TechSpot

Mfplat.dll, SyncToy, and WIN7 Index fail

Inactive
By EyeSore
Sep 1, 2014
  1. Hello,

    I have been using TechSpot forum posts to help clean up my WIN7 PC. Some progress was made but here is what may still be malware related:

    1) sfc /scannow
    Produces errors:

    Cannot repair member file [l:20{10}]"mfplat.dll" of Microsoft-Windows-MFPlat, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

    Cannot repair member file [l:42{21}]"CntrtextInstaller.dll" of Microsoft-Windows-ServicingStack, Version = 6.1.7601.17592, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

    2) A cold boot (no power to main board) corrupts my WIN7 index file. Event View shows:

    The gatherer is unable to read the registry URL.

    Context: Application, SystemIndex Catalog

    Details:

    (HRESULT : 0x0) (0x00000000)

    ====

    The application cannot be initialized.

    Context: Windows Application

    Details:

    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    ====

    The Windows Search service failed to start due to the following error:

    The service did not respond to the start or control request in a timely fashion.

    ====

    A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

    ====

    The index cannot be initialized.

    Details:

    The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

    ====

    The Windows Search service terminated with service-specific error %%-2147218173.

    ====

    The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    =====

    The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.

    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    ====

    The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


    Details:

    The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

    3) SyncToy does not work reliably.
    It finds untouched files that it wants to delete.

    4) I have run many virus checkers; memtest86 finds no error; Hard disk checks pass.

    I) Old logs have been saved. First run of Malwarebytes Anti-Malware ==

    Registry Values: 4

    PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7e8a1050-cf67-4575-92df-dcc60e7d952d}, Quarantined, [0816616c1a615dd9401be395bf4356aa],

    PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7E8A1050-CF67-4575-92DF-DCC60E7D952D}, SweetPacks Toolbar, Quarantined, [0816616c1a615dd9401be395bf4356aa]

    PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7E8A1050-CF67-4575-92DF-DCC60E7D952D}, Quarantined, [0816616c1a615dd9401be395bf4356aa],

    PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7e8a1050-cf67-4575-92df-dcc60e7d952d}, Quarantined, [7ca2fad3304b41f5bd9e6e0a1fe322de],


    Registry Data: 2

    Broken.OpenCommand, HKCR\scrfile\shell\open\command, NOTEPAD.EXE Good: ("Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]" /S), %4, %5

    Broken.OpenCommand, HKCR\regfile\shell\open\command, NOTEPAD.EXE Good: (regedit.exe "Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]"), %4, %5


    Folders: 0

    (No malicious items detected)

    Files: 3

    PUP.Optional.OpenCandy, C:\Users\Fred\Desktop\FreeFileSync_6.8_Windows_Setup.exe, Quarantined, [36e8a825accf340272a0fd0f768fc23e],

    PUP.Optional.Conduit.A, C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.conduit.com/ResultsEx...earchSource=2&CUI=UN46422662120452130&UM=2&q=");), Replaced,[3be309c45c1ff83e4bb5ee2b877e58a8]

    PUP.Optional.Conduit.A, C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsEx...120452130&UM=2&SearchSource=3&q={searchTerms}");), Replaced,[f22c498489f2023416fdb1685aab8878]


    ii) Latest run ==

    Malwarebytes Anti-Malware

    www.malwarebytes.org



    Scan Date: 2014-09-01

    Scan Time: 4:22:01 PM

    Logfile: Malwarebutes 2014-09-01.txt

    Administrator: Yes


    Version: 2.00.2.1012

    Malware Database: v2014.09.01.08

    Rootkit Database: v2014.08.21.01

    License: Trial

    Malware Protection: Enabled

    Malicious Website Protection: Enabled

    Self-protection: Disabled


    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Fred


    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 498085

    Time Elapsed: 7 min, 48 sec


    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled


    Processes: 0

    (No malicious items detected)


    Modules: 0

    (No malicious items detected)


    Registry Keys: 0

    (No malicious items detected)



    Registry Values: 0

    (No malicious items detected)



    Registry Data: 0

    (No malicious items detected)



    Folders: 0

    (No malicious items detected)



    Files: 0

    (No malicious items detected)



    Physical Sectors: 0

    (No malicious items detected)



    (end)



    =====================

    iii) DDS was run, ComboFix, Rkill, AdwCleaner, JRT, …


    5) The PC seems to work otherwise.


    What do you recommend I try next?

    Thanks.
     
  2. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Hi Broni, Thanks for your help.



    Malwarebytes Anti-Malware

    www.malwarebytes.org



    Scan Date: 2014-09-01

    Scan Time: 4:22:01 PM

    Logfile: Malwarebutes 2014-09-01.txt

    Administrator: Yes



    Version: 2.00.2.1012

    Malware Database: v2014.09.01.08

    Rootkit Database: v2014.08.21.01

    License: Trial

    Malware Protection: Enabled

    Malicious Website Protection: Enabled

    Self-protection: Disabled



    OS: Windows 7 Service Pack 1

    CPU: x64

    File System: NTFS

    User: Fred



    Scan Type: Threat Scan

    Result: Completed

    Objects Scanned: 498085

    Time Elapsed: 7 min, 48 sec



    Memory: Enabled

    Startup: Enabled

    Filesystem: Enabled

    Archives: Enabled

    Rootkits: Disabled

    Heuristics: Enabled

    PUP: Enabled

    PUM: Enabled



    Processes: 0

    (No malicious items detected)



    Modules: 0

    (No malicious items detected)



    Registry Keys: 0

    (No malicious items detected)



    Registry Values: 0

    (No malicious items detected)



    Registry Data: 0

    (No malicious items detected)



    Folders: 0

    (No malicious items detected)



    Files: 0

    (No malicious items detected)



    Physical Sectors: 0

    (No malicious items detected)





    (end)



    =================

    ***Opening up log file from history tab results in the same information as above.

    =================

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Ultimate

    Boot Device: \Device\HarddiskVolume1

    Install Date: 2011-05-16 11:20:16 PM

    System Uptime: 2014-09-01 4:51:54 PM (4 hours ago)

    .

    Motherboard: ASUSTeK Computer INC. | | P5Q-PRO

    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz

    .

    ==== Disk Partitions =========================

    .

    A: is Removable

    C: is FIXED (NTFS) - 447 GiB total, 146.811 GiB free.

    D: is FIXED (NTFS) - 1863 GiB total, 370.552 GiB free.

    E: is FIXED (NTFS) - 1863 GiB total, 1595.001 GiB free.

    F: is CDROM ()

    I: is Removable

    .

    ==== Disabled Device Manager Items =============

    .

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

    Description: ASUS PCE-N15 11n Wireless LAN PCI-E Card

    Device ID: PCI\VEN_10EC&DEV_8178&SUBSYS_84B61043&REV_01\4&298F2D5&0&00E0

    Manufacturer: ASUSTeK Computer Inc.

