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 2001/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 287 GiB total, 176.424 GiB free.
    D: is CDROM ()
    Q: is FIXED (NTFS) - 10 GiB total, 3.321 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP489: 03/09/2014 16:16:05 - Windows Modules Installer
    RP490: 03/09/2014 21:57:14 - Windows Update
    RP491: 03/09/2014 22:07:07 - Windows Modules Installer
    RP492: 05/09/2014 21:48:23 - Windows Modules Installer
    RP493: 05/09/2014 22:24:02 - Windows Modules Installer
    RP494: 06/09/2014 12:01:12 - Installed TogglDesktop
    RP495: 07/09/2014 21:15:08 - Windows Update
    RP496: 08/09/2014 22:01:56 - Windows Modules Installer
    RP497: 08/09/2014 22:58:48 - Windows Modules Installer
    RP498: 09/09/2014 09:46:06 - Windows Modules Installer
    RP499: 09/09/2014 10:54:12 - Windows Modules Installer
    RP500: 10/09/2014 14:35:16 - Windows Modules Installer
    RP501: 10/09/2014 16:48:02 - Windows Modules Installer
    RP502: 11/09/2014 09:57:23 - Windows Update
    RP503: 11/09/2014 10:14:36 - Windows Modules Installer
    RP504: 11/09/2014 12:00:48 - Installed TogglDesktop
    RP505: 11/09/2014 17:16:45 - Windows Modules Installer
    RP506: 13/09/2014 16:05:07 - Windows Modules Installer
    RP507: 13/09/2014 17:15:44 - Windows Modules Installer
    RP508: 14/09/2014 15:13:22 - Windows Modules Installer
    RP509: 14/09/2014 15:44:00 - Windows Modules Installer
    RP510: 15/09/2014 12:49:20 - Windows Update
    RP511: 15/09/2014 13:11:14 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Registry Patch to arrange icons in Device and Printers folder of Windows 7
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    2007 Microsoft Office system
    32 Bit HP CIO Components Installer
    Access Help
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 14 Plugin
    Adobe Reader XI (11.0.08)
    AIO_CDB_Software
    AIO_Scan
    Amazon Kindle
    AQA - Summer 2014 e-Marker(R) CMI+ Marker 7.21.0.19
    BisonCam Twain Pro
    BufferChm
    Choice Guard
    Cisco WebEx Meetings
    Citrix Authentication Manager
    Citrix Online Launcher
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver Updater
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    CM Installer
    Copy
    Core FTP LE 2.1
    Create Recovery Media
    Destinations
    DeviceManagementQFolder
    DirectX 9 Runtime
    DocProc
    DocProcQFolder
    Dropbox
    DRSAutoUpdater
    EPSON SX510W Series Printer Uninstall
    EpsonNet Config V4
    eSupportQFolder
    Fax
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GIMP 2.8.6
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    GoToMeeting 6.4.2.1669
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Photosmart Essential
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    HP Solution Center 8.0
    HPProductAssistant
    Integrated Camera Driver Installer Package Ver.1.0.1.2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Intel® Matrix Storage Manager
    InterVideo WinDVD 8
    IrfanView (remove only)
    Java 7 Update 67
    Java Auto Updater
    JMicron Flash Media Controller Driver
    Lenovo Power Management Driver
    Lenovo System Interface Driver
    Lenovo ThinkVantage Toolbox
    Lenovo Welcome
    LibreOffice 4.1 Help Pack (English (United Kingdom))
    LibreOffice 4.1.3.2
    Malwarebytes Anti-Malware version 2.0.2.1012
    Market Samurai
    MediaMonkey 4.1
    Message Center Plus
    Microsoft .NET Framework 4.5.1
    Microsoft Mouse and Keyboard Center
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Word MUI (English) 2007
    Microsoft ReportViewer 2010 Redistributable
    Microsoft Research AutoCollage Touch 2009
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 28.0 (x86 en-GB)
    Mozilla Maintenance Service
    Mozilla Thunderbird 24.5.0 (x86 en-GB)
    MSVC90_x86
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network Printer Wizard
    Nitro Pro 9
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Norton Internet Security
    Office Tab FreeEdition 9.51
    On Screen Display
    Online Plug-in
    Opera Stable 24.0.1558.53
    PC Connectivity Solution
    Pdf995
    Prezi Desktop
    Realtek 8136 8168 8169 Ethernet Driver
    Realtek High Definition Audio Driver
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
    Rescue and Recovery
    Riot plugin
    Roxio Activation Module
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Creator Small Business Edition
    Roxio Express Labeler 3
    SAMSUNG USB Driver for Mobile Phones
    Scan
    Screencast-O-Matic
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Self-service Plug-in
    Sigil 0.7.4
    Skype™ 6.18
    SolutionCenter
    Sonic CinePlayer Decoder Pack
    Sonic Icons for Lenovo
    Status
    System Update
    ThinkPad Bluetooth with Enhanced Data Rate Software
    ThinkPad FullScreen Magnifier
    ThinkPad Power Manager
    ThinkPad UltraNav Driver
    ThinkPad UltraNav Utility
    ThinkVantage Active Protection System
    TogglDesktop
    Toolbox
    TouchFreeze
    TrayApp
    UnloadSupport
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebReg
    Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
    Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
    Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
    Windows Live Essentials
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinRAR 5.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/09/2014 13:36:57, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    15/09/2014 13:35:56, Error: Service Control Manager [7024] -
    15/09/2014 07:57:27, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.2435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    15/09/2014 07:57:27, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.2435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    12/09/2014 07:28:03, Error: Service Control Manager [7022] - The Bluetooth Service service hung on starting.
    09/09/2014 14:30:26, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Thanks Broni - I'll be back to you shortly.
    Mike
     
