Solved Browser Pop-Ups and Malware

[GK-Mike]

For around a week I've been seeing pop-up windows when leaving my browser (Opera 24.0) open. Sites include delivery67(dot)com, reimageplus(dot)com and tuneuppro(dot)com; I can see from other threads that I've picked up malware somewhere along the way. PC is otherwise running reliably but from time to time suffers from high CPU usage for no apparent reason.

I've followed the 4-step thread and the logs are below. Thanks in advance for your help.
Mike

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 15/09/2014
Scan Time: 11:55:50
Logfile: MalwareBytes AM History Log 15-Sep-2014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.15.05
Rootkit Database: v2014.09.13.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Mike Bailey

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 404003
Time Elapsed: 32 min, 27 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hijack.StartMenu, HKU\S-1-5-21-1345319095-2320924753-3983188208-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED|Start_ShowMyComputer, 0, Good: (1), Bad: (0),Replaced,[98592dc0f3882f075a17d426877dd12f]

Folders: 2
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc, Quarantined, [945ddb12d2a9e84eea21cd229072a759],

Files: 14
PUP.Optional.DigitalSites.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe, Quarantined, [fff2c32a027993a3c5d91d240bf63dc3],
PUP.Optional.DomaIQ, C:\$Recycle.Bin\S-1-5-21-1345319095-2320924753-3983188208-1007\$R3MF2OL.exe, Quarantined, [ca279f4e0873f2448a56223137c9cd33],
PUP.Optional.OpenCandy, C:\Users\Mike Bailey.WilliamBailey\Downloads\Riot-plugin.exe, Quarantined, [a34e19d41a61bf770e8122015ca9748c],
PUP.Optional.Installcore, C:\Users\Mike Bailey.WilliamBailey\Downloads\ImageEditorSetup.exe, Quarantined, [638e9a53215a5ed8180bac0a659fdc24],
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\config.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\info.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\prod.dat, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.DigitalSite.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT, Quarantined, [fdf4a14cd3a852e4ba2a4de73fc47c84],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\config.dat, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\info.dat, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, Quarantined, [945ddb12d2a9e84eea21cd229072a759],
PUP.Optional.Updater.A, C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe, Quarantined, [945ddb12d2a9e84eea21cd229072a759],

Physical Sectors: 0
(No malicious items detected)


(end)

 

[GK-Mike]

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
Run by Mike Bailey at 13:44:34 on 2014-09-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1913.488 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\ibmpmsvc.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
C:\Windows\system32\NLSSRV32.EXE
C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Opera\24.0.1558.53\opera_crashreporter.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
C:\Program Files\Opera\24.0.1558.53\opera.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://lenovo.msn.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TouchFreeze] c:\users\mike bailey.williambailey\appdata\local\programs\touchfreeze\TouchFreeze.exe
uRun: [MFP and Storage Server] "c:\program files\tp-link\mfp and storage server\MFP and Storage Server.exe" /h
uRun: [Google Update] "c:\users\mike bailey.williambailey\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [TpShocks] TpShocks.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe"
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\mikeba~1.wil\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\mike bailey.williambailey\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0AEB274C-194A-40F7-BFFA-AC3D444280E8} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572633D2D4B44574 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572643D205D4E4D4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572653D245258393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\244584572653D2856393E4 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8CDA64D6-ACE5-4756-87C6-F7456EC03AFE}\E4F4B4941402C457D6961602532303F593036363 : DHCPNameServer = 192.168.137.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.120\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mike bailey.williambailey\appdata\roaming\mozilla\firefox\profiles\wk2k96mn.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\citrix\ica client\npicaN.dll
FF - plugin: c:\program files\citrix\ica client\npURLInterceptorPlugin.dll
FF - plugin: c:\program files\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\users\mike bailey.williambailey\appdata\local\citrix\plugins\104\npappdetector.dll
FF - plugin: c:\users\mike bailey.williambailey\appdata\local\google\update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mike bailey.williambailey\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 211560]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2013-9-24 70440]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2009-7-17 13480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2009-9-8 45424]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\nitro\pro 9\NitroPDFDriverService9.exe [2014-8-1 197128]
R2 NitroUpdateService;NitroUpdateService;c:\program files\nitro\pro 9\Nitro_UpdateService.exe [2014-8-1 392712]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2014-8-1 69640]
R2 NPWService;NPWService;c:\program files\generic\network printer wizard\NPWService.exe [2009-2-5 462848]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2009-9-8 62320]
R3 5U877;USB Video Device;c:\windows\system32\drivers\5U877.sys [2009-10-31 125568]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-8-20 122368]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-8 119256]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-6-10 394856]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-31 29472]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-6-27 89856]
S3 EST_Server;Network USB Device;c:\windows\system32\drivers\GenHC.sys [2009-10-6 173056]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2014-9-15 108032]
S3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\drivers\libusb0.sys [2014-7-6 42592]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-31 4231680]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2013-6-18 107392]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2013-7-18 295376]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-8-18 20848]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-8-18 20848]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-10-31 75040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-10-15 14848]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-6-27 184192]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2014-3-27 49152]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-10-14 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-09-15 12:26:50 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-15 12:10:53 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-15 12:10:50 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-15 12:10:50 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-15 12:10:29 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-15 12:10:28 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-15 12:10:28 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-15 12:10:27 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-15 12:10:26 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-15 12:00:10 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{bc3274a3-ceee-4b3f-862e-00a5a728b773}\mpengine.dll
2014-09-15 10:54:26 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-15 10:53:55 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-15 10:53:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-15 10:53:55 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-15 10:53:54 -------- d-----w- c:\programdata\Malwarebytes
2014-09-15 10:53:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-14 02:19:40 8581864 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-09-11 11:01:36 -------- d-----w- c:\program files\Toggl
2014-08-30 12:00:27 893248 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{96237935-fc47-4283-b7b0-0bfc81e382df}\gapaengine.dll
2014-08-23 11:19:38 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-23 11:19:32 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-23 11:19:21 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-23 11:18:58 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 11:06:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-23 11:06:40 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-23 11:06:39 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-23 11:06:39 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-23 11:06:39 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-23 11:06:31 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 11:06:20 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-23 11:06:20 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-23 11:06:20 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-22 10:02:30 -------- d-----w- c:\users\mike bailey.williambailey\appdata\local\Adobe
2014-08-22 09:30:56 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 09:30:48 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 09:30:30 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-08-22 09:30:30 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-16 14:41:24 -------- d-----w- c:\users\mike bailey.williambailey\appdata\roaming\Nitro
2014-08-16 14:36:17 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
2014-08-16 14:36:17 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
2014-08-16 14:35:09 -------- d-----w- c:\programdata\Nitro
2014-08-16 14:35:09 -------- d-----w- c:\program files\common files\Nitro
2014-08-16 14:35:08 -------- d-----w- c:\program files\Nitro
2014-08-16 14:31:02 -------- d-----w- c:\users\mike bailey.williambailey\appdata\roaming\Downloaded Installations
2014-08-16 14:24:38 -------- d-----w- c:\programdata\Package Cache
.
==================== Find3M ====================
.
2014-08-22 09:35:53 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-22 09:35:53 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-18 22:08:55 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57:44 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46:26 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45:23 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44:44 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44:09 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36:07 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36:05 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35:24 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30:29 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22:48 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08:54 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07:44 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46:48 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-08-05 20:24:26 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-01 13:21:34 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2014-07-25 01:35:46 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-06 18:38:31 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-07-06 18:37:51 67680 ----a-w- c:\windows\system32\libusb0.dll
2014-07-06 18:37:51 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
2014-06-18 01:51:32 646144 ----a-w- c:\windows\system32\osk.exe
.
============= FINISH: 13:45:49.58 ===============

 