    Name: ASUS PCE-N15 11n Wireless LAN PCI-E Card

    PNP Device ID: PCI\VEN_10EC&DEV_8178&SUBSYS_84B61043&REV_01\4&298F2D5&0&00E0

    Service: RTL8192Ce

    .

    ==== System Restore Points ===================

    .

    RP1218: 2014-08-24 6:00:10 PM - Windows Backup

    RP1219: 2014-08-25 7:16:54 AM - Windows Update

    RP1220: 2014-08-25 3:00:14 PM - System Stable

    RP1221: 2014-08-25 9:31:20 PM - SQL and SyncToy repairs

    RP1222: 2014-08-25 9:32:03 PM - Installed Microsoft Sync Framework 2.0 SDK (x64) ENU

    RP1223: 2014-08-26 6:00:09 PM - Windows Backup

    RP1224: 2014-08-28 8:18:57 AM - Windows Update

    RP1225: 2014-08-28 1:58:44 PM - Windows Update

    RP1226: 2014-08-28 6:00:28 PM - Windows Backup

    RP1227: 2014-08-30 1:04:30 PM - Before Akamai ASUS

    RP1228: 2014-08-30 4:40:19 PM - Removed SyncToy 2.1 (x64)

    RP1229: 2014-08-30 6:00:10 PM - Windows Backup

    RP1230: 2014-08-31 8:39:13 AM - before antivirus round2

    RP1231: 2014-08-31 9:14:33 AM - Before DDS after malwareBytes

    RP1232: 2014-08-31 9:42:41 AM - TDSSKiller next

    RP1233: 2014-08-31 9:47:48 AM - Before MBRCheck

    RP1234: 2014-08-31 9:52:37 AM - combofix

    RP1235: 2014-08-31 10:36:19 AM - OTL Restore Point - 2014-08-31 10:36:19 AM

    RP1236: 2014-08-31 5:21:07 PM - After Virus Cleanup vefore OTL clean with out Restore point del

    RP1237: 2014-08-31 6:43:36 PM - after cleanup

    RP1238: 2014-08-31 7:04:20 PM - Installed Adobe Flash Player 14 ActiveX.

    RP1239: 2014-08-31 7:17:53 PM - chrome

    RP1240: 2014-08-31 8:26:12 PM - Acrobat working

    RP1241: 2014-08-31 8:42:41 PM - Removed iTunes

    RP1242: 2014-08-31 8:48:07 PM - Installed Java 7 Update 65

    RP1243: 2014-08-31 9:04:05 PM - photoshop

    RP1244: 2014-09-01 10:14:54 AM - Windows Update

    RP1245: 2014-09-01 11:41:06 AM - AdwCleaner

    RP1246: 2014-09-01 3:45:27 PM - MSFT Malicious removal tool and offce SP3 and IE11

    RP1247: 2014-09-01 4:06:26 PM - FRST64

    RP1248: 2014-09-01 6:00:11 PM - Windows Backup

    .

    ==== Installed Programs ======================

    .

    Update for Microsoft Office 2007 (KB2508958)

    7-Zip 9.20 (x64 edition)

    Acrobat X Suite

    Acronis True Image Home 2012

    Adobe Acrobat X Pro - English, Français, Deutsch

    Adobe AIR

    Adobe Captivate Quiz Results Analyzer

    Adobe Captivate Reviewer

    Adobe Community Help

    Adobe Flash Player 14 ActiveX

    Adobe Flash Player 14 Plugin

    Adobe Media Player

    Adobe PDF iFilter 9 for 64-bit platforms

    Adobe Photoshop Lightroom 3.6 64-bit

    Adobe Presenter 7

    Agilent B2900A Quick IV Measurement Software

    Agilent BenchVue

    Agilent Communications Fabric

    Agilent Firmware Update Utility Type 2

    Agilent IO Libraries Suite 16.3 Update 2

    Agilent IO Libraries Suite 64-bit

    Agilent LXI Mdns Responder 64bit

    AI Suite

    Akamai NetSession Interface

    Amazon Kindle

    Apple Application Support

    Apple Software Update

    ASUSUpdate

    Atmel Software Framework

    Atmel Studio 6.0

    Atmel USB

    Bonjour

    Brother BRAdmin Light 1.21.0001

    Brother MFL-Pro Suite MFC-9560CDW

    Brother P-touch Editor 5.1

    Brother P-touch Editor Label Collection - Calendar #1 [ENU]

    Brother P-touch Editor Label Collection - Caution

    Brother P-touch Editor Label Collection - Christmas [ENU]

    Brother P-touch Editor Label Collection - Eco

    Brother P-touch Editor Label Collection - Facility #1 [ENU]

    Brother P-touch Editor Label Collection - Files

    Brother P-touch Editor Label Collection - Halloween [ENU]

    Brother P-touch Editor Label Collection - Holiday #1 [ENU]

    Brother P-touch Editor Label Collection - Office Signage

    Brother P-touch Editor Label Collection - Personal

    Brother P-touch Editor Label Collection - Personal #3 [ENU]

    Brother P-touch Editor Label Collection - Personal Files [ENU]

    Brother P-touch Editor Label Collection - Retail

    Brother P-touch Editor Label Collection - Retail #3 [ENU]

    Brother P-touch Editor Label Collection - Retail #4 [ENU]

    Brother P-touch Editor Label Collection - Shipping

    Brother P-touch Editor Label Collection - Spices [ENU]

    Brother P-touch Editor Label Collection - Valentine's Day [ENU]

    Brother P-touch Update Software

    Cadence Allegro Free Physical Viewers 16.6

    CCleaner

    Cisco WebEx Meeting Center for Firefox or Chrome

    Cisco WebEx Meetings

    CiscoVirtualCom(x64)

    D3DX10

    Defraggler

    Dropbox

    dsdminst

    eReg

    EVGA OC Scanner X 2.2.2

    Fuze Meeting

    Google Chrome

    Google Drive

    Google Earth

    Google Update Helper

    GoToMeeting 5.1.0.880

    HiJackThis

    Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971091)

    HP Virtual Room Client Launcher Plugin

    IAR Embedded Workbench for ARM

    ImgBurn

    iolo technologies' System Mechanic

    iPort Utility Pack V5.5.0

    iSEEK AnswerWorks English Runtime

    IVI Shared Component 64-bit

    IVI Shared Components 2.2.1

    Java 7 Update 65

    Java 7 Update 65 (64-bit)

    JLink OB CDC Driver Package

    Junk Mail filter update

    Libero SoC v10.1

    Logitech SetPoint 6.65

    Logitech Unifying Software 2.50

    LTspice IV

    Malwarebytes Anti-Malware version 2.0.2.1012

    Mesh Runtime

    Messenger Companion

    Microsoft .NET Framework 4 Multi-Targeting Pack

    Microsoft .NET Framework 4.5.1

    Microsoft Access database engine 2010 (English)

    Microsoft Application Error Reporting

    Microsoft Document Explorer 2008

    Microsoft Help Viewer 1.1

    Microsoft Mathematics (64-bit)