  6. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Hi Broni
    Scans completed as requested. Here are the logs:
    RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : Mike Bailey [Admin rights]
    Mode : Remove -- Date : 09/16/2014 17:00:41

    ¤¤¤ Bad processes : 2 ¤¤¤
    [Suspicious.Path] TouchFreeze.exe -- C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe[-] -> KILLED [TermProc]
    [Proc.Svchost] svchost.exe -- [x] -> KILLED [TermThr]

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [Suspicious.Path] HKEY_USERS\S-1-5-21-1345319095-2320924753-3983188208-1007\Software\Microsoft\Windows\CurrentVersion\Run | TouchFreeze : C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [x] -> DELETED
    [PUM.StartMenu] HKEY_USERS\S-1-5-21-1345319095-2320924753-3983188208-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [HJ.FileAsso] HKEY_LOCAL_MACHINE\Software\Classes\pezfile\shell\open\command | : "C:\Program Files\Prezi Desktop 4\Prezi Desktop.exe" "%1" -> REPLACED ("%1" %*)
    [HJ.FileAsso] HKEY_CLASSES_ROOT\pezfile\shell\open\command | : "C:\Program Files\Prezi Desktop 4\Prezi Desktop.exe" "%1" -> REPLACED ("%1" %*)

    ¤¤¤ Scheduled tasks : 4 ¤¤¤
    [Suspicious.Path] Digital Sites.job -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
    [Suspicious.Path] DigitalSite.job -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
    [Suspicious.Path] \\Digital Sites -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
    [Suspicious.Path] \\DigitalSite -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 4 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.bubbleshooter.net
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bubbleshooter.net
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.silvergames.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 silvergames.com

    ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
    [Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\Shockprf @ Unknown (\SystemRoot\System32\drivers\rdyboost.sys)

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.Proxy][FIREFX:Config] wk2k96mn.default : user_pref("network.proxy.type", 4); -> NOT SELECTED

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
    --- User ---
    [MBR] b3ff452384b8bec2c3cf6f8ecf246a64
    [BSP] edb4fe6ff3f84821e8e998fd08adcde8 : Lenovo MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_09162014_160651.log
     
  7. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.09.16.05

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 11.0.9600.17280
    Mike Bailey :: WILLIAMBAILEY [administrator]

    16/09/2014 17:16:19
    mbar-log-2014-09-16 (17-16-19).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 405704
    Time elapsed: 27 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  8. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x86

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 2005782528, free: 814964736

    Downloaded database version: v2014.09.16.05
    Downloaded database version: v2014.09.15.01
    =======================================
    ------------ Kernel report ------------
    09/16/2014 17:16:02
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntkrnlpa.exe
    \SystemRoot\system32\halmacpi.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\PxHelp20.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\DRIVERS\ApsHM86.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\DRIVERS\Apsx86.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\ctxusbm.sys
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\System32\drivers\Tppwr32v.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\system32\DRIVERS\smiif32.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd32.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\jmcr.sys
    \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
    \SystemRoot\system32\DRIVERS\NETw5s32.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\system32\DRIVERS\Rt86win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\DRIVERS\psadd.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\RTKVHDA.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\IntcHdmi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\5U877.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\system32\drivers\regi.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\ATMFD.DLL
    \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\iertutil.dll
    \Windows\System32\imm32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\ole32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\wininet.dll
    \Windows\System32\msctf.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\user32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\sechost.dll
    \Windows\System32\usp10.dll
    \Windows\System32\shell32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\profapi.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xffffffff868f4030
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xffffffff85ad4028
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xffffffff868f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xffffffff868f5020, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xffffffff868f4760, DeviceName: Unknown, DriverName: \Driver\Shockprf\
    DevicePointer: 0xffffffff868f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xffffffff85b3a908, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xffffffff85ad4028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 8025E607

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 2457600
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2459648 Numsec = 602200064

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 604659712 Numsec = 20480000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected file C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Temp\is357113909\22549177_stp\wajam_validate.exe could not be remediated because backup file is not available
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
    Removal finished
     
  9. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    I'll wait to hear from you :)
    Thanks Mike
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Thanks Broni
    I'll get back to you later today.
    Mike
     
  12. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Hello Broni
    ComboFix ran without any problems. Here is the log:

    ComboFix 14-09-16.01 - Mike Bailey 17/09/2014 7:31.1.2 - x86
    Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1913.965 [GMT 1:00]
    Running from: c:\users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
    c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
    c:\users\Mike Bailey.WilliamBailey\AppData\Local\Temp\7zS3747\HPSLPSVC32.DLL
    c:\users\MIKEBA~1.WIL\AppData\Local\Temp\7zS3747\HPSLPSVC32.DLL
    Q:\AUTORUN.INF
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_HPSLPSVC
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-08-17 to 2014-09-17 )))))))))))))))))))))))))))))))
    .
    .
    2014-09-17 06:42 . 2014-09-17 08:10 -------- d-----w- c:\users\Mike Bailey.WilliamBailey\AppData\Local\temp
    2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\William Bailey\AppData\Local\temp
    2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\Jan Bailey\AppData\Local\temp
    2014-09-16 21:37 . 2014-09-16 21:36 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{947060CA-BC4B-496C-AD46-FDD8A5C04CBD}\gapaengine.dll
    2014-09-16 21:37 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D81FC63-7141-450E-B8EA-75433AE9CF00}\mpengine.dll
    2014-09-16 16:16 . 2014-09-16 16:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-16 14:14 . 2014-09-16 14:14 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-16 14:13 . 2014-09-16 14:14 -------- d-----w- c:\programdata\RogueKiller
    2014-09-15 12:48 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-09-15 12:26 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
    2014-09-15 12:10 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-09-15 12:10 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
    2014-09-15 12:10 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
    2014-09-15 12:10 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
    2014-09-15 12:10 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
    2014-09-15 12:10 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-09-15 12:10 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
    2014-09-15 12:10 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
    2014-09-15 10:54 . 2014-09-16 16:16 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-15 10:53 . 2014-09-16 16:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-15 10:53 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-15 10:53 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-15 10:53 . 2014-09-15 10:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
    2014-09-15 10:53 . 2014-09-15 10:53 -------- d-----w- c:\programdata\Malwarebytes
    2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2014-09-11 11:01 . 2014-09-11 11:01 -------- d-----w- c:\program files\Toggl
    2014-08-31 19:32 . 2014-08-31 19:32 -------- d-----w- c:\program files\Common Files\Skype
    2014-08-23 11:19 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
    2014-08-23 11:19 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-08-23 11:19 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
    2014-08-23 11:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-08-23 11:06 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
    2014-08-23 11:06 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
    2014-08-23 11:06 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
    2014-08-23 11:06 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
    2014-08-23 11:06 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
    2014-08-23 11:06 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-08-23 11:06 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-08-23 11:06 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-08-23 11:06 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
    2014-08-22 10:02 . 2014-08-22 10:02 -------- d-----w- c:\users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
    2014-08-22 09:30 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
    2014-08-22 09:30 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
    2014-08-22 09:30 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
    2014-08-22 09:30 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
    2014-08-22 09:30 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
    2014-08-22 09:30 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
    2014-08-22 09:30 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
    2014-08-22 09:30 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
    2014-08-22 09:30 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-22 09:35 . 2014-01-20 15:01 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2014-08-22 09:35 . 2014-01-20 15:01 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2014-08-20 08:01 . 2013-10-18 20:33 893248 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-08-05 20:24 . 2014-08-05 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2014-08-01 13:21 . 2014-08-01 13:21 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
    2014-08-01 13:20 . 2014-08-16 14:36 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
    2014-08-01 13:20 . 2014-08-16 14:36 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
    2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-06 18:38 . 2014-07-06 18:38 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
    2014-07-06 18:37 . 2014-07-06 18:37 67680 ----a-w- c:\windows\system32\libusb0.dll
    2014-07-06 18:37 . 2014-07-06 18:37 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
    "TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
    "TpShocks"="TpShocks.exe" [2009-07-09 337184]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064]
    "Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
    "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    .
    c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2013-10-01 19:08 395656 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Backup Service Once]
    2009-08-28 21:27 21304 ------w- c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
    2009-08-20 00:38 62752 ------w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
    2009-08-23 18:04 709920 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Redirector]
    2013-10-01 19:08 153992 ----a-w- c:\program files\Citrix\ICA Client\redirector.exe
    .
    R1 MpKsla730720c;MpKsla730720c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [x]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
    R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
    R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
    R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
    R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-10-06 173056]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
    R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys [2014-07-06 42592]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-07-18 295376]
    R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
    R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]
    R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
    R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-14 1343400]
    R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
    S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
    S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
    S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
    S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9.exe [2014-08-01 197128]
    S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-08-01 392712]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2014-08-01 69640]
    S2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [2009-02-05 462848]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
    S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
    S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-09-12 17:17 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-09-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job
    - c:\users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-14 02:28]
    .
    2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 20:56]
    .
    2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 20:56]
    .
    2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job
    - c:\users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19 14:16]
    .
    2014-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job
    - c:\users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19 14:16]
    .
    2014-08-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\Firefox\Profiles\wk2k96mn.default\
    FF - prefs.js: network.proxy.type - 4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-MFP and Storage Server - c:\program files\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe
    HKLM-Run-IdeaNotesUser - c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
    MSConfigStartUp-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
    MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
    MSConfigStartUp-Syncios device service - c:\program files\Syncios\SynciosDeviceService.exe
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
    "ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
    "ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5336)
    c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\ibmpmsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
    c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\program files\Lenovo\System Update\SUService.exe
    c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
    c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
    c:\program files\Synaptics\SynTP\SynTPEnh.exe
    c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
    c:\windows\system32\conhost.exe
    c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    c:\windows\System32\TpShocks.exe
    c:\program files\Lenovo\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\Zoom\TpScrex.exe
    c:\windows\system32\igfxsrvc.exe
    c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
    c:\program files\Synaptics\SynTP\SynTPLpr.exe
    .
    **************************************************************************
    .
    Completion time: 2014-09-17 09:16:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-09-17 08:16
    .
    Pre-Run: 189,311,119,360 bytes free
    Post-Run: 187,978,313,728 bytes free
    .
    - - End Of File - - 37EF9F550FD1BF0395D5D49B5B8292C2
    E34253A354E7A1FC2BEB6A0A69D7745E
     
  13. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Broni, I have a question about the results of the RogueKiller scan; it identified TouchFreeze as a suspicious process on account of the path (I believe):

    ¤¤¤ Bad processes : 2 ¤¤¤
    [Suspicious.Path] TouchFreeze.exe -- C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe[-] -> KILLED [TermProc]

    Does this mean I should find another utility to do this job? TouchFreeze "mutes" the touchpad on my laptop when I'm typing (in MS Word, for example) to prevent me inadvertently moving the insertion point. I've been using it for some time - certainly long before these problems arose.

    Thanks - Mike
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We'll get it...