[GK-Mike]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25/11/2009 19:26:14
System Uptime: 15/09/2014 13:33:57 (0 hours ago)
.
Motherboard: LENOVO | | INVALID
Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz | U2E1 | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 176.424 GiB free.
D: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.321 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP489: 03/09/2014 16:16:05 - Windows Modules Installer
RP490: 03/09/2014 21:57:14 - Windows Update
RP491: 03/09/2014 22:07:07 - Windows Modules Installer
RP492: 05/09/2014 21:48:23 - Windows Modules Installer
RP493: 05/09/2014 22:24:02 - Windows Modules Installer
RP494: 06/09/2014 12:01:12 - Installed TogglDesktop
RP495: 07/09/2014 21:15:08 - Windows Update
RP496: 08/09/2014 22:01:56 - Windows Modules Installer
RP497: 08/09/2014 22:58:48 - Windows Modules Installer
RP498: 09/09/2014 09:46:06 - Windows Modules Installer
RP499: 09/09/2014 10:54:12 - Windows Modules Installer
RP500: 10/09/2014 14:35:16 - Windows Modules Installer
RP501: 10/09/2014 16:48:02 - Windows Modules Installer
RP502: 11/09/2014 09:57:23 - Windows Update
RP503: 11/09/2014 10:14:36 - Windows Modules Installer
RP504: 11/09/2014 12:00:48 - Installed TogglDesktop
RP505: 11/09/2014 17:16:45 - Windows Modules Installer
RP506: 13/09/2014 16:05:07 - Windows Modules Installer
RP507: 13/09/2014 17:15:44 - Windows Modules Installer
RP508: 14/09/2014 15:13:22 - Windows Modules Installer
RP509: 14/09/2014 15:44:00 - Windows Modules Installer
RP510: 15/09/2014 12:49:20 - Windows Update
RP511: 15/09/2014 13:11:14 - Windows Update
.
==== Installed Programs ======================
.
Registry Patch to arrange icons in Device and Printers folder of Windows 7
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office system
32 Bit HP CIO Components Installer
Access Help
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 14 Plugin
Adobe Reader XI (11.0.08)
AIO_CDB_Software
AIO_Scan
Amazon Kindle
AQA - Summer 2014 e-Marker(R) CMI+ Marker 7.21.0.19
BisonCam Twain Pro
BufferChm
Choice Guard
Cisco WebEx Meetings
Citrix Authentication Manager
Citrix Online Launcher
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CM Installer
Copy
Core FTP LE 2.1
Create Recovery Media
Destinations
DeviceManagementQFolder
DirectX 9 Runtime
DocProc
DocProcQFolder
Dropbox
DRSAutoUpdater
EPSON SX510W Series Printer Uninstall
EpsonNet Config V4
eSupportQFolder
Fax
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GIMP 2.8.6
Google Chrome
Google Talk Plugin
Google Update Helper
GoToMeeting 6.4.2.1669
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
HP Solution Center 8.0
HPProductAssistant
Integrated Camera Driver Installer Package Ver.1.0.1.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
InterVideo WinDVD 8
IrfanView (remove only)
Java 7 Update 67
Java Auto Updater
JMicron Flash Media Controller Driver
Lenovo Power Management Driver
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lenovo Welcome
LibreOffice 4.1 Help Pack (English (United Kingdom))
LibreOffice 4.1.3.2
Malwarebytes Anti-Malware version 2.0.2.1012
Market Samurai
MediaMonkey 4.1
Message Center Plus
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft ReportViewer 2010 Redistributable
Microsoft Research AutoCollage Touch 2009
Microsoft Security Client
Microsoft Security Essentials
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 28.0 (x86 en-GB)
Mozilla Maintenance Service
Mozilla Thunderbird 24.5.0 (x86 en-GB)
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Printer Wizard
Nitro Pro 9
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton Internet Security
Office Tab FreeEdition 9.51
On Screen Display
Online Plug-in
Opera Stable 24.0.1558.53
PC Connectivity Solution
Pdf995
Prezi Desktop
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7
Rescue and Recovery
Riot plugin
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
SAMSUNG USB Driver for Mobile Phones
Scan
Screencast-O-Matic
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB969604)
Self-service Plug-in
Sigil 0.7.4
Skype™ 6.18
SolutionCenter
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Status
System Update
ThinkPad Bluetooth with Enhanced Data Rate Software
ThinkPad FullScreen Magnifier
ThinkPad Power Manager
ThinkPad UltraNav Driver
ThinkPad UltraNav Utility
ThinkVantage Active Protection System
TogglDesktop
Toolbox
TouchFreeze
TrayApp
UnloadSupport
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebReg
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55)
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892)
Windows Live Essentials
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR 5.00 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
15/09/2014 13:36:57, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
15/09/2014 13:35:56, Error: Service Control Manager [7024] -
15/09/2014 07:57:27, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.2435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
15/09/2014 07:57:27, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.183.2435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.10904.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/09/2014 07:28:03, Error: Service Control Manager [7022] - The Bluetooth Service service hung on starting.
09/09/2014 14:30:26, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

• Close all the running programs
• Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]

 

[GK-Mike]

Thanks Broni - I'll be back to you shortly.
Mike

 

[GK-Mike]

Hi Broni
Scans completed as requested. Here are the logs:
RogueKiller V9.2.10.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Mike Bailey [Admin rights]
Mode : Remove -- Date : 09/16/2014 17:00:41

¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] TouchFreeze.exe -- C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe[-] -> KILLED [TermProc]
[Proc.Svchost] svchost.exe -- [x] -> KILLED [TermThr]

¤¤¤ Registry Entries : 6 ¤¤¤
[Suspicious.Path] HKEY_USERS\S-1-5-21-1345319095-2320924753-3983188208-1007\Software\Microsoft\Windows\CurrentVersion\Run | TouchFreeze : C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe [x] -> DELETED
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1345319095-2320924753-3983188208-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
[HJ.FileAsso] HKEY_LOCAL_MACHINE\Software\Classes\pezfile\shell\open\command | : "C:\Program Files\Prezi Desktop 4\Prezi Desktop.exe" "%1" -> REPLACED ("%1" %*)
[HJ.FileAsso] HKEY_CLASSES_ROOT\pezfile\shell\open\command | : "C:\Program Files\Prezi Desktop 4\Prezi Desktop.exe" "%1" -> REPLACED ("%1" %*)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[Suspicious.Path] Digital Sites.job -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
[Suspicious.Path] DigitalSite.job -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
[Suspicious.Path] \\Digital Sites -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~2\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED
[Suspicious.Path] \\DigitalSite -- C:\Users\MIKEBA~1.WIL\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE (/Check) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 4 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.bubbleshooter.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bubbleshooter.net
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.silvergames.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 silvergames.com

¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤
[Filter(Kernel.Filter)] \Driver\Disk @ \Device\Harddisk0\DR0 : \Driver\Shockprf @ Unknown (\SystemRoot\System32\drivers\rdyboost.sys)

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.Proxy][FIREFX:Config] wk2k96mn.default : user_pref("network.proxy.type", 4); -> NOT SELECTED

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: FUJITSU MJA2320BH G2 +++++
--- User ---
[MBR] b3ff452384b8bec2c3cf6f8ecf246a64
[BSP] edb4fe6ff3f84821e8e998fd08adcde8 : Lenovo MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1200 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2459648 | Size: 294043 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09162014_160651.log

 

[GK-Mike]

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.17280
Mike Bailey :: WILLIAMBAILEY [administrator]

16/09/2014 17:16:19
mbar-log-2014-09-16 (17-16-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 405704
Time elapsed: 27 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

[GK-Mike]

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 11.0.9600.17280

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 2005782528, free: 814964736