    Microsoft Mathematics Add-in (32-bit)

    Microsoft Office 2007 Service Pack 3 (SP3)

    Microsoft Office Access MUI (English) 2007

    Microsoft Office Access Setup Metadata MUI (English) 2007

    Microsoft Office Excel MUI (English) 2007

    Microsoft Office File Validation Add-In

    Microsoft Office Groove MUI (English) 2007

    Microsoft Office Groove Setup Metadata MUI (English) 2007

    Microsoft Office InfoPath MUI (English) 2007

    Microsoft Office Office 64-bit Components 2007

    Microsoft Office OneNote MUI (English) 2007

    Microsoft Office Outlook Connector

    Microsoft Office Outlook MUI (English) 2007

    Microsoft Office PowerPoint MUI (English) 2007

    Microsoft Office Proof (English) 2007

    Microsoft Office Proof (French) 2007

    Microsoft Office Proof (Spanish) 2007

    Microsoft Office Proofing (English) 2007

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    Microsoft Office Publisher MUI (English) 2007

    Microsoft Office Shared 64-bit MUI (English) 2007

    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

    Microsoft Office Shared MUI (English) 2007

    Microsoft Office Shared Setup Metadata MUI (English) 2007

    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

    Microsoft Office Ultimate 2007

    Microsoft Office Visio 2007 Service Pack 3 (SP3)

    Microsoft Office Visio MUI (English) 2007

    Microsoft Office Visio Professional 2007

    Microsoft Office Visual Web Developer 2007

    Microsoft Office Visual Web Developer MUI (English) 2007

    Microsoft Office Word MUI (English) 2007

    Microsoft Security Client

    Microsoft Security Essentials

    Microsoft SQL Server 2005

    Microsoft SQL Server 2005 Compact Edition [ENU]

    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

    Microsoft SQL Server 2005 Tools Express Edition

    Microsoft SQL Server 2008 R2 Management Objects

    Microsoft SQL Server Compact 3.5 Design Tools ENU

    Microsoft SQL Server Compact 3.5 ENU

    Microsoft SQL Server Database Publishing Wizard 1.2

    Microsoft SQL Server Native Client

    Microsoft SQL Server Setup Support Files (English)

    Microsoft SQL Server System CLR Types

    Microsoft SQL Server VSS Writer

    Microsoft Sync Framework 2.0 Core Components (x64) ENU

    Microsoft Sync Framework 2.0 Provider Services (x64) ENU

    Microsoft Sync Framework 2.0 SDK (x64) ENU

    Microsoft Visual C++ 2005 Redistributable

    Microsoft Visual C++ 2005 Redistributable (x64)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

    Microsoft Visual Studio 2008 Standard Edition - ENU

    Microsoft Visual Studio 2010 Service Pack 1

    Microsoft Visual Studio 2010 Shell (Isolated) - ENU

    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

    Microsoft Visual Studio Web Authoring Component

    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

    Microsoft Windows SDK for Visual Studio 2008 Tools

    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

    Microsoft_VC80_ATL_x86

    Microsoft_VC80_ATL_x86_x64

    Microsoft_VC80_CRT_x86

    Microsoft_VC80_CRT_x86_x64

    Microsoft_VC80_MFC_x86

    Microsoft_VC80_MFC_x86_x64

    Microsoft_VC80_MFCLOC_x86

    Microsoft_VC80_MFCLOC_x86_x64

    Microsoft_VC90_ATL_x86

    Microsoft_VC90_ATL_x86_x64

    Microsoft_VC90_CRT_x86

    Microsoft_VC90_CRT_x86_x64

    Microsoft_VC90_MFC_x86

    Microsoft_VC90_MFC_x86_x64

    Microsoft_VC90_MFCLOC_x86

    Mindjet MindManager 2012

    Mozilla Firefox 31.0 (x86 en-US)

    Mozilla Maintenance Service

    MSVCRT

    MSVCRT_amd64

    MSXML 4.0 SP2 (KB954430)

    MSXML 4.0 SP2 (KB973688)

    MSXML 4.0 SP3 Parser

    MSXML 4.0 SP3 Parser (KB2721691)

    MSXML 4.0 SP3 Parser (KB2758694)

    MSXML 4.0 SP3 Parser (KB973685)

    MyPhoneExplorer

    Nikon Message Center 2

    Nikon Movie Editor

    NirSoft NK2Edit

    Notepad++

    Nuance PaperPort 12

    Nuance PDF Viewer Plus

    NVIDIA 3D Vision Controller Driver 335.21

    NVIDIA 3D Vision Driver 331.65

    NVIDIA Control Panel 331.65

    NVIDIA Graphics Driver 331.65

    NVIDIA HD Audio Driver 1.3.30.1

    NVIDIA Install Application

    NVIDIA PhysX

    NVIDIA PhysX System Software 9.13.1220

    NVIDIA Stereoscopic 3D Driver

    P&E Multilink Universal

    PaperPort Image Printer 64-bit

    PC Probe II

    PDF-XChange 3

    PDF Settings CS5

    Picture Control Utility

    Picture Control Utility x64

    PL-2303 USB-to-Serial

    PuTTY development snapshot 2014-09-01:r10214

    PVSonyDll

    Python 3.4 pyserial-2.7

    Python 3.4.0 (64-bit)

    Quicken 2011

    QuickTime

    Recuva

    SAMSUNG USB Driver for Mobile Phones

    Scansoft PDF Professional

    SeaTools for Windows

    Secunia PSI (3.0.0.9016)

    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition

    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition

    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition

    Security Update for Microsoft Office system 2007 (KB974234)

    Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition

    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition

    Sentinel Protection Installer 7.6.3

    Speccy

    SuperNZB v4.0.6

    TiVo Desktop 2.8.2

    TrueCrypt

    TurboTax 2013

    TurboTax 2013 wcaiper

    TurboTax 2013 WinPerFedFormset

    TurboTax 2013 WinPerReleaseEngine

    TurboTax 2013 WinPerTaxSupport

    TurboTax 2013 wrapper

    Update for 2007 Microsoft Office System (KB967642)

    Update for Microsoft Office 2007 Help for Common Features (KB963673)

    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

    Update for Microsoft Office 2007 System (KB2539530)

    Update for Microsoft Office Access 2007 Help (KB963663)

    Update for Microsoft Office Excel 2007 Help (KB963678)

    Update for Microsoft Office Infopath 2007 Help (KB963662)

    Update for Microsoft Office OneNote 2007 Help (KB963670)

    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

    Update for Microsoft Office Outlook 2007 Help (KB963677)

    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition

    Update for Microsoft Office Powerpoint 2007 Help (KB963669)

    Update for Microsoft Office Publisher 2007 Help (KB963667)

    Update for Microsoft Office Script Editor Help (KB963671)

    Update for Microsoft Office Visio 2007 Help (KB963666)

    Update for Microsoft Office Word 2007 Help (KB963665)

    Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221)