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Thanks Broni - here we go:

    # AdwCleaner v3.310 - Report created 18/09/2014 at 17:14:52
    # Updated 12/09/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (32 bits)
    # Username : Mike Bailey - WILLIAMBAILEY
    # Running from : C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
    Key Deleted : HKCU\Software\dsiteproducts

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17280


    -\\ Mozilla Firefox v28.0 (en-GB)

    -\\ Google Chrome v37.0.2062.120

    *************************

    AdwCleaner[R0].txt - [2086 octets] - [18/09/2014 17:09:50]
    AdwCleaner[S0].txt - [2041 octets] - [18/09/2014 17:14:52]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2101 octets] ##########
     
  16. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    ... and the next one:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.6 (09.18.2014:1)
    OS: Windows 7 Professional x86
    Ran by Mike Bailey on 18/09/2014 at 17:22:41.35
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\digitalsite"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 18/09/2014 at 17:26:04.04
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    ... and the next one:

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
    Ran by Mike Bailey (administrator) on WILLIAMBAILEY on 18-09-2014 17:27:26
    Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
    Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Lenovo.) C:\Windows\System32\ibmpmsvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    (SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
    (Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
    () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    (Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
    () C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
    (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    (Lenovo.) C:\Windows\System32\TpShocks.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Dropbox, Inc.) C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    (InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
    (Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960 2009-07-10] (Realtek Semiconductor)
    HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
    HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
    HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-09] (Lenovo.)
    HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
    HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-05] (Sonic Solutions)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
    Startup: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=oa-skypegb-2014-MSNO&O
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
    Winsock: Catalog5 08 C:\Program Files\Generic\Network Printer Wizard\NPWprint.DLL [151552] (Elite Silicon Technology Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

    FireFox:
    ========
    FF ProfilePath: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\Firefox\Profiles\wk2k96mn.default
    FF NetworkProxy: "type", 4
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
    FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
    FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
    FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
    FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
    FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2013-10-28]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR CustomProfile: C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-10-10]
    CHR Extension: (Google Docs) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
    CHR Extension: (Google Drive) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
    CHR Extension: (YouTube) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
    CHR Extension: (Google Search) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
    CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-10]
    CHR Extension: (Google Wallet) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
    CHR Extension: (Gmail) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
    R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
    R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
    R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
    S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
    R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software)
    R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] ()
    R2 NPWService; C:\Program Files\Generic\Network Printer Wizard\NPWService.exe [462848 2009-02-05] () [File not signed]
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
    S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-05] (Sonic Solutions)
    S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-05] (Sonic Solutions)
    S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-08-05] (Sonic Solutions)
    R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-04] (Lenovo Group Limited) [File not signed]
    R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
    S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [173056 2009-10-06] ( ) [File not signed]
    S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-07-06] (http://libusb-win32.sourceforge.net)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
    S3 catchme; \??\C:\Users\MIKEBA~1.WIL\AppData\Local\Temp\catchme.sys [X]
    S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
    S1 MpKsla730720c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [X]
    S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
    S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
    U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-11-22] (Seiko Epson Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-18 17:27 - 2014-09-18 17:28 - 00018128 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.txt
    2014-09-18 17:27 - 2014-09-18 17:27 - 00000000 ____D () C:\FRST
    2014-09-18 17:22 - 2014-09-18 17:22 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-18 17:09 - 2014-09-18 17:14 - 00000000 ____D () C:\AdwCleaner
    2014-09-18 14:49 - 2014-09-18 14:50 - 01097728 _____ (Farbar) C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.exe
    2014-09-18 14:48 - 2014-09-18 14:49 - 01016830 _____ (Thisisu) C:\Users\Mike Bailey.WilliamBailey\Desktop\JRT.exe
    2014-09-18 14:47 - 2014-09-18 14:48 - 01373475 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
    2014-09-17 21:00 - 2014-09-17 21:00 - 00025734 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\17-9-14.odt
    2014-09-17 20:58 - 2014-09-17 20:58 - 12514932 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Art Book Decoration Images.odt
    2014-09-17 19:57 - 2014-09-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Games
    2014-09-17 09:17 - 2014-09-17 09:17 - 00024200 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.txt
    2014-09-17 09:16 - 2014-09-17 09:16 - 00024200 _____ () C:\ComboFix.txt
    2014-09-17 07:28 - 2014-09-17 09:16 - 00000000 ____D () C:\Qoobox
    2014-09-17 07:28 - 2014-09-17 09:13 - 00000000 ____D () C:\Windows\erdnt
    2014-09-17 07:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-09-17 07:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-09-17 07:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-09-17 07:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-09-17 07:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-09-17 07:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-09-17 07:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-09-17 07:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-09-17 07:18 - 2014-09-17 07:24 - 05579386 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