Downloaded database version: v2014.09.16.05
Downloaded database version: v2014.09.15.01
=======================================
------------ Kernel report ------------
09/16/2014 17:16:02
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM86.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx86.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr32v.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\smiif32.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\NETw5s32.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt86win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\System32\ATMFD.DLL
\??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\iertutil.dll
\Windows\System32\imm32.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\Wldap32.dll
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\kernel32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\nsi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\setupapi.dll
\Windows\System32\sechost.dll
\Windows\System32\usp10.dll
\Windows\System32\shell32.dll
\Windows\System32\difxapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\profapi.dll
\Windows\System32\msasn1.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff868f4030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xffffffff85ad4028
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff868f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff868f5020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff868f4760, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xffffffff868f4030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85b3a908, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85ad4028, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\Shockprf\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8025E607

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 2457600
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2459648 Numsec = 602200064

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 604659712 Numsec = 20480000

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Infected file C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Temp\is357113909\22549177_stp\wajam_validate.exe could not be remediated because backup file is not available
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-k.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-u.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\wajam_validate.exe-r.mbam...
Removal finished

 

[GK-Mike]

I'll wait to hear from you
Thanks Mike

 

[Broni]

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[GK-Mike]

Thanks Broni
I'll get back to you later today.
Mike

 

[GK-Mike]

Hello Broni
ComboFix ran without any problems. Here is the log:

ComboFix 14-09-16.01 - Mike Bailey 17/09/2014 7:31.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.1913.965 [GMT 1:00]
Running from: c:\users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\_desktop.ini
c:\swtools\APPS\CSBED\CSBE\ACTIVATION_104\BIN\_desktop.ini
c:\users\Mike Bailey.WilliamBailey\AppData\Local\Temp\7zS3747\HPSLPSVC32.DLL
c:\users\MIKEBA~1.WIL\AppData\Local\Temp\7zS3747\HPSLPSVC32.DLL
Q:\AUTORUN.INF
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2014-08-17 to 2014-09-17 )))))))))))))))))))))))))))))))
.
.
2014-09-17 06:42 . 2014-09-17 08:10 -------- d-----w- c:\users\Mike Bailey.WilliamBailey\AppData\Local\temp
2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\William Bailey\AppData\Local\temp
2014-09-17 06:42 . 2014-09-17 06:42 -------- d-----w- c:\users\Jan Bailey\AppData\Local\temp
2014-09-16 21:37 . 2014-09-16 21:36 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{947060CA-BC4B-496C-AD46-FDD8A5C04CBD}\gapaengine.dll
2014-09-16 21:37 . 2014-09-09 01:24 8806800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0D81FC63-7141-450E-B8EA-75433AE9CF00}\mpengine.dll
2014-09-16 16:16 . 2014-09-16 16:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-16 14:14 . 2014-09-16 14:14 33512 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-16 14:13 . 2014-09-16 14:14 -------- d-----w- c:\programdata\RogueKiller
2014-09-15 12:48 . 2014-08-21 02:44 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-09-15 12:26 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-15 12:10 . 2014-08-01 11:35 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-15 12:10 . 2014-07-07 01:40 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-15 12:10 . 2014-07-07 01:40 550912 ----a-w- c:\windows\system32\kerberos.dll
2014-09-15 12:10 . 2014-08-23 00:42 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-09-15 12:10 . 2014-08-23 01:46 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-09-15 12:10 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-15 12:10 . 2014-09-05 01:52 445952 ----a-w- c:\windows\system32\aepdu.dll
2014-09-15 12:10 . 2014-09-05 01:47 302592 ----a-w- c:\windows\system32\aeinv.dll
2014-09-15 10:54 . 2014-09-16 16:16 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-15 10:53 . 2014-09-16 16:14 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-15 10:53 . 2014-05-12 06:26 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-15 10:53 . 2014-05-12 06:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-15 10:53 . 2014-09-15 10:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-09-15 10:53 . 2014-09-15 10:53 -------- d-----w- c:\programdata\Malwarebytes
2014-09-12 09:43 . 2014-09-12 09:43 227728 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2014-09-11 11:01 . 2014-09-11 11:01 -------- d-----w- c:\program files\Toggl
2014-08-31 19:32 . 2014-08-31 19:32 -------- d-----w- c:\program files\Common Files\Skype
2014-08-23 11:19 . 2014-03-09 21:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-23 11:19 . 2014-06-30 22:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-23 11:19 . 2014-03-09 21:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-23 11:18 . 2014-06-06 06:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-23 11:06 . 2014-07-14 01:42 654336 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-23 11:06 . 2014-06-03 09:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-23 11:06 . 2014-06-03 09:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-23 11:06 . 2014-06-03 09:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-23 11:06 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-23 11:06 . 2014-07-16 02:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 11:06 . 2014-06-16 01:44 730048 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-23 11:06 . 2014-06-16 01:44 219072 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-08-23 11:06 . 2014-06-16 01:40 107520 ----a-w- c:\windows\system32\cdd.dll
2014-08-22 10:02 . 2014-08-22 10:02 -------- d-----w- c:\users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
2014-08-22 09:30 . 2014-05-14 16:23 45536 ----a-w- c:\windows\system32\wups2.dll
2014-08-22 09:30 . 2014-05-14 16:23 54240 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-22 09:30 . 2014-05-14 16:23 1973728 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-22 09:30 . 2014-05-14 16:17 2425856 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 09:30 . 2014-05-14 16:23 36320 ----a-w- c:\windows\system32\wups.dll
2014-08-22 09:30 . 2014-05-14 16:17 92672 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 09:30 . 2014-05-14 16:23 581600 ----a-w- c:\windows\system32\wuapi.dll
2014-08-22 09:30 . 2014-05-14 08:23 179656 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-22 09:30 . 2014-05-14 08:17 33792 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-22 09:35 . 2014-01-20 15:01 699568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-22 09:35 . 2014-01-20 15:01 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-20 08:01 . 2013-10-18 20:33 893248 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-08-05 20:24 . 2014-08-05 20:24 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-01 13:21 . 2014-08-01 13:21 69640 ----a-w- c:\windows\system32\NLSSRV32.EXE
2014-08-01 13:20 . 2014-08-16 14:36 27144 ----a-w- c:\windows\system32\nitrolocalmon9.dll
2014-08-01 13:20 . 2014-08-16 14:36 18440 ----a-w- c:\windows\system32\nitrolocalui9.dll
2014-07-25 01:35 . 2014-07-25 01:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-06 18:38 . 2014-07-06 18:38 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-07-06 18:37 . 2014-07-06 18:37 67680 ----a-w- c:\windows\system32\libusb0.dll
2014-07-06 18:37 . 2014-07-06 18:37 42592 ----a-w- c:\windows\system32\drivers\libusb0.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2009-03-13 68976]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"TpShocks"="TpShocks.exe" [2009-07-09 337184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-19 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-19 151064]
"Message Center Plus"="c:\program files\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-28 49976]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-05 244208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-18 995184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-30 36414496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2013-10-01 19:08 395656 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch Backup Service Once]
2009-08-28 21:27 21304 ------w- c:\program files\Lenovo\Rescue and Recovery\rrstrigger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LENOVO.TPFNF6R]
2009-08-20 00:38 62752 ------w- c:\program files\Lenovo\HOTKEY\tpfnf6r.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWMTRV]
2009-08-23 18:04 709920 ------w- c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Redirector]
2013-10-01 19:08 153992 ----a-w- c:\program files\Citrix\ICA Client\redirector.exe
.
R1 MpKsla730720c;MpKsla730720c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-05 362992]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-08-05 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-08-05 166384]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-04-11 89856]
R3 EST_BusEnum;Network USB Device Bus;c:\windows\system32\DRIVERS\GenBus.sys [x]
R3 EST_Server;Network USB Device;c:\windows\system32\DRIVERS\GenHC.sys [2009-10-06 173056]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 libusb0;libusb-win32 - Kernel Driver 01/17/2012 1.2.6.0;c:\windows\system32\DRIVERS\libusb0.sys [2014-07-06 42592]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-05-13 4231680]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-06-18 107392]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-07-18 295376]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0;PCDSRVC{3037D694-FD904ACA-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2009-08-18 20848]
R3 PCDSRVC{C4B36920-79E24793-06000000}_0;PCDSRVC{C4B36920-79E24793-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\pcdsrvc.pkms [2009-08-18 20848]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2009-08-23 75040]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-05 313840]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-08-05 1124848]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-04-11 184192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-10-14 1343400]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 20480]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2009-06-29 20520]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2013-09-24 70440]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2008-05-12 13480]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2009-07-03 45424]
S2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\program files\Nitro\Pro 9\NitroPDFDriverService9.exe [2014-08-01 197128]
S2 NitroUpdateService;NitroUpdateService;c:\program files\Nitro\Pro 9\Nitro_UpdateService.exe [2014-08-01 392712]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NLSSRV32.EXE [2014-08-01 69640]
S2 NPWService;NPWService;c:\program files\Generic\Network Printer Wizard\NPWService.exe [2009-02-05 462848]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2009-05-21 62320]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys [2009-06-18 125568]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 122368]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-05-18 119256]
S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-12 17:17 1096520 ----a-w- c:\program files\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job
- c:\users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-14 02:28]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 20:56]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-08 20:56]
.
2014-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job
- c:\users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19 14:16]
.
2014-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job
- c:\users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19 14:16]
.
2014-08-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\pcdr5cuiw32.exe [2009-08-25 23:12]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\Firefox\Profiles\wk2k96mn.default\
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-MFP and Storage Server - c:\program files\TP-LINK\MFP and Storage Server\MFP and Storage Server.exe
HKLM-Run-IdeaNotesUser - c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
MSConfigStartUp-CitrixReceiver - c:\programdata\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk
MSConfigStartUp-KiesTrayAgent - c:\program files\Samsung\Kies\KiesTrayAgent.exe
MSConfigStartUp-Syncios device service - c:\program files\Syncios\SynciosDeviceService.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{3037D694-FD904ACA-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc.pkms"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{C4B36920-79E24793-06000000}_0]
"ImagePath"="\??\c:\progra~1\pc-doc~1\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5336)
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlk.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\Lenovo\HOTKEY\tpnumlkd.exe
c:\windows\system32\conhost.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\windows\System32\TpShocks.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\igfxsrvc.exe
c:\users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
.
**************************************************************************
.
Completion time: 2014-09-17 09:16:04 - machine was rebooted
ComboFix-quarantined-files.txt 2014-09-17 08:16
.
Pre-Run: 189,311,119,360 bytes free
Post-Run: 187,978,313,728 bytes free
.
- - End Of File - - 37EF9F550FD1BF0395D5D49B5B8292C2
E34253A354E7A1FC2BEB6A0A69D7745E