    USB ACF Modem

    VC Runtimes MSI

    ViewNX 2

    VISA Shared Components 64-Bit

    Visual Studio .NET Prerequisites - English

    Wacom Tablet

    WebTablet IE Plugin

    WebTablet Netscape Plugin

    Windows Driver Package - Actel Corporation (FP3B-CYUSB) USB (03/30/2010 1.0.0.1)

    Windows Driver Package - Actel Corporation (FP4-CYUSB) USB (03/30/2010 1.0.0.1)

    Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05)

    Windows Driver Package - Segger (jlink_ob_x64) USB (03/13/2012 2.6.6.2)

    Windows Driver Package - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4)

    Windows Live Communications Platform

    Windows Live Essentials

    Windows Live Family Safety

    Windows Live ID Sign-in Assistant

    Windows Live Installer

    Windows Live Language Selector

    Windows Live Mail

    Windows Live Mesh

    Windows Live Mesh ActiveX Control for Remote Connections

    Windows Live Messenger

    Windows Live Messenger Companion Core

    Windows Live MIME IFilter

    Windows Live Movie Maker

    Windows Live Photo Common

    Windows Live Photo Gallery

    Windows Live PIMT Platform

    Windows Live Remote Client

    Windows Live Remote Client Resources

    Windows Live Remote Service

    Windows Live Remote Service Resources

    Windows Live SOXE

    Windows Live SOXE Definitions

    Windows Live UX Platform

    Windows Live UX Platform Language Pack

    Windows Live Writer

    Windows Live Writer Resources

    Windows XP Mode

    WinPcap 4.1.3

    Wireshark 1.12.0 (64-bit)

    .

    ==== Event Viewer Messages From Past Week ========

    .

    2014-09-01 4:18:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    2014-09-01 4:18:45 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

    .

    ==== End Of File ===========================

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 9.0.8112.16555 BrowserJavaVersion: 10.65.2

    Run by Fred at 20:19:30 on 2014-09-01

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5725 [GMT -7:00]

    .

    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    .

    ============== Running Processes ===============

    .

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k RPCSS

    c:\Program Files\Microsoft Security Client\MsMpEng.exe

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\SYSTEM32\WISPTIS.EXE

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\System32\spoolsv.exe

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\system32\svchost.exe -k AcfXAudioService

    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

    C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe

    C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe

    C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

    C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

    C:\Program Files (x86)\Secunia\PSI\PSIA.exe

    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    C:\Windows\system32\svchost.exe -k imgsvc

    C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

    C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe

    C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe

    C:\Windows\system32\taskhost.exe

    C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Microsoft Security Client\msseces.exe

    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

    C:\Program Files\Windows Sidebar\sidebar.exe

    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

    C:\Program Files\Logitech\SetPointP\SetPoint.exe

    C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe

    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

    C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

    C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

    C:\Windows\system32\taskeng.exe

    C:\Windows\SYSTEM32\WISPTIS.EXE

    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

    C:\Windows\system32\taskeng.exe

    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

    C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe

    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

    C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

    C:\Program Files (x86)\Browny02\BrYNSvc.exe

    C:\Windows\System32\WUDFHost.exe

    C:\Program Files (x86)\Secunia\PSI\sua.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Windows\System32\svchost.exe -k LocalServicePeerNet

    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

    C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

    C:\Windows\sysWow64\SearchProtocolHost.exe

    C:\Windows\splwow64.exe

    C:\Windows\system32\svchost.exe -k SDRSVC

    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = hxxp://www.bing.com/

    BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

    mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

    mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

    mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

    mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

    StartupFolder: C:\Users\Fred\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SetPoint.lnk - C:\Program Files\Logitech\SetPointP\SetPoint.exe

    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDrives = dword:0

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableLUA = dword:0

    mPolicies-System: EnableUIADesktopToggle = dword:0

    mPolicies-System: PromptOnSecureDesktop = dword:0

    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

    DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

    DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} - hxxps://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

    TCP: NameServer = 192.168.1.254

    TCP: Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} : DHCPNameServer = 172.27.35.1 192.168.1.1

    TCP: Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9}\D4F63737C416E64696E676 : DHCPNameServer = 172.27.35.1 192.168.1.1

    TCP: Interfaces\{E85B1010-51EC-4612-B0B6-45D69A433BED} : DHCPNameServer = 192.168.1.254

    TCP: Interfaces\{F028D76E-22FC-4F33-B2EC-D4F62E648F0D} : DHCPNameServer = 192.168.1.1

    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

    SSODL: WebCheck - <orphaned>

    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

    mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

    x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

    x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

    x64-SSODL: WebCheck - <orphaned>

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-23 137312]

    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]

    R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-5-12 211552]

    R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2013-6-9 146528]

    R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-10-26 30752]

    R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-28 32912]

    R2 AcfXAudioService;AcfXAudioService;C:\Windows\System32\svchost.exe -k AcfXAudioService [2009-7-13 27136]

    R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-9 3459024]

    R2 AgilentCommunicationsFabric;Agilent Communications Fabric;C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [2014-1-21 32072]

    R2 AgilentIOLibrariesService;Agilent IO Libraries Service;C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2013-11-14 82248]

    R2 AgtMdnsResponder;Agilent mDNS Responder Service;C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2012-5-26 426496]

    R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-8-26 4700872]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-31 1809720]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-31 860472]

    R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

    R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-8-15 82160]

    R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]

    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]

    R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-11-14 145448]

    R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-6-28 5915352]

    R3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2009-9-2 123008]

    R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-9 367200]

    R3 AgilentPXIResourceManager;Agilent PXI Resource Manager;C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2013-11-14 262984]

    R3 AgPciMem;AgPciMem;C:\Program Files\Agilent\IO Libraries Suite\agPcimem.sys [2013-11-14 15592]

    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-24 266240]

    R3 CiscoSerial;CiscoPort;C:\Windows\System32\drivers\CiscoUsbConsoleWindowsDriver64.sys [2009-10-16 95232]

    R3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2009-4-29 34944]

    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-18 77592]

    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-18 13080]

    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-31 25816]

    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-31 122584]

    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-31 63704]

    R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]

    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-21 48488]

    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]

    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]

    S3 PORTMON;PORTMON;C:\data\Utilities\Sysinternals\PORTMSYS.SYS [2014-7-3 28656]

    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-21 20992]

    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-6-29 1145960]

    S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2009-3-25 113704]

    S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2009-3-25 19496]

    S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2009-3-25 153128]

    S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2009-3-25 133160]

    S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2009-3-25 34856]

    S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2009-3-25 128552]

    S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2009-3-25 146472]

    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]

    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-21 59392]

    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

    S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-5-22 16384]

    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-17 1255736]

    S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-2-16 137232]

    S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]

    S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]

    S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

    S4 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2013-3-12 6438264]

    S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

    .

    =============== File Associations ===============

    .

    FileExt: .jse: JSEFile=NOTEPAD.EXE %1

    FileExt: .wsf: WSFFile=NOTEPAD.EXE %1

    .