    2014-09-16 17:16 - 2014-09-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-16 17:14 - 2014-09-16 17:44 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar
    2014-09-16 17:10 - 2014-09-16 17:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar-1.07.0.1012.exe
    2014-09-16 15:14 - 2014-09-16 15:14 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-16 15:13 - 2014-09-16 15:14 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-16 10:40 - 2014-09-16 10:41 - 04859480 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\RogueKiller.exe
    2014-09-15 13:27 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-09-15 13:27 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-09-15 13:27 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-09-15 13:27 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-09-15 13:27 - 2014-08-18 22:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-09-15 13:27 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-09-15 13:27 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-09-15 13:27 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-09-15 13:27 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-09-15 13:27 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-09-15 13:27 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-09-15 13:27 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-09-15 13:27 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-09-15 13:27 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-09-15 13:27 - 2014-08-18 22:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-09-15 13:27 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-09-15 13:27 - 2014-08-18 22:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-09-15 13:27 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-09-15 13:27 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-09-15 13:27 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-09-15 13:27 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-09-15 13:27 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-09-15 13:27 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-09-15 13:27 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-09-15 13:27 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-09-15 13:27 - 2014-08-18 22:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-09-15 13:27 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-09-15 13:27 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-09-15 13:27 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-09-15 13:27 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-09-15 13:26 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-09-15 13:10 - 2014-09-05 02:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-15 13:10 - 2014-09-05 02:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-15 13:10 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-09-15 13:10 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-09-15 13:10 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-09-15 13:10 - 2014-07-07 02:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-09-15 13:10 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-09-15 13:10 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-09-15 12:56 - 2014-09-15 12:56 - 00688992 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Downloads\dds.com
    2014-09-15 12:43 - 2014-09-18 17:26 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\CleanUp Sep-2014
    2014-09-15 11:54 - 2014-09-16 17:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-15 11:54 - 2014-09-15 11:54 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-15 11:54 - 2014-09-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-15 11:53 - 2014-09-16 17:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-15 11:53 - 2014-09-15 11:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-15 11:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-09-15 11:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-09-15 11:48 - 2014-09-15 11:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike Bailey.WilliamBailey\Downloads\mbam-setup-2.0.2.1012.exe
    2014-09-13 22:34 - 2014-09-13 22:34 - 00000008 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\techspot.txt
    2014-09-11 21:02 - 2014-09-11 21:03 - 06618541 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Geography Book Decoration Images.odt
    2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Toggl
    2014-09-10 21:46 - 2014-09-10 21:52 - 14096896 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_61-2014-09-10-13-15-40.msi
    2014-09-10 20:14 - 2014-09-10 20:14 - 06203126 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\French Book Decoration Images.odt
    2014-09-10 11:56 - 2014-09-10 11:56 - 10473344 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_3_30sec.flv
    2014-09-10 11:47 - 2014-09-10 11:47 - 10462866 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_2_30sec.flv
    2014-09-06 12:02 - 2014-09-11 12:01 - 00001994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TogglDesktop.lnk
    2014-09-06 12:02 - 2014-09-11 12:01 - 00001988 _____ () C:\Users\Public\Desktop\TogglDesktop.lnk
    2014-09-04 14:17 - 2014-09-04 14:18 - 14094848 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_59-2014-09-03-12-19-11.msi
    2014-09-02 21:15 - 2014-09-02 21:16 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_54-2014-09-01-13-54-36.msi
    2014-09-01 11:54 - 2014-09-01 11:55 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_53-2014-09-01-11-39-51.msi
    2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2014-08-23 12:19 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-08-23 12:19 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-08-23 12:19 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-08-23 12:18 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-08-23 12:06 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-08-23 12:06 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-08-23 12:06 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-08-23 12:06 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-08-23 12:06 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-08-23 12:06 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-08-23 12:06 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-08-23 12:06 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-08-23 12:06 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-08-23 12:06 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-08-22 11:02 - 2014-08-22 11:02 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
    2014-08-22 10:30 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-08-22 10:30 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-08-22 10:30 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-08-22 10:30 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-08-22 10:30 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-08-22 10:30 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-08-22 10:30 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-08-22 10:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-08-22 10:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-08-21 18:13 - 2014-08-21 18:13 - 00006941 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\recently-used.xbel