 

[GK-Mike]

Broni, I have a question about the results of the RogueKiller scan; it identified TouchFreeze as a suspicious process on account of the path (I believe):

¤¤¤ Bad processes : 2 ¤¤¤
[Suspicious.Path] TouchFreeze.exe -- C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Programs\TouchFreeze\TouchFreeze.exe[-] -> KILLED [TermProc]

Does this mean I should find another utility to do this job? TouchFreeze "mutes" the touchpad on my laptop when I'm typing (in MS Word, for example) to prevent me inadvertently moving the insertion point. I've been using it for some time - certainly long before these problems arose.

Thanks - Mike

 

[Broni]

We'll get it...

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[GK-Mike]

Thanks Broni - here we go:

# AdwCleaner v3.310 - Report created 18/09/2014 at 17:14:52
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Mike Bailey - WILLIAMBAILEY
# Running from : C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKCU\Software\dsiteproducts

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v28.0 (en-GB)

-\\ Google Chrome v37.0.2062.120

*************************

AdwCleaner[R0].txt - [2086 octets] - [18/09/2014 17:09:50]
AdwCleaner[S0].txt - [2041 octets] - [18/09/2014 17:14:52]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2101 octets] ##########

 

[GK-Mike]

... and the next one:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Professional x86
Ran by Mike Bailey on 18/09/2014 at 17:22:41.35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\digitalsite"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/09/2014 at 17:26:04.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[GK-Mike]