    =============== Created Last 30 ================

    .

    2014-09-02 00:07:28 75888 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4191C800-F0B4-4397-A2F8-D7CE1ECC0F7C}\offreg.dll

    2014-09-02 00:07:06 11319192 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4191C800-F0B4-4397-A2F8-D7CE1ECC0F7C}\mpengine.dll

    2014-09-01 22:56:00 -------- d-----w-C:\Windows\ERUNT

    2014-09-01 18:42:28 536576 ----a-w-C:\Windows\SysWow64\sqlite3.dll

    2014-09-01 18:41:45 -------- d-----w-C:\AdwCleaner

    2014-09-01 03:48:24 98216 ----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

    2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

    2014-09-01 01:45:46 -------- d-----w-C:\Users\Fred\AppData\Local\Secunia PSI

    2014-09-01 01:45:37 -------- d-----w-C:\Program Files (x86)\Secunia

    2014-09-01 01:40:18 11319192 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2014-08-31 17:08:46 -------- d-sh--w- C:\$RECYCLE.BIN

    2014-08-31 15:46:01 122584 ----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys

    2014-08-31 15:45:26 91352 ----a-w-C:\Windows\System32\drivers\mbamchameleon.sys

    2014-08-31 15:45:26 63704 ----a-w-C:\Windows\System32\drivers\mwac.sys

    2014-08-31 15:45:26 25816 ----a-w-C:\Windows\System32\drivers\mbam.sys

    2014-08-31 15:45:26 -------- d-----w-C:\ProgramData\Malwarebytes

    2014-08-31 15:45:26 -------- d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-08-30 20:05:34 -------- d-----w-C:\Users\Fred\AppData\Local\Akamai

    2014-08-29 15:05:27 1169712 ------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5BC01DE-5AF0-44BD-AA2F-55209F16FBE5}\gapaengine.dll

    2014-08-28 13:52:16 404480 ----a-w-C:\Windows\System32\gdi32.dll

    2014-08-28 13:52:16 3163648 ----a-w-C:\Windows\System32\win32k.sys

    2014-08-28 13:52:16 311808 ----a-w-C:\Windows\SysWow64\gdi32.dll

    2014-08-27 04:34:49 2155152 ----a-w-C:\Windows\System32\Incinerator64.dll

    2014-08-16 01:10:26 2097984 ----a-w-C:\Windows\SysWow64\Incinerator32.dll

    2014-08-16 01:10:12 82160 ----a-w-C:\Windows\System32\drivers\PDFsFilter.sys

    2014-08-16 01:10:12 57584 ----a-w-C:\Windows\System32\iolobtdfg.exe

    2014-08-16 01:10:12 26184 ----a-w-C:\Windows\System32\smrgdf.exe

    2014-08-16 01:10:12 -------- d-----w-C:\ProgramData\ioloGovernor

    2014-08-16 01:10:11 -------- d-----w-C:\Users\Fred\AppData\Roaming\ioloGovernor

    2014-08-16 01:10:09 69000 ----a-w-C:\Windows\System32\offreg.dll

    2014-08-16 01:10:09 56200 ----a-w-C:\Windows\SysWow64\offreg.dll

    2014-08-16 01:10:06 -------- d-----w-C:\Program Files (x86)\iolo

    2014-08-16 01:06:01 74703 ----a-w-C:\Windows\SysWow64\mfc45.dat

    2014-08-16 01:06:01 -------- d-----w-C:\Users\Fred\AppData\Roaming\iolo

    2014-08-16 01:06:01 -------- d-----w-C:\ProgramData\iolo

    2014-08-15 04:24:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

    2014-08-15 04:18:30 99480 ----a-w-C:\Windows\SysWow64\infocardapi.dll

    2014-08-15 04:18:30 619672 ----a-w-C:\Windows\SysWow64\icardagt.exe

    2014-08-15 04:18:30 171160 ----a-w-C:\Windows\System32\infocardapi.dll

    2014-08-15 04:18:30 1389208 ----a-w-C:\Windows\System32\icardagt.exe

    2014-08-15 04:18:28 8856 ----a-w-C:\Windows\SysWow64\icardres.dll

    2014-08-15 04:18:28 8856 ----a-w-C:\Windows\System32\icardres.dll

    2014-08-15 04:18:17 35480 ----a-w-C:\Windows\SysWow64\TsWpfWrp.exe

    2014-08-15 04:18:17 35480 ----a-w-C:\Windows\System32\TsWpfWrp.exe

    2014-08-15 01:25:22 7168 ----a-w-C:\Windows\SysWow64\KBDYAK.DLL

    2014-08-15 01:25:22 7168 ----a-w-C:\Windows\System32\KBDYAK.DLL

    2014-08-15 01:25:22 7168 ----a-w-C:\Windows\System32\KBDBASH.DLL

    2014-08-15 01:25:22 6656 ----a-w-C:\Windows\SysWow64\KBDBASH.DLL

    2014-08-11 15:13:14 48656 ----a-w-C:\Windows\System32\drivers\asd2fsm.sys

    2014-08-11 15:13:13 -------- d-----w-C:\ProgramData\Anvisoft

    2014-08-11 15:13:10 -------- d-----w-C:\Program Files (x86)\Anvisoft

    2014-08-09 06:03:51 -------- d-----w-C:\ProgramData\Spybot - Search & Destroy

    2014-08-03 22:14:57 -------- d-----w-C:\MATS

    2014-08-03 09:54:28 188304 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

    .

    ==================== Find3M ====================

    .

    2014-09-01 02:04:45 71344 ----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

    2014-09-01 02:04:45 699568 ----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe

    2014-07-31 03:23:00 18960 ----a-w-C:\Windows\System32\drivers\LNonPnP.sys

    2014-07-28 18:29:09 111016 ----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll

    2014-07-16 03:23:41 2048 ----a-w-C:\Windows\System32\tzres.dll

    2014-07-16 02:46:02 2048 ----a-w-C:\Windows\SysWow64\tzres.dll

    2014-07-14 02:02:45 1216000 ----a-w-C:\Windows\System32\rpcrt4.dll

    2014-07-14 01:40:58 664064 ----a-w-C:\Windows\SysWow64\rpcrt4.dll

    2014-07-13 20:33:58 32912 ----a-w-C:\Windows\System32\drivers\rawdsk3.sys

    2014-06-16 02:10:19 985536 ----a-w-C:\Windows\System32\drivers\dxgkrnl.sys

    .