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-18 17:28 - 2014-09-18 17:27 - 00018128 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.txt
    2014-09-18 17:27 - 2014-09-18 17:27 - 00000000 ____D () C:\FRST
    2014-09-18 17:26 - 2014-09-15 12:43 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\CleanUp Sep-2014
    2014-09-18 17:25 - 2014-02-27 18:57 - 00000654 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job
    2014-09-18 17:25 - 2009-07-14 05:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-09-18 17:25 - 2009-07-14 05:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-09-18 17:22 - 2014-09-18 17:22 - 00000000 ____D () C:\Windows\ERUNT
    2014-09-18 17:22 - 2009-10-31 23:11 - 01944048 _____ () C:\Windows\WindowsUpdate.log
    2014-09-18 17:19 - 2013-10-11 09:49 - 00000000 ___RD () C:\Users\Mike Bailey.WilliamBailey\Desktop\Dropbox
    2014-09-18 17:18 - 2013-10-11 09:44 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox
    2014-09-18 17:18 - 2013-10-08 21:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-09-18 17:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-09-18 17:17 - 2009-07-14 05:39 - 00127498 _____ () C:\Windows\setupact.log
    2014-09-18 17:16 - 2009-11-26 04:21 - 00268162 _____ () C:\Windows\PFRO.log
    2014-09-18 17:15 - 2013-10-08 21:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-09-18 17:14 - 2014-09-18 17:09 - 00000000 ____D () C:\AdwCleaner
    2014-09-18 17:05 - 2013-10-16 11:46 - 00000000 ____D () C:\ProgramData\TEMP
    2014-09-18 17:05 - 2013-10-10 18:47 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Skype
    2014-09-18 16:54 - 2014-08-01 09:49 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Kopsik
    2014-09-18 16:39 - 2014-03-19 15:16 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job
    2014-09-18 14:50 - 2014-09-18 14:49 - 01097728 _____ (Farbar) C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.exe
    2014-09-18 14:49 - 2014-09-18 14:48 - 01016830 _____ (Thisisu) C:\Users\Mike Bailey.WilliamBailey\Desktop\JRT.exe
    2014-09-18 14:48 - 2014-09-18 14:47 - 01373475 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
    2014-09-18 12:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
    2014-09-18 10:45 - 2014-06-09 14:22 - 00001094 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\Dropbox.lnk
    2014-09-18 10:45 - 2013-10-11 09:45 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-09-18 09:39 - 2014-03-19 15:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job
    2014-09-17 21:00 - 2014-09-17 21:00 - 00025734 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\17-9-14.odt
    2014-09-17 20:58 - 2014-09-17 20:58 - 12514932 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Art Book Decoration Images.odt
    2014-09-17 20:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-17 19:57 - 2014-09-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Games
    2014-09-17 19:57 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2014-09-17 09:44 - 2014-03-22 21:45 - 00000000 ____D () C:\Program Files\Opera
    2014-09-17 09:17 - 2014-09-17 09:17 - 00024200 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.txt
    2014-09-17 09:16 - 2014-09-17 09:16 - 00024200 _____ () C:\ComboFix.txt
    2014-09-17 09:16 - 2014-09-17 07:28 - 00000000 ____D () C:\Qoobox
    2014-09-17 09:16 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
    2014-09-17 09:16 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
    2014-09-17 09:13 - 2014-09-17 07:28 - 00000000 ____D () C:\Windows\erdnt
    2014-09-17 09:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
    2014-09-17 07:44 - 2009-07-14 03:03 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak
    2014-09-17 07:44 - 2009-07-14 03:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
    2014-09-17 07:44 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
    2014-09-17 07:44 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
    2014-09-17 07:44 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
    2014-09-17 07:24 - 2014-09-17 07:18 - 05579386 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
    2014-09-16 22:25 - 2013-12-11 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-16 19:13 - 2009-07-21 06:30 - 00847474 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-09-16 17:44 - 2014-09-16 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-09-16 17:44 - 2014-09-16 17:14 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar
    2014-09-16 17:16 - 2014-09-15 11:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-16 17:14 - 2014-09-15 11:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-16 17:11 - 2014-09-16 17:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar-1.07.0.1012.exe
    2014-09-16 15:14 - 2014-09-16 15:14 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-16 15:14 - 2014-09-16 15:13 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-16 10:41 - 2014-09-16 10:40 - 04859480 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\RogueKiller.exe
    2014-09-15 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
    2014-09-15 13:36 - 2009-07-14 05:33 - 00510608 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-09-15 13:26 - 2013-10-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
    2014-09-15 13:17 - 2013-10-14 17:34 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-09-15 13:16 - 2014-05-01 23:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-09-15 12:56 - 2014-09-15 12:56 - 00688992 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Downloads\dds.com
    2014-09-15 12:31 - 2014-02-11 13:19 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites
    2014-09-15 11:54 - 2014-09-15 11:54 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-09-15 11:54 - 2014-09-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-15 11:54 - 2014-09-15 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-15 11:50 - 2014-09-15 11:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike Bailey.WilliamBailey\Downloads\mbam-setup-2.0.2.1012.exe
    2014-09-15 08:49 - 2013-10-17 14:40 - 00000094 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\WB.CFG
    2014-09-13 22:34 - 2014-09-13 22:34 - 00000008 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\techspot.txt
    2014-09-12 18:24 - 2013-10-08 21:59 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-09-11 21:03 - 2014-09-11 21:02 - 06618541 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Geography Book Decoration Images.odt
    2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Toggl
    2014-09-11 12:01 - 2014-09-06 12:02 - 00001994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TogglDesktop.lnk
    2014-09-11 12:01 - 2014-09-06 12:02 - 00001988 _____ () C:\Users\Public\Desktop\TogglDesktop.lnk
    2014-09-10 21:52 - 2014-09-10 21:46 - 14096896 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_61-2014-09-10-13-15-40.msi
    2014-09-10 20:14 - 2014-09-10 20:14 - 06203126 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\French Book Decoration Images.odt
    2014-09-10 15:18 - 2013-10-29 12:17 - 00000000 ____D () C:\ProgramData\pdf995
    2014-09-10 14:18 - 2014-06-17 11:25 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Documents\Home
    2014-09-10 11:56 - 2014-09-10 11:56 - 10473344 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_3_30sec.flv
    2014-09-10 11:47 - 2014-09-10 11:47 - 10462866 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_2_30sec.flv
    2014-09-05 02:52 - 2014-09-15 13:10 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-09-05 02:47 - 2014-09-15 13:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-09-04 14:18 - 2014-09-04 14:17 - 14094848 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_59-2014-09-03-12-19-11.msi
    2014-09-02 21:16 - 2014-09-02 21:15 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_54-2014-09-01-13-54-36.msi
    2014-09-01 11:55 - 2014-09-01 11:54 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_53-2014-09-01-11-39-51.msi
    2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
    2014-08-31 20:32 - 2009-11-26 02:49 - 00000000 ____D () C:\ProgramData\Skype
    2014-08-28 12:28 - 2014-04-11 11:23 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Documents\Car Insurance
    2014-08-23 02:46 - 2014-09-15 13:10 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-08-23 01:42 - 2014-09-15 13:10 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-08-22 11:02 - 2014-08-22 11:02 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
    2014-08-22 10:35 - 2014-01-20 16:01 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2014-08-22 10:35 - 2014-01-20 16:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2014-08-21 18:13 - 2014-08-21 18:13 - 00006941 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\recently-used.xbel
    2014-08-21 18:13 - 2013-10-15 23:14 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\gtk-2.0
    2014-08-21 18:13 - 2013-10-15 23:00 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\.gimp-2.8
    2014-08-21 12:35 - 2014-08-16 15:53 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Nitro PDF
    2014-08-19 18:39 - 2014-09-15 13:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