... and the next one:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Mike Bailey (administrator) on WILLIAMBAILEY on 18-09-2014 17:27:26
Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\System32\NLSSRV32.EXE
() C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7612960 2009-07-10] (Realtek Semiconductor)
HKLM\...\Run: [TPHOTKEY] => C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [68976 2009-03-13] (Lenovo Group Limited)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [337184 2009-07-09] (Lenovo.)
HKLM\...\Run: [Message Center Plus] => C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-28] ()
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-05] (Sonic Solutions)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [995184 2013-07-18] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=oa-skypegb-2014-MSNO&O
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.com/search?q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog5 08 C:\Program Files\Generic\Network Printer Wizard\NPWprint.DLL [151552] (Elite Silicon Technology Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\Firefox\Profiles\wk2k96mn.default
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @nitropdf.com/NitroPDF -> C:\Program Files\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF HKLM\...\Firefox\Extensions: [bkmrksync@nokia.com] - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync
FF Extension: PC Sync 2 Synchronisation Extension - C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync [2013-10-28]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR CustomProfile: C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Awesome Screenshot: Capture & Annotate) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce [2013-10-10]
CHR Extension: (Google Docs) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-08]
CHR Extension: (Google Drive) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-08]
CHR Extension: (YouTube) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-08]
CHR Extension: (Google Search) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-08]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2013-10-10]
CHR Extension: (Google Wallet) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-08]
CHR Extension: (Gmail) - C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-08]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 LENOVO.MICMUTE; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [45424 2009-07-03] (Lenovo Group Limited)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2013-07-18] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2006-11-08] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-07-18] (Microsoft Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9.exe [197128 2014-08-01] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [392712 2014-08-01] ()
R2 NPWService; C:\Program Files\Generic\Network Printer Wizard\NPWService.exe [462848 2009-02-05] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2006-11-08] (Hewlett-Packard) [File not signed]
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-05] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-05] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2009-08-05] (Sonic Solutions)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-04] (Lenovo Group Limited) [File not signed]
R2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [173056 2009-10-06] ( ) [File not signed]
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [42592 2014-07-06] (http://libusb-win32.sourceforge.net)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MIKEBA~1.WIL\AppData\Local\Temp\catchme.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S1 MpKsla730720c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSBXP.SYS [49408 2013-11-22] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 17:27 - 2014-09-18 17:28 - 00018128 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.txt
2014-09-18 17:27 - 2014-09-18 17:27 - 00000000 ____D () C:\FRST
2014-09-18 17:22 - 2014-09-18 17:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 17:09 - 2014-09-18 17:14 - 00000000 ____D () C:\AdwCleaner
2014-09-18 14:49 - 2014-09-18 14:50 - 01097728 _____ (Farbar) C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.exe
2014-09-18 14:48 - 2014-09-18 14:49 - 01016830 _____ (Thisisu) C:\Users\Mike Bailey.WilliamBailey\Desktop\JRT.exe
2014-09-18 14:47 - 2014-09-18 14:48 - 01373475 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
2014-09-17 21:00 - 2014-09-17 21:00 - 00025734 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\17-9-14.odt
2014-09-17 20:58 - 2014-09-17 20:58 - 12514932 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Art Book Decoration Images.odt
2014-09-17 19:57 - 2014-09-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-17 09:17 - 2014-09-17 09:17 - 00024200 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.txt
2014-09-17 09:16 - 2014-09-17 09:16 - 00024200 _____ () C:\ComboFix.txt
2014-09-17 07:28 - 2014-09-17 09:16 - 00000000 ____D () C:\Qoobox
2014-09-17 07:28 - 2014-09-17 09:13 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 07:28 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-17 07:28 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-17 07:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-17 07:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-17 07:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-17 07:28 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-17 07:28 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-17 07:28 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-17 07:18 - 2014-09-17 07:24 - 05579386 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
2014-09-16 17:16 - 2014-09-16 17:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-16 17:14 - 2014-09-16 17:44 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar
2014-09-16 17:10 - 2014-09-16 17:11 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar-1.07.0.1012.exe
2014-09-16 15:14 - 2014-09-16 15:14 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-16 15:13 - 2014-09-16 15:14 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 10:40 - 2014-09-16 10:41 - 04859480 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\RogueKiller.exe
2014-09-15 13:27 - 2014-08-19 18:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-15 13:27 - 2014-08-18 23:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-15 13:27 - 2014-08-18 23:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-15 13:27 - 2014-08-18 22:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-15 13:27 - 2014-08-18 22:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-15 13:27 - 2014-08-18 22:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-15 13:27 - 2014-08-18 22:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-15 13:27 - 2014-08-18 22:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-15 13:27 - 2014-08-18 22:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-15 13:27 - 2014-08-18 22:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-15 13:27 - 2014-08-18 22:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-15 13:27 - 2014-08-18 22:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-15 13:27 - 2014-08-18 22:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-15 13:27 - 2014-08-18 22:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-15 13:27 - 2014-08-18 22:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-15 13:27 - 2014-08-18 22:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-15 13:27 - 2014-08-18 22:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-15 13:27 - 2014-08-18 22:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-15 13:27 - 2014-08-18 22:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-15 13:27 - 2014-08-18 22:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-15 13:27 - 2014-08-18 22:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-15 13:27 - 2014-08-18 22:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-15 13:27 - 2014-08-18 22:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-15 13:27 - 2014-08-18 22:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-15 13:27 - 2014-08-18 22:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-15 13:27 - 2014-08-18 22:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-15 13:27 - 2014-08-18 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-15 13:27 - 2014-08-18 21:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-15 13:27 - 2014-08-18 21:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-15 13:27 - 2014-08-18 21:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-15 13:26 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-15 13:10 - 2014-09-05 02:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-15 13:10 - 2014-09-05 02:47 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-15 13:10 - 2014-08-23 02:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-15 13:10 - 2014-08-23 01:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-15 13:10 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-15 13:10 - 2014-07-07 02:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-15 13:10 - 2014-07-07 02:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-15 13:10 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-15 12:56 - 2014-09-15 12:56 - 00688992 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Downloads\dds.com
2014-09-15 12:43 - 2014-09-18 17:26 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\CleanUp Sep-2014
2014-09-15 11:54 - 2014-09-16 17:16 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 11:54 - 2014-09-15 11:54 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 11:54 - 2014-09-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 11:53 - 2014-09-16 17:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-15 11:53 - 2014-09-15 11:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 11:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-15 11:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-15 11:48 - 2014-09-15 11:50 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike Bailey.WilliamBailey\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 22:34 - 2014-09-13 22:34 - 00000008 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\techspot.txt
2014-09-11 21:02 - 2014-09-11 21:03 - 06618541 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Geography Book Decoration Images.odt
2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Toggl
2014-09-10 21:46 - 2014-09-10 21:52 - 14096896 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_61-2014-09-10-13-15-40.msi
2014-09-10 20:14 - 2014-09-10 20:14 - 06203126 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\French Book Decoration Images.odt
2014-09-10 11:56 - 2014-09-10 11:56 - 10473344 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_3_30sec.flv
2014-09-10 11:47 - 2014-09-10 11:47 - 10462866 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_2_30sec.flv
2014-09-06 12:02 - 2014-09-11 12:01 - 00001994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TogglDesktop.lnk
2014-09-06 12:02 - 2014-09-11 12:01 - 00001988 _____ () C:\Users\Public\Desktop\TogglDesktop.lnk
2014-09-04 14:17 - 2014-09-04 14:18 - 14094848 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_59-2014-09-03-12-19-11.msi