    ============= FINISH: 20:19:55.32 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  5. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Nothing found by MBAR. All logs follow:



    RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software

    mail : http://www.adlice.com/contact/

    Feedback : http://forum.adlice.com

    Website : https://www.adlice.com/softwares/roguekiller/

    Blog : http://www.adlice.com



    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

    Started in : Normal mode

    User : Fred [Admin rights]

    Mode : Remove -- Date : 09/01/2014 21:12:04



    ¤¤¤ Bad processes : 0 ¤¤¤



    ¤¤¤ Registry Entries : 39 ¤¤¤

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

    [PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

    [PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED

    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED

    [PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED

    [PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> NOT SELECTED

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> NOT SELECTED

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> NOT SELECTED

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> NOT SELECTED

    [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> NOT SELECTED

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> NOT SELECTED

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> NOT SELECTED

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> NOT SELECTED

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> NOT SELECTED

    [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> NOT SELECTED

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> NOT SELECTED

    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> NOT SELECTED

    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED



    ¤¤¤ Scheduled tasks : 0 ¤¤¤



    ¤¤¤ Files : 0 ¤¤¤



    ¤¤¤ HOSTS File : 1 ¤¤¤

    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost



    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤



    ¤¤¤ Web browsers : 0 ¤¤¤



    ¤¤¤ MBR Check : ¤¤¤

    +++++ PhysicalDrive0: WDC WD20EZRX-00DC0B0 ATA Device +++++

    --- User ---

    [MBR] 644ff445fc91eb1d73cee9f8a8d202cf

    [BSP] 15609027c25b2027dd8638a363dccd1b : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB

    User = LL1 ... OK

    User = LL2 ... OK



    +++++ PhysicalDrive1: ST32000542AS ATA Device +++++

    --- User ---

    [MBR] 73a4192c17468c8b3f77948e693f9a73

    [BSP] e0833ea19b169022a3fd30e8063b69fe : Windows XP MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB

    User = LL1 ... OK

    User = LL2 ... OK



    +++++ PhysicalDrive2: MKNSSDCR480GB-DX ATA Device +++++

    --- User ---

    [MBR] 776e1daf09d738089d2c5905500809a3

    [BSP] a9a810ea272c58751d44f7e05daf9e17 : Windows Vista/7/8 MBR Code

    Partition table:

    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 457761 MB

    User = LL1 ... OK

    User = LL2 ... OK



    +++++ PhysicalDrive3: Generic Ultra HS-SD/MMC USB Device +++++

    Error reading User MBR! ([15] The device is not ready. )

    Error reading LL1 MBR! NOT VALID!

    Error reading LL2 MBR! ([32] The request is not supported. )





    ============================================

    RKreport_SCN_09012014_211101.log



    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    www.malwarebytes.org



    Database version: v2014.09.02.02



    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 9.0.8112.16421

    Fred :: MOSSLANDING [administrator]



    2014-09-01 9:18:04 PM

    mbar-log-2014-09-01 (21-18-04).txt



    Scan type: Quick scan

    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

    Scan options disabled:

    Objects scanned: 500122

    Time elapsed: 6 minute(s), 46 second(s)



    Memory Processes Detected: 0

    (No malicious items detected)



    Memory Modules Detected: 0

    (No malicious items detected)



    Registry Keys Detected: 0

    (No malicious items detected)



    Registry Values Detected: 0

    (No malicious items detected)



    Registry Data Items Detected: 0

    (No malicious items detected)



    Folders Detected: 0

    (No malicious items detected)



    Files Detected: 0

    (No malicious items detected)



    Physical Sectors Detected: 0

    (No malicious items detected)



    (end)



    ---------------------------------------

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012



    (c) Malwarebytes Corporation 2011-2012



    OS version: 6.1.7601 Windows 7 Service Pack 1 x64



    Account is Administrative



    Internet Explorer version: 9.0.8112.16421



    File system is: NTFS

    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

    CPU speed: 3.166000 GHz

    Memory total: 8588939264, free: 4776030208



    Downloaded database version: v2014.09.02.02

    Downloaded database version: v2014.08.21.01

    Initializing...

    ======================

    Done!

    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

    Done!

    Drive 0

    Scanning MBR on drive 0...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 3FBADE9A



    Partition information:



    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 2048 Numsec = 3907024896



    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Disk Size: 2000398934016 bytes

    Sector size: 512 bytes



    Done!

    Drive 1

    Scanning MBR on drive 1...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 61394F6



    Partition information:



    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63 Numsec = 3907023659

    Partition file system is NTFS

    Partition is not bootable



    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Disk Size: 2000398934016 bytes

    Sector size: 512 bytes



    Done!

    Drive 2

    This is a System drive

    Scanning MBR on drive 2...

    Inspecting partition table:

    MBR Signature: 55AA

    Disk Signature: 1C3AFD17



    Partition information:



    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048 Numsec = 204800

    Partition file system is NTFS

    Partition is bootable



    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 206848 Numsec = 937494528



    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0 Numsec = 0



    Disk Size: 480103981056 bytes

    Sector size: 512 bytes



    Scanning physical sectors of unpartitioned space on drive 2 (1-2047-937683088-937703088)...

    Done!

    Scan finished

    =======================================





    Removal queue found; removal started

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-I.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-I.mbam...

    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...

    Removal finished
     
  6. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  7. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Hi Broni,



    Both programs were run. I was not 100% sure about your text near the end of your message. I was not sure what run your_name.exe meant. There was nothing created on my desktop like that. The first version of rKill ran.



    Note that Firefox is no longer not tied to links and that PDF icons are no longer valid.



    Thanks for helping



    ComboFix 14-08-31.01 - Fred 2014-09-02 17:04:13.2.2 - x64

    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5859 [GMT -7:00]

    Running from: c:\users\Fred\Desktop\ComboFix.exe

    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((( Files Created from 2014-08-03 to 2014-09-03 )))))))))))))))))))))))))))))))

    .

    .

    2014-09-03 00:09 . 2014-09-03 00:09 -------- d-----w-c:\users\Theresa\AppData\Local\temp

    2014-09-02 15:03 . 2014-09-02 15:03 75888 ----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8058A308-9FBF-4E3F-8764-8D7187DDF590}\offreg.dll

    2014-09-02 15:02 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8058A308-9FBF-4E3F-8764-8D7187DDF590}\mpengine.dll

    2014-09-02 04:17 . 2014-09-02 04:26 -------- d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)

    2014-09-02 04:01 . 2014-09-02 04:01 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys

    2014-09-02 04:01 . 2014-09-02 04:01 -------- d-----w-c:\programdata\RogueKiller

    2014-09-02 00:07 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

    2014-09-01 22:56 . 2014-09-01 22:56 -------- d-----w-c:\windows\ERUNT

    2014-09-01 18:42 . 2010-08-30 15:34 536576 ----a-w-c:\windows\SysWow64\sqlite3.dll

    2014-09-01 18:41 . 2014-09-01 18:52 -------- d-----w-C:\AdwCleaner

    2014-09-01 03:48 . 2014-09-01 03:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

    2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

    2014-09-01 03:08 . 2014-09-01 03:31 -------- d-----w-c:\program files (x86)\QuickTime

    2014-09-01 03:04 . 2014-09-01 03:04 -------- d-----w-c:\program files (x86)\Apple Software Update

    2014-09-01 02:16 . 2014-09-01 02:16 -------- d-----w-c:\program files (x86)\PuTTY