    Some content of TEMP:
    ====================
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-09-16 16:30

    ==================== End Of Log ============================
     
  18. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    ... and finally:

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
    Ran by Mike Bailey at 2014-09-18 17:28:36
    Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
    2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
    2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
    32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
    Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
    Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
    Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
    AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
    AQA - Summer 2014 e-Marker(R) CMI+ Marker 7.21.0.19 (HKLM\...\{5EE76988-889F-41D0-A342-5226C7A9148A}) (Version: 07.21.0019 - DRS Data Services Ltd )
    BisonCam Twain Pro (HKLM\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.5 - Bison WebCam Ap)
    BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
    Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
    Citrix Authentication Manager (Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
    Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
    Citrix Receiver (HDX Flash Redirection) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
    Citrix Receiver Inside (Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
    Citrix Receiver Updater (Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(Aero) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(DV) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    Citrix Receiver(USB) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    CM Installer (HKLM\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
    Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version: - )
    Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
    Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
    DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
    DRSAutoUpdater (HKLM\...\{ff62e3ed-6e8f-4168-9af7-aa230ff27a86}) (Version: 2.6.0.0 - DRS Data Services Ltd.)
    EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
    EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
    eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
    GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
    Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
    Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
    Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
    GoToMeeting 6.4.2.1669 (HKCU\...\GoToMeeting) (Version: 6.4.2.1669 - CitrixOnline)
    HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
    HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
    HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
    HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
    HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
    HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Integrated Camera Driver Installer Package Ver.1.0.1.2 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.2 - RICOH)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
    Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
    InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
    InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
    IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
    Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
    JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
    Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
    Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
    Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.14 - PC-Doctor, Inc.)
    Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
    LibreOffice 4.1 Help Pack (English (United Kingdom)) (HKLM\...\{5E31A5FD-EE7F-4E2C-B74F-DF93B6B3AF46}) (Version: 4.1.3.2 - The Document Foundation)
    LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Market Samurai (HKLM\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.25 - Alliance Software Pty Ltd)
    Market Samurai (Version: 0.93.25 - Alliance Software Pty Ltd) Hidden
    MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
    Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
    Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
    Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 28.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 28.0 (x86 en-GB)) (Version: 28.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
    Mozilla Thunderbird 24.5.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-GB)) (Version: 24.5.0 - Mozilla)
    MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
    MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Network Printer Wizard (HKLM\...\InstallShield_{12F3BB85-62FB-476D-AAB9-9AB94AF864D4}) (Version: 1.0.1.0 - Generic)
    Network Printer Wizard (Version: 1.0.1.0 - Generic) Hidden
    Nitro Pro 9 (HKLM\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
    Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
    Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
    Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
    Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
    Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
    Office Tab FreeEdition 9.51 (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: - Detong Technology Ltd.)
    On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.31.00 - )
    Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
    Opera Stable 24.0.1558.61 (HKLM\...\Opera 24.0.1558.61) (Version: 24.0.1558.61 - Opera Software ASA)
    PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
    Pdf995 (HKLM\...\Pdf995) (Version: - )
    Prezi Desktop (HKLM\...\{7FAE73A4-F0BC-4B65-81CF-52C417383407}) (Version: 4.7.5 - Prezi.com)
    Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5892 - Realtek Semiconductor Corp.)
    Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
    Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
    Riot plugin (HKLM\...\Riot-plugin) (Version: - )
    Roxio Activation Module (Version: 1.0 - Roxio) Hidden
    Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
    Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
    Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
    Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
    Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
    Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
    Roxio Creator Small Business Edition (Version: 10.3.081 - Roxio) Hidden
    Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
    Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
    Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
    Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
    Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember)
    Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
    SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
    Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
    Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0007 - Lenovo)
    ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
    ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.07 - )
    ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
    ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
    ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
    ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
    TogglDesktop (HKLM\...\{576C82D0-5AC0-44FD-900E-2E765D3AA0CE}) (Version: 7.1.61 - Toggl)
    Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    TouchFreeze (HKLM\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
    TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
    UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
    Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
    Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
    Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
    Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
    Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
    Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892) (HKLM\...\8FE0BAC9C97DE6D9A2B7BB6B689E7F9460D0624B) (Version: 07/10/2009 6.0.1.5892 - Realtek Semiconductor Corp.)
    Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
    Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
    Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
    Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
    WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1326\atucfobj.dll (Cisco WebEx LLC)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

    ==================== Restore Points =========================

    10-09-2014 15:48:02 Windows Modules Installer
    11-09-2014 08:57:23 Windows Update
    11-09-2014 09:14:36 Windows Modules Installer
    11-09-2014 11:00:48 Installed TogglDesktop
    11-09-2014 16:16:45 Windows Modules Installer
    13-09-2014 15:05:07 Windows Modules Installer
    13-09-2014 16:15:44 Windows Modules Installer
    14-09-2014 14:13:22 Windows Modules Installer
    14-09-2014 14:44:00 Windows Modules Installer
    15-09-2014 11:49:20 Windows Update
    15-09-2014 12:11:14 Windows Update
    16-09-2014 16:08:31 Before Running Malwarebytes Anti-Rootkit
    17-09-2014 18:56:24 Windows Modules Installer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:04 - 2014-09-17 09:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {06E5789D-3A83-4A0F-9737-E24BEA1D1A0A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
    Task: {11BB3376-DE67-40A2-9CA4-503F01E73D41} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {17F9A9AE-D9A9-471E-BEE1-98B30AA4DEC7} - System32\Tasks\Opera scheduled Autoupdate 1395521132 => C:\Program Files\Opera\launcher.exe [2014-09-12] (Opera Software)
    Task: {23017711-ECB8-4A8C-A7D4-4A09DDB7CECF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {29085123-C52E-44BB-BEBC-3C62DAF7FE4F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
    Task: {2FCE8699-2FFB-4C3D-A304-9FB55AA13528} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {556C1E1B-DDE0-443C-9720-3D993BDFE4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
    Task: {6A354830-BD2C-43C3-99F7-3877B46E75F1} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
    Task: {7ABC23A6-47B1-430D-A7FE-96C53919A522} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
    Task: {7F07610D-EEEA-483D-AC7A-C90DFF5C4FE7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
    Task: {803FD5F9-825D-440A-8F3B-40D48A69BD8E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {881908B5-4B1B-493C-A51E-927C764996CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
    Task: {BEA2EBD9-35BC-4E2D-86B1-EB64C7D96B36} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
    Task: {C30327C2-29BB-4A82-9100-DF2951713EDD} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
    Task: {DDE4EE10-7BDC-44AE-93FC-67381EA60F9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
    Task: {DE03B19A-F82B-46B1-9713-7C96507D5921} - System32\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007 => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-14] (Citrix Online, a division of Citrix Systems, Inc.)
    Task: {E0A4D119-7E9F-4AAB-B4E7-D274C82B197B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {F4FB241F-7F8C-44DC-9879-13AC570D84DE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
    Task: {FCEA86FB-1D72-47AD-8130-97C64829B48F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-10-29 12:17 - 2013-12-06 14:47 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
    2014-08-01 14:21 - 2014-08-01 14:21 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
    2009-02-05 18:38 - 2009-02-05 18:38 - 00462848 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
    2009-02-05 18:37 - 2009-02-05 18:37 - 00225280 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWpsm.dll
    2009-02-05 18:37 - 2009-02-05 18:37 - 00086016 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWlog.dll
    2009-02-05 18:37 - 2009-02-05 18:37 - 00299008 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWdcp.dll
    2009-02-05 18:37 - 2009-02-05 18:37 - 00118784 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWuntp.dll
    2009-05-28 06:09 - 2009-05-28 06:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
    2014-09-18 17:18 - 2014-09-18 17:18 - 00043008 _____ () c:\users\mikeba~1.wil\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
    2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\libcef.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
    MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe -start
    MSCONFIG\startupreg: LENOVO.TPFNF6R => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
    MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
    MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