2014-09-02 21:15 - 2014-09-02 21:16 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_54-2014-09-01-13-54-36.msi
2014-09-01 11:54 - 2014-09-01 11:55 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_53-2014-09-01-11-39-51.msi
2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-23 12:19 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-23 12:19 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-23 12:19 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-23 12:18 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 12:06 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 12:06 - 2014-07-14 02:42 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 12:06 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-23 12:06 - 2014-06-16 02:44 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 12:06 - 2014-06-16 02:44 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 12:06 - 2014-06-16 02:40 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 12:06 - 2014-06-03 10:30 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 12:06 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 12:06 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 12:06 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-22 11:02 - 2014-08-22 11:02 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
2014-08-22 10:30 - 2014-05-14 17:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 10:30 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 10:30 - 2014-05-14 17:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 10:30 - 2014-05-14 17:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 10:30 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 10:30 - 2014-05-14 17:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 10:30 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 10:30 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 10:30 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-21 18:13 - 2014-08-21 18:13 - 00006941 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 17:28 - 2014-09-18 17:27 - 00018128 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.txt
2014-09-18 17:27 - 2014-09-18 17:27 - 00000000 ____D () C:\FRST
2014-09-18 17:26 - 2014-09-15 12:43 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\CleanUp Sep-2014
2014-09-18 17:25 - 2014-02-27 18:57 - 00000654 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job
2014-09-18 17:25 - 2009-07-14 05:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 17:25 - 2009-07-14 05:34 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 17:22 - 2014-09-18 17:22 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 17:22 - 2009-10-31 23:11 - 01944048 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 17:19 - 2013-10-11 09:49 - 00000000 ___RD () C:\Users\Mike Bailey.WilliamBailey\Desktop\Dropbox
2014-09-18 17:18 - 2013-10-11 09:44 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox
2014-09-18 17:18 - 2013-10-08 21:56 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 17:17 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 17:17 - 2009-07-14 05:39 - 00127498 _____ () C:\Windows\setupact.log
2014-09-18 17:16 - 2009-11-26 04:21 - 00268162 _____ () C:\Windows\PFRO.log
2014-09-18 17:15 - 2013-10-08 21:56 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 17:14 - 2014-09-18 17:09 - 00000000 ____D () C:\AdwCleaner
2014-09-18 17:05 - 2013-10-16 11:46 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-18 17:05 - 2013-10-10 18:47 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Skype
2014-09-18 16:54 - 2014-08-01 09:49 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Kopsik
2014-09-18 16:39 - 2014-03-19 15:16 - 00000960 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job
2014-09-18 14:50 - 2014-09-18 14:49 - 01097728 _____ (Farbar) C:\Users\Mike Bailey.WilliamBailey\Desktop\FRST.exe
2014-09-18 14:49 - 2014-09-18 14:48 - 01016830 _____ (Thisisu) C:\Users\Mike Bailey.WilliamBailey\Desktop\JRT.exe
2014-09-18 14:48 - 2014-09-18 14:47 - 01373475 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\adwcleaner_3.310.exe
2014-09-18 12:40 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2014-09-18 10:45 - 2014-06-09 14:22 - 00001094 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\Dropbox.lnk
2014-09-18 10:45 - 2013-10-11 09:45 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-18 09:39 - 2014-03-19 15:16 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job
2014-09-17 21:00 - 2014-09-17 21:00 - 00025734 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\17-9-14.odt
2014-09-17 20:58 - 2014-09-17 20:58 - 12514932 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Art Book Decoration Images.odt
2014-09-17 20:19 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 19:57 - 2014-09-17 19:57 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-09-17 19:57 - 2009-07-14 05:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 09:44 - 2014-03-22 21:45 - 00000000 ____D () C:\Program Files\Opera
2014-09-17 09:17 - 2014-09-17 09:17 - 00024200 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.txt
2014-09-17 09:16 - 2014-09-17 09:16 - 00024200 _____ () C:\ComboFix.txt
2014-09-17 09:16 - 2014-09-17 07:28 - 00000000 ____D () C:\Qoobox
2014-09-17 09:16 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-09-17 09:16 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-09-17 09:13 - 2014-09-17 07:28 - 00000000 ____D () C:\Windows\erdnt
2014-09-17 09:10 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-09-17 07:44 - 2009-07-14 03:03 - 64487424 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-17 07:44 - 2009-07-14 03:03 - 19922944 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-17 07:44 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-17 07:44 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-17 07:44 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-17 07:24 - 2014-09-17 07:18 - 05579386 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Desktop\ComboFix.exe
2014-09-16 22:25 - 2013-12-11 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 19:13 - 2009-07-21 06:30 - 00847474 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-16 17:44 - 2014-09-16 17:16 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-16 17:44 - 2014-09-16 17:14 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar
2014-09-16 17:16 - 2014-09-15 11:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-16 17:14 - 2014-09-15 11:53 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-16 17:11 - 2014-09-16 17:10 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Mike Bailey.WilliamBailey\Desktop\mbar-1.07.0.1012.exe
2014-09-16 15:14 - 2014-09-16 15:14 - 00033512 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-16 15:14 - 2014-09-16 15:13 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-16 10:41 - 2014-09-16 10:40 - 04859480 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\RogueKiller.exe
2014-09-15 14:06 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-15 13:36 - 2009-07-14 05:33 - 00510608 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-15 13:26 - 2013-10-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-15 13:17 - 2013-10-14 17:34 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-15 13:16 - 2014-05-01 23:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-15 12:56 - 2014-09-15 12:56 - 00688992 ____R (Swearware) C:\Users\Mike Bailey.WilliamBailey\Downloads\dds.com
2014-09-15 12:31 - 2014-02-11 13:19 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\DigitalSites
2014-09-15 11:54 - 2014-09-15 11:54 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 11:54 - 2014-09-15 11:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 11:54 - 2014-09-15 11:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-15 11:53 - 2014-09-15 11:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 11:50 - 2014-09-15 11:48 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Mike Bailey.WilliamBailey\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-15 08:49 - 2013-10-17 14:40 - 00000094 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\WB.CFG
2014-09-13 22:34 - 2014-09-13 22:34 - 00000008 _____ () C:\Users\Mike Bailey.WilliamBailey\Desktop\techspot.txt
2014-09-12 18:24 - 2013-10-08 21:59 - 00002140 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-11 21:03 - 2014-09-11 21:02 - 06618541 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\Geography Book Decoration Images.odt
2014-09-11 12:01 - 2014-09-11 12:01 - 00000000 ____D () C:\Program Files\Toggl
2014-09-11 12:01 - 2014-09-06 12:02 - 00001994 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\TogglDesktop.lnk
2014-09-11 12:01 - 2014-09-06 12:02 - 00001988 _____ () C:\Users\Public\Desktop\TogglDesktop.lnk
2014-09-10 21:52 - 2014-09-10 21:46 - 14096896 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_61-2014-09-10-13-15-40.msi
2014-09-10 20:14 - 2014-09-10 20:14 - 06203126 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\French Book Decoration Images.odt
2014-09-10 15:18 - 2013-10-29 12:17 - 00000000 ____D () C:\ProgramData\pdf995
2014-09-10 14:18 - 2014-06-17 11:25 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Documents\Home
2014-09-10 11:56 - 2014-09-10 11:56 - 10473344 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_3_30sec.flv
2014-09-10 11:47 - 2014-09-10 11:47 - 10462866 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\SKYBET_PREROLL_2_30sec.flv
2014-09-05 02:52 - 2014-09-15 13:10 - 00445952 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 02:47 - 2014-09-15 13:10 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 14:18 - 2014-09-04 14:17 - 14094848 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_59-2014-09-03-12-19-11.msi
2014-09-02 21:16 - 2014-09-02 21:15 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_54-2014-09-01-13-54-36.msi
2014-09-01 11:55 - 2014-09-01 11:54 - 14093312 _____ () C:\Users\Mike Bailey.WilliamBailey\Downloads\toggldesktop-7_1_53-2014-09-01-11-39-51.msi
2014-08-31 20:32 - 2014-08-31 20:32 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-08-31 20:32 - 2009-11-26 02:49 - 00000000 ____D () C:\ProgramData\Skype
2014-08-28 12:28 - 2014-04-11 11:23 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\Documents\Car Insurance
2014-08-23 02:46 - 2014-09-15 13:10 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:42 - 2014-09-15 13:10 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 11:02 - 2014-08-22 11:02 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Adobe
2014-08-22 10:35 - 2014-01-20 16:01 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-22 10:35 - 2014-01-20 16:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-21 18:13 - 2014-08-21 18:13 - 00006941 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\recently-used.xbel
2014-08-21 18:13 - 2013-10-15 23:14 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Local\gtk-2.0
2014-08-21 18:13 - 2013-10-15 23:00 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\.gimp-2.8
2014-08-21 12:35 - 2014-08-16 15:53 - 00000000 ____D () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Nitro PDF
2014-08-19 18:39 - 2014-09-15 13:27 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