    2014-09-01 01:45 . 2014-09-01 01:45 -------- d-----w-c:\users\Fred\AppData\Local\Secunia PSI

    2014-09-01 01:45 . 2014-09-01 01:45 -------- d-----w-c:\program files (x86)\Secunia

    2014-08-31 15:46 . 2014-09-02 21:38 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

    2014-08-31 15:45 . 2014-09-02 04:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2014-08-31 15:45 . 2014-08-31 15:45 -------- d-----w-c:\program files (x86)\Malwarebytes Anti-Malware

    2014-08-31 15:45 . 2014-08-31 15:45 -------- d-----w-c:\programdata\Malwarebytes

    2014-08-31 15:45 . 2014-05-12 14:26 63704 ----a-w-c:\windows\system32\drivers\mwac.sys

    2014-08-31 15:45 . 2014-05-12 14:25 25816 ----a-w-c:\windows\system32\drivers\mbam.sys

    2014-08-30 20:05 . 2014-08-30 20:06 -------- d-----w-c:\users\Fred\AppData\Local\Akamai

    2014-08-29 15:05 . 2014-08-19 15:22 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5BC01DE-5AF0-44BD-AA2F-55209F16FBE5}\gapaengine.dll

    2014-08-28 13:52 . 2014-08-23 02:07 404480 ----a-w-c:\windows\system32\gdi32.dll

    2014-08-28 13:52 . 2014-08-23 01:45 311808 ----a-w-c:\windows\SysWow64\gdi32.dll

    2014-08-28 13:52 . 2014-08-23 00:59 3163648 ----a-w-c:\windows\system32\win32k.sys

    2014-08-27 04:34 . 2014-08-13 06:41 2155152 ----a-w- c:\windows\system32\Incinerator64.dll

    2014-08-16 01:10 . 2014-08-13 06:41 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll

    2014-08-16 01:10 . 2014-08-13 06:57 57584 ----a-w-c:\windows\system32\iolobtdfg.exe

    2014-08-16 01:10 . 2014-08-13 06:57 26184 ----a-w-c:\windows\system32\smrgdf.exe

    2014-08-16 01:10 . 2014-07-13 20:31 82160 ----a-w-c:\windows\system32\drivers\PDFsFilter.sys

    2014-08-16 01:10 . 2014-07-13 20:31 69000 ----a-w-c:\windows\system32\offreg.dll

    2014-08-16 01:10 . 2014-07-13 20:31 56200 ----a-w-c:\windows\SysWow64\offreg.dll

    2014-08-16 01:10 . 2014-08-16 01:10 -------- d-----w-c:\program files (x86)\iolo

    2014-08-16 01:06 . 2014-08-27 04:36 -------- d-----w-c:\programdata\iolo

    2014-08-16 01:06 . 2014-08-16 01:56 -------- d-----w-c:\users\Fred\AppData\Roaming\iolo

    2014-08-16 01:06 . 2014-08-16 01:06 74703 ----a-w-c:\windows\SysWow64\mfc45.dat

    2014-08-15 04:24 . 2014-08-15 04:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

    2014-08-15 04:18 . 2014-03-09 21:48 171160 ----a-w-c:\windows\system32\infocardapi.dll

    2014-08-15 04:18 . 2014-03-09 21:48 1389208 ----a-w-c:\windows\system32\icardagt.exe

    2014-08-15 04:18 . 2014-03-09 21:47 99480 ----a-w-c:\windows\SysWow64\infocardapi.dll

    2014-08-15 04:18 . 2014-03-09 21:47 619672 ----a-w-c:\windows\SysWow64\icardagt.exe

    2014-08-15 04:18 . 2014-06-30 22:24 8856 ----a-w-c:\windows\system32\icardres.dll

    2014-08-15 04:18 . 2014-06-30 22:14 8856 ----a-w-c:\windows\SysWow64\icardres.dll

    2014-08-15 04:18 . 2014-06-06 06:16 35480 ----a-w-c:\windows\SysWow64\TsWpfWrp.exe

    2014-08-15 04:18 . 2014-06-06 06:12 35480 ----a-w-c:\windows\system32\TsWpfWrp.exe

    2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDYAK.DLL

    2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDTAT.DLL

    2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDRU1.DLL

    2014-08-15 01:25 . 2014-07-09 02:03 6656 ----a-w-c:\windows\system32\KBDRU.DLL

    2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDBASH.DLL

    2014-08-15 01:25 . 2014-07-09 01:31 7168 ----a-w-c:\windows\SysWow64\KBDYAK.DLL

    2014-08-15 01:25 . 2014-07-09 01:31 6656 ----a-w-c:\windows\SysWow64\KBDBASH.DLL

    2014-08-11 15:13 . 2014-05-29 02:03 48656 ----a-w-c:\windows\system32\drivers\asd2fsm.sys

    2014-08-11 15:13 . 2014-08-11 15:13 -------- d-----w-c:\programdata\Anvisoft

    2014-08-11 15:13 . 2014-08-11 15:13 -------- d-----w-c:\program files (x86)\Anvisoft

    2014-08-09 06:03 . 2014-08-18 16:20 -------- d-----w-c:\programdata\Spybot - Search & Destroy

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2014-09-01 02:04 . 2012-04-03 00:20 699568 ----a-w-c:\windows\SysWow64\FlashPlayerApp.exe

    2014-09-01 02:04 . 2011-05-17 07:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2014-08-19 15:22 . 2011-05-21 13:39 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

    2014-08-01 06:41 . 2011-05-21 13:40 99218768 ----a-w-c:\windows\system32\MRT.exe

    2014-07-31 03:23 . 2011-05-21 21:59 18960 ----a-w-c:\windows\system32\drivers\LNonPnP.sys

    2014-07-28 18:29 . 2014-07-28 18:29 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

    2014-07-28 18:29 . 2014-07-28 18:29 319912 ----a-w-c:\windows\system32\javaws.exe

    2014-07-28 18:29 . 2014-07-28 18:29 189352 ----a-w-c:\windows\system32\javaw.exe

    2014-07-28 18:29 . 2014-07-28 18:29 189352 ----a-w-c:\windows\system32\java.exe

    2014-07-13 20:33 . 2014-07-29 03:36 32912 ----a-w-c:\windows\system32\drivers\rawdsk3.sys

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-29 5955088]

    "PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

    "PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

    "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]

    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]

    "AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-29 1171336]

    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]

    .

    c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    SetPoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2014-5-19 3100440]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 0 (0x0)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableLUA"= 0 (0x0)

    "EnableUIADesktopToggle"= 0 (0x0)

    "PromptOnSecureDesktop"= 0 (0x0)

    "EnableLinkedConnections"= 1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ ???????\0

    \0\0????\0????\0\0????????????\0\0\0????\0??????\0 L????\0????\0\0.\0????\0À11#\0???\0H\0c:\program\0e.
    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

    @="Service"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

    @="Service"

    .