    ==================== Faulty Device Manager Devices =============

    Name: MpKsla730720c
    Description: MpKsla730720c
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: MpKsla730720c
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (09/10/2014 11:20:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48831 seconds with 840 seconds of active time. This session ended with a crash.

    Error: (09/04/2014 10:16:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91786 seconds with 4620 seconds of active time. This session ended with a crash.

    Error: (07/25/2014 02:08:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87298 seconds with 5520 seconds of active time. This session ended with a crash.

    Error: (07/02/2014 07:55:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5458 seconds with 120 seconds of active time. This session ended with a crash.

    Error: (06/13/2014 11:08:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (05/07/2014 03:52:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (04/29/2014 11:13:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (04/08/2014 09:41:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (03/12/2014 10:29:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43626 seconds with 8880 seconds of active time. This session ended with a crash.

    Error: (02/12/2014 00:08:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
    Percentage of memory in use: 47%
    Total physical RAM: 1912.86 MB
    Available physical RAM: 1009.26 MB
    Total Pagefile: 3825.73 MB
    Available Pagefile: 2768.69 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1898.96 MB

    ==================== Drives ================================

    Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:176.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.32 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 8025E607)
    Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  19. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Waiting on your next instruction :)
    Thanks - Mike
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  21. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Thanks Broni. Here's the log:

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
    Ran by Mike Bailey at 2014-09-19 09:51:04 Run:1
    Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    S3 catchme; \??\C:\Users\MIKEBA~1.WIL\AppData\Local\Temp\catchme.sys [X]
    S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
    S1 MpKsla730720c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [X]
    S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
    S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
    CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
    AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

    *****************

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
    "HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    "HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
    catchme => Service deleted successfully.
    EST_BusEnum => Service deleted successfully.
    MpKsla730720c => Service deleted successfully.
    PCDSRVC{3037D694-FD904ACA-06000000}_0 => Service deleted successfully.
    PCDSRVC{C4B36920-79E24793-06000000}_0 => Service deleted successfully.
    "C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll" => File/Directory not found.
    C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe => Moved successfully.
    "HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
    "HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
    "HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
    C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully.

    ==== End of Fixlog ====
     
  22. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    BTW, PC seems to be running trouble-free now. No instances of pop-ups although I've deliberately left the browser open to see what happened.
    Too early to decide if the CPU-usage spikes are still there, but no problems with this so far.
    Thanks - Mike
     
  23. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very good :)

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  24. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    Thanks Broni
    Here are the logs:

    Results of screen317's Security Check version 0.99.87
    Windows 7 Service Pack 1 x86 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 67
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player 14.0.0.179
    Adobe Reader XI
    Mozilla Firefox (28.0)
    Mozilla Thunderbird (24.5.0)
    Google Chrome 37.0.2062.103
    Google Chrome 37.0.2062.120
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
     
  25. GK-Mike

    GK-Mike TS Rookie Topic Starter Posts: 22

    ... and the FSS log:

    Farbar Service Scanner Version: 21-07-2014
    Ran by Mike Bailey (administrator) on 20-09-2014 at 16:01:00
    Running from "C:\Users\Mike Bailey.WilliamBailey\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => File is digitally signed
    C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\system32\dhcpcore.dll => File is digitally signed
    C:\Windows\system32\Drivers\afd.sys => File is digitally signed
    C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
    C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\system32\dnsrslvr.dll => File is digitally signed
    C:\Windows\system32\mpssvc.dll => File is digitally signed
    C:\Windows\system32\bfe.dll => File is digitally signed
    C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\system32\SDRSVC.dll => File is digitally signed
    C:\Windows\system32\vssvc.exe => File is digitally signed
    C:\Windows\system32\wscsvc.dll => File is digitally signed
    C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\system32\wuaueng.dll => File is digitally signed
    C:\Windows\system32\qmgr.dll => File is digitally signed
    C:\Windows\system32\es.dll => File is digitally signed
    C:\Windows\system32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\system32\ipnathlp.dll => File is digitally signed
    C:\Windows\system32\iphlpsvc.dll => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed


    **** End of log ****
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...