Some content of TEMP:
====================
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 16:30

==================== End Of Log ============================

 

[GK-Mike]

... and finally:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Mike Bailey at 2014-09-18 17:28:36
Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
2007 Microsoft Office Suite Service Pack 1 (SP1) (Version: - Microsoft) Hidden
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6425.1000 - Microsoft Corporation)
32 Bit HP CIO Components Installer (Version: 1.0.0 - Hewlett-Packard) Hidden
Access Help (HKLM\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIO_CDB_Software (Version: 82.0.242.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
AQA - Summer 2014 e-Marker(R) CMI+ Marker 7.21.0.19 (HKLM\...\{5EE76988-889F-41D0-A342-5226C7A9148A}) (Version: 07.21.0019 - DRS Data Services Ltd )
BisonCam Twain Pro (HKLM\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.5 - Bison WebCam Ap)
BufferChm (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Cisco WebEx Meetings (HKCU\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)
Citrix Authentication Manager (Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Online Launcher (HKLM\...\{AC7E7905-8C59-4806-A96D-30936A2B1FC5}) (Version: 1.0.168 - Citrix)
Citrix Receiver (HDX Flash Redirection) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
CM Installer (HKLM\...\{E8F42777-958D-4C14-9A42-8DCA1929FD26}) (Version: 1.0.0.0 - Cyanogen Inc.)
Copy (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Core FTP LE 2.1 (HKLM\...\Core FTP LE 2.1) (Version: - )
Create Recovery Media (HKLM\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
Destinations (Version: 82.0.173.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DocProc (Version: 8.1.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DRSAutoUpdater (HKLM\...\{ff62e3ed-6e8f-4168-9af7-aa230ff27a86}) (Version: 2.6.0.0 - DRS Data Services Ltd.)
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Config V4 (HKLM\...\{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Fax (Version: 82.0.188.000 - Hewlett-Packard) Hidden
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892) (HKLM\...\KB970892_SQL9) (Version: 9.3.4053 - Microsoft Corporation)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.2.1669 (HKCU\...\GoToMeeting) (Version: 6.4.2.1669 - CitrixOnline)
HP Imaging Device Functions 8.0 (HKLM\...\HP Imaging Device Functions) (Version: 8.0 - HP)
HP OCR Software 8.0 (HKLM\...\HPOCR) (Version: 8.0 - HP)
HP Photosmart Essential (HKLM\...\{EB21A812-671B-4D08-B974-2A347F0D8F70}) (Version: 1.12.0.46 - HP)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP)
HP Solution Center 8.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 8.0 - HP)
HPProductAssistant (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.0.1.2 (HKLM\...\{C3CD17B4-08B0-492D-8A4C-81716D33E520}) (Version: 1.0.1.2 - RICOH)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
InterVideo WinDVD 8 (HKLM\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.112 - InterVideo Inc.)
InterVideo WinDVD 8 (Version: 8.0.20.112 - InterVideo Inc.) Hidden
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.29.02 - JMicron Technology Corp.)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.01 - )
Lenovo ThinkVantage Toolbox (HKLM\...\PC-Doctor for Windows) (Version: 6.0.5387.14 - PC-Doctor, Inc.)
Lenovo Welcome (HKLM\...\Lenovo Welcome_is1) (Version: 2.0.020.0 - Lenovo)
LibreOffice 4.1 Help Pack (English (United Kingdom)) (HKLM\...\{5E31A5FD-EE7F-4E2C-B74F-DF93B6B3AF46}) (Version: 4.1.3.2 - The Document Foundation)
LibreOffice 4.1.3.2 (HKLM\...\{4F3722AD-197D-4DBB-BDFB-D2F0D6776354}) (Version: 4.1.3.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Market Samurai (HKLM\...\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1) (Version: 0.93.25 - Alliance Software Pty Ltd)
Market Samurai (Version: 0.93.25 - Alliance Software Pty Ltd) Hidden
MediaMonkey 4.1 (HKLM\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Message Center Plus (HKLM\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 2 (SP2) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6215.1000 - Microsoft Corporation) Hidden
Microsoft ReportViewer 2010 Redistributable (HKLM\...\{C19B3EB6-B54C-3204-A4DF-88432E0C79F7}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Research AutoCollage Touch 2009 (HKLM\...\{1F8DA253-3C27-4B01-A63A-BA3533120833}) (Version: 2.00.2009 - Microsoft Research)
Microsoft Security Client (Version: 4.3.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-GB) (HKLM\...\Mozilla Firefox 28.0 (x86 en-GB)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 en-GB) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 en-GB)) (Version: 24.5.0 - Mozilla)
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Printer Wizard (HKLM\...\InstallShield_{12F3BB85-62FB-476D-AAB9-9AB94AF864D4}) (Version: 1.0.1.0 - Generic)
Network Printer Wizard (Version: 1.0.1.0 - Generic) Hidden
Nitro Pro 9 (HKLM\...\{c5237a45-d0a0-4c12-9269-f59919377de1}) (Version: 9.5.3.8 - Nitro)
Nitro Pro 9 (Version: 9.5.3.8 - Nitro) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia PC Suite (HKLM\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia)
Nokia PC Suite (Version: 7.1.180.94 - Nokia) Hidden
Norton Internet Security (Version: 16.7.0.30 - Symantec Corporation) Hidden
Office Tab FreeEdition 9.51 (HKLM\...\{DE469D65-1DEB-4058-BF95-C642D733668D}_is1) (Version: - Detong Technology Ltd.)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 5.31.00 - )
Online Plug-in (Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Opera Stable 24.0.1558.61 (HKLM\...\Opera 24.0.1558.61) (Version: 24.0.1558.61 - Opera Software ASA)
PC Connectivity Solution (HKLM\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia)
Pdf995 (HKLM\...\Pdf995) (Version: - )
Prezi Desktop (HKLM\...\{7FAE73A4-F0BC-4B65-81CF-52C417383407}) (Version: 4.7.5 - Prezi.com)
Realtek 8136 8168 8169 Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5892 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
Rescue and Recovery (HKLM\...\{B383F243-0ABC-4E56-AA30-923B8D85076E}) (Version: 4.30.0025.00 - Lenovo Group Limited)
Riot plugin (HKLM\...\Riot-plugin) (Version: - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Central Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Central Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Central Core (Version: 3.8.0 - Roxio) Hidden
Roxio Central Data (Version: 3.8.0 - Roxio) Hidden
Roxio Central Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Small Business Edition (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Small Business Edition (Version: 10.3.081 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 8.1.0.0 - Hewlett-Packard) Hidden
Screencast-O-Matic (HKCU\...\Screencast-O-Matic) (Version: - Screencast-O-Matic)
Self-service Plug-in (Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Sigil 0.7.4 (HKLM\...\Sigil_is1) (Version: - John Schember)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SolutionCenter (Version: 82.0.188.000 - Hewlett-Packard) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
Sonic Icons for Lenovo (HKLM\...\{B334D9AE-1393-423E-97C0-3BDC3360E692}) (Version: 2.0.0 - Lenovo)
Status (Version: 82.0.173.000 - Hewlett-Packard) Hidden
System Update (HKLM\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.00.0007 - Lenovo)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
ThinkPad FullScreen Magnifier (HKLM\...\ThinkPad FullScreen Magnifier) (Version: 2.07 - )
ThinkPad Power Manager (HKLM\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.04 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.7 - )
ThinkPad UltraNav Utility (HKLM\...\{17CBC505-D1AE-459D-B445-3D2000A85842}) (Version: 2.11 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.70 - Lenovo)
TogglDesktop (HKLM\...\{576C82D0-5AC0-44FD-900E-2E765D3AA0CE}) (Version: 7.1.61 - Toggl)
Toolbox (Version: 82.0.173.000 - Hewlett-Packard) Hidden
TouchFreeze (HKLM\...\{9C9744E5-2BB7-4042-BD1C-8A339480A08C}) (Version: 1.1.0 - Ivan Zhakov)
TrayApp (Version: 82.0.188.000 - Hewlett-Packard) Hidden
UnloadSupport (Version: 1.00.0000 - Hewlett-Packard) Hidden
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
WebReg (Version: 82.0.173.000 - Hewlett-Packard) Hidden
Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (HKLM\...\112AA64E0C8CC704E307FE914F7DEC1C0035598E) (Version: 08/18/2009 1.55 - Lenovo)
Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia)
Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892) (HKLM\...\8FE0BAC9C97DE6D9A2B7BB6B689E7F9460D0624B) (Version: 07/10/2009 6.0.1.5892 - Realtek Semiconductor Corp.)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM\...\{9422C8EA-B0C6-4197-B8FC-DC797658CA00}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Upload Tool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 5.00 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{32E26FD9-F435-4A20-A561-35D4B987CFDC}\InprocServer32 -> C:\ProgramData\WebEx\WebEx\1326\atucfobj.dll (Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File

==================== Restore Points =========================

10-09-2014 15:48:02 Windows Modules Installer
11-09-2014 08:57:23 Windows Update
11-09-2014 09:14:36 Windows Modules Installer
11-09-2014 11:00:48 Installed TogglDesktop
11-09-2014 16:16:45 Windows Modules Installer
13-09-2014 15:05:07 Windows Modules Installer
13-09-2014 16:15:44 Windows Modules Installer
14-09-2014 14:13:22 Windows Modules Installer
14-09-2014 14:44:00 Windows Modules Installer
15-09-2014 11:49:20 Windows Update
15-09-2014 12:11:14 Windows Update
16-09-2014 16:08:31 Before Running Malwarebytes Anti-Rootkit
17-09-2014 18:56:24 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2014-09-17 09:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {06E5789D-3A83-4A0F-9737-E24BEA1D1A0A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
Task: {11BB3376-DE67-40A2-9CA4-503F01E73D41} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {17F9A9AE-D9A9-471E-BEE1-98B30AA4DEC7} - System32\Tasks\Opera scheduled Autoupdate 1395521132 => C:\Program Files\Opera\launcher.exe [2014-09-12] (Opera Software)
Task: {23017711-ECB8-4A8C-A7D4-4A09DDB7CECF} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {29085123-C52E-44BB-BEBC-3C62DAF7FE4F} - System32\Tasks\TVT\UpdateRnR => %TVTCOMMON%\Scheduler\tvtsetsched.exe
Task: {2FCE8699-2FFB-4C3D-A304-9FB55AA13528} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {556C1E1B-DDE0-443C-9720-3D993BDFE4C3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {6A354830-BD2C-43C3-99F7-3877B46E75F1} - System32\Tasks\PMTask => C:\Program Files\ThinkPad\Utilities\PWMIDTSV.EXE [2009-08-23] (Lenovo Group Limited)
Task: {7ABC23A6-47B1-430D-A7FE-96C53919A522} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-10] ()
Task: {7F07610D-EEEA-483D-AC7A-C90DFF5C4FE7} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe [2009-08-26] (PC-Doctor, Inc.)
Task: {803FD5F9-825D-440A-8F3B-40D48A69BD8E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {881908B5-4B1B-493C-A51E-927C764996CF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-19] (Google Inc.)
Task: {BEA2EBD9-35BC-4E2D-86B1-EB64C7D96B36} - System32\Tasks\TVT\ChangePWD => %RR%\rrcmd.exe
Task: {C30327C2-29BB-4A82-9100-DF2951713EDD} - System32\Tasks\TVT\LaunchRnR => %RR%\rrcmd.exe
Task: {DDE4EE10-7BDC-44AE-93FC-67381EA60F9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-08] (Google Inc.)
Task: {DE03B19A-F82B-46B1-9713-7C96507D5921} - System32\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007 => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe [2014-09-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {E0A4D119-7E9F-4AAB-B4E7-D274C82B197B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {F4FB241F-7F8C-44DC-9879-13AC570D84DE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {FCEA86FB-1D72-47AD-8130-97C64829B48F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1345319095-2320924753-3983188208-1007.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Citrix\GoToMeeting\1669\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007Core.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1345319095-2320924753-3983188208-1007UA.job => C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\pcdr5cuiw32.exe

==================== Loaded Modules (whitelisted) =============

2013-10-29 12:17 - 2013-12-06 14:47 - 00051716 _____ () C:\Windows\System32\pdf995mon.dll
2014-08-01 14:21 - 2014-08-01 14:21 - 00392712 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
2009-02-05 18:38 - 2009-02-05 18:38 - 00462848 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWService.exe
2009-02-05 18:37 - 2009-02-05 18:37 - 00225280 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWpsm.dll
2009-02-05 18:37 - 2009-02-05 18:37 - 00086016 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWlog.dll
2009-02-05 18:37 - 2009-02-05 18:37 - 00299008 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWdcp.dll
2009-02-05 18:37 - 2009-02-05 18:37 - 00118784 _____ () C:\Program Files\Generic\Network Printer Wizard\NPWuntp.dll
2009-05-28 06:09 - 2009-05-28 06:09 - 00049976 ____N () C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
2014-09-18 17:18 - 2014-09-18 17:18 - 00043008 _____ () c:\users\mikeba~1.wil\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Mike Bailey.WilliamBailey\AppData\Roaming\Dropbox\bin\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: Launch Backup Service Once => C:\Program Files\Lenovo\Rescue and Recovery\rrstrigger.exe -start
MSCONFIG\startupreg: LENOVO.TPFNF6R => C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
MSCONFIG\startupreg: PWMTRV => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
MSCONFIG\startupreg: Redirector => "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup

==================== Faulty Device Manager Devices =============

Name: MpKsla730720c
Description: MpKsla730720c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsla730720c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================
Error: (09/10/2014 11:20:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 48831 seconds with 840 seconds of active time. This session ended with a crash.

Error: (09/04/2014 10:16:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91786 seconds with 4620 seconds of active time. This session ended with a crash.

Error: (07/25/2014 02:08:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 87298 seconds with 5520 seconds of active time. This session ended with a crash.

Error: (07/02/2014 07:55:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5458 seconds with 120 seconds of active time. This session ended with a crash.

Error: (06/13/2014 11:08:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/07/2014 03:52:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 38 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/29/2014 11:13:25 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/08/2014 09:41:48 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/12/2014 10:29:02 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 43626 seconds with 8880 seconds of active time. This session ended with a crash.

Error: (02/12/2014 00:08:28 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26 seconds with 0 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz
Percentage of memory in use: 47%
Total physical RAM: 1912.86 MB
Available physical RAM: 1009.26 MB
Total Pagefile: 3825.73 MB
Available Pagefile: 2768.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.96 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:287.15 GB) (Free:176.84 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 8025E607)
Partition 1: (Active) - (Size=1.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=287.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[GK-Mike]

Waiting on your next instruction
Thanks - Mike

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[GK-Mike]

Thanks Broni. Here's the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Mike Bailey at 2014-09-19 09:51:04 Run:1
Running from C:\Users\Mike Bailey.WilliamBailey\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 catchme; \??\C:\Users\MIKEBA~1.WIL\AppData\Local\Temp\catchme.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S1 MpKsla730720c; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{86E64500-17EE-42C8-A044-191E8BBD78C5}\MpKsla730720c.sys [X]
S3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
S3 PCDSRVC{C4B36920-79E24793-06000000}_0; \??\c:\progra~1\pc-doc~1\pcdsrvc.pkms [X]
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mike Bailey.WilliamBailey\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
AlternateDataStreams: C:\ProgramData\TEMP:58A5270D

*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
"HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
catchme => Service deleted successfully.
EST_BusEnum => Service deleted successfully.
MpKsla730720c => Service deleted successfully.
PCDSRVC{3037D694-FD904ACA-06000000}_0 => Service deleted successfully.
PCDSRVC{C4B36920-79E24793-06000000}_0 => Service deleted successfully.
"C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp_t94_m.dll" => File/Directory not found.
C:\Users\Mike Bailey.WilliamBailey\AppData\Local\temp\Quarantine.exe => Moved successfully.
"HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}" => Key deleted successfully.
"HKU\S-1-5-21-1345319095-2320924753-3983188208-1007_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
C:\ProgramData\TEMP => ":58A5270D" ADS removed successfully.

==== End of Fixlog ====

 

[GK-Mike]

BTW, PC seems to be running trouble-free now. No instances of pop-ups although I've deliberately left the browser open to see what happened.
Too early to decide if the CPU-usage spikes are still there, but no problems with this so far.
Thanks - Mike

 

[Broni]

Very good

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Internet Explorer users - Click on this link to open ESET OnlineScan.
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    [/LIST]
    [*]Check [I]"YES, I accept the Terms of Use."[/I]
    [*]Click the [b]Start[/b] button.
    [*]Accept any security warnings from your browser.[/*]
    [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
    [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
    Do NOT checkmark [I]"Use custom proxy settings"[/I]
    [*]Click the [b]Start[/b] button.
    [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    [*]When the scan completes, click [b]List Threats[/b][/*]
    [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    [*]Click the [b]Back[/b] button.
    [*]Click the [b]Finish[/b] button.
    [/LIST]

 

[GK-Mike]

Thanks Broni
Here are the logs:

Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 14.0.0.179
Adobe Reader XI
Mozilla Firefox (28.0)
Mozilla Thunderbird (24.5.0)
Google Chrome 37.0.2062.103
Google Chrome 37.0.2062.120
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

[GK-Mike]

... and the FSS log:

Farbar Service Scanner Version: 21-07-2014
Ran by Mike Bailey (administrator) on 20-09-2014 at 16:01:00
Running from "C:\Users\Mike Bailey.WilliamBailey\Desktop"
Microsoft Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****