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

    R3 PORTMON;PORTMON;c:\data\Utilities\Sysinternals\PORTMSYS.SYS;c:\data\Utilities\Sysinternals\PORTMSYS.SYS [x]

    R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS;c:\windows\SYSNATIVE\Drivers\PROCEXP151.SYS [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

    R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]

    R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]

    R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]

    R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]

    R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]

    R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]

    R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]

    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

    R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]

    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]

    R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

    R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

    R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

    R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]

    R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

    S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

    S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

    S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]

    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]

    S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]

    S2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

    S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

    S2 AgilentCommunicationsFabric;Agilent Communications Fabric;c:\program files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe;c:\program files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [x]

    S2 AgilentIOLibrariesService;Agilent IO Libraries Service;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [x]

    S2 AgtMdnsResponder;Agilent mDNS Responder Service;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [x]

    S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

    S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]

    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

    S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

    S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]

    S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]

    S3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x]

    S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

    S3 AgilentPXIResourceManager;Agilent PXI Resource Manager;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [x]

    S3 AgPciMem;AgPciMem;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys [x]

    S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

    S3 CiscoSerial;CiscoPort;c:\windows\system32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys;c:\windows\SYSNATIVE\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [x]

    S3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x]

    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]

    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

    S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]

    .

    .

    --- Other Services/Drivers In Memory ---

    .

    *NewlyCreated* - CPUZ135

    *NewlyCreated* - MBAMSWISSARMY

    *Deregistered* - cpuz135

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-09-01 02:18 1096520 ----a-w-c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]

    2012-02-27 11:49 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

    .

    Contents of the 'Scheduled Tasks' folder

    .

    2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:04]

    .

    2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 22:45]

    .

    2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 22:45]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

    2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-09 497648]

    "Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-29 403144]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

    netman

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.bing.com/

    uInternet Settings,ProxyOverride = *.local;<local>

    TCP: DhcpNameServer = 192.168.1.254

    DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} - hxxps://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

    .

    .

    ------- File Associations -------

    .

    JSEFile=NOTEPAD.EXE %1

    .

    - - - - ORPHANS REMOVED - - - -

    .

    Toolbar-Locked - (no file)

    Wow6432Node-HKLM-Run-<NO NAME> - (no file)

    ShellIconOverlayIdentifiers- - (no file)

    ShellIconOverlayIdentifiers- - (no file)

    ShellIconOverlayIdentifiers- - (no file)

    .

    .

    .

    --------------------- LOCKED REGISTRY KEYS ---------------------

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.14"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    "MSCurrentCountry"=dword:000000b5

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Completion time: 2014-09-02 17:11:30

    ComboFix-quarantined-files.txt 2014-09-03 00:11

    .

    Pre-Run: 157,674,631,168 bytes free

    Post-Run: 157,579,255,808 bytes free

    .

    - - End Of File - - BF64A23D4657CEBA466B9A9AF7AAB8ED

    A36C5E4F47E84449FF07ED3517B43A31



    Rkill 2.6.8 by Lawrence Abrams (Grinler)

    http://www.bleepingcomputer.com/

    Copyright 2008-2014 BleepingComputer.com

    More Information about Rkill can be found at this link:

    http://www.bleepingcomputer.com/forums/topic308364.html



    Program started at: 09/02/2014 05:22:42 PM in x64 mode. (Safe Mode)

    Windows Version: Windows 7 Ultimate Service Pack 1



    Checking for Windows services to stop:



    * No malware services found to stop.



    Checking for processes to terminate:



    * No malware processes found to kill.



    Checking Registry for malware related settings:



    * No issues found in the Registry.



    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.



    Performing miscellaneous checks:



    * No issues found.



    Checking Windows Service Integrity:



    * Base Filtering Engine (BFE) is not Running.

    Startup Type set to: Automatic



    * DHCP Client (Dhcp) is not Running.

    Startup Type set to: Automatic



    * DNS Client (Dnscache) is not Running.

    Startup Type set to: Automatic



    * COM+ Event System (EventSystem) is not Running.

    Startup Type set to: Automatic



    * Windows Firewall (MpsSvc) is not Running.

    Startup Type set to: Automatic



    * Network Connections (Netman) is not Running.

    Startup Type set to: Automatic



    * Network Store Interface Service (nsi) is not Running.

    Startup Type set to: Automatic



    * Security Center (wscsvc) is not Running.

    Startup Type set to: Automatic (Delayed Start)



    * Windows Update (wuauserv) is not Running.

    Startup Type set to: Automatic (Delayed Start)



    * Ancillary Function Driver for Winsock (AFD) is not Running.

    Startup Type set to: System



    * Windows Firewall Authorization Driver (mpsdrv) is not Running.

    Startup Type set to: Manual



    * NetBT (NetBT) is not Running.

    Startup Type set to: System



    * NSI proxy service driver. (nsiproxy) is not Running.

    Startup Type set to: System



    * NetIO Legacy TDI Support Driver (tdx) is not Running.

    Startup Type set to: System



    Searching for Missing Digital Signatures:



    * No issues found.



    Checking HOSTS File:



    * HOSTS file entries found:



    127.0.0.1 localhost



    Program finished at: 09/02/2014 05:22:58 PM

    Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)
     
  8. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  9. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    # AdwCleaner v3.309 - Report created 02/09/2014 at 18:16:54

    # Updated 02/09/2014 by Xplode

    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

    # Username : Fred - MOSSLANDING

    # Running from : C:\Users\Fred\Desktop\adwcleaner_3.309.exe

    # Option : Clean



    ***** [ Services ] *****





    ***** [ Files / Folders ] *****





    ***** [ Scheduled Tasks ] *****





    ***** [ Shortcuts ] *****





    ***** [ Registry ] *****





    ***** [ Browsers ] *****



    -\\ Internet Explorer v9.0.8112.16555





    -\\ Mozilla Firefox v31.0 (x86 en-US)



    [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\apvakfg6.default\prefs.js ]





    [ File : C:\Users\Be My Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6m0j1cov.default\prefs.js ]





    [ File : C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js ]





    [ File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\76716l4z.default\prefs.js ]





    -\\ Google Chrome v37.0.2062.102



    [ File : C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\preferences ]



    Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

    Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}



    [ File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\preferences ]





    *************************



    AdwCleaner[R0].txt - [5814 octets] - [01/09/2014 11:41:51]

    AdwCleaner[R1].txt - [1602 octets] - [02/09/2014 18:15:15]

    AdwCleaner[S0].txt - [5840 octets] - [01/09/2014 11:52:38]

    AdwCleaner[S1].txt - [1527 octets] - [02/09/2014 18:16:54]



    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1587 octets] ##########



    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.1.4 (04.06.2014:1)

    OS: Windows 7 Ultimate x64

    Ran by Fred on 2014-09-02 at 18:21:04.66

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~









    ~~~ Services







    ~~~ Registry Values







    ~~~ Registry Keys







    ~~~ Files







    ~~~ Folders







    ~~~ Event Viewer Logs were cleared











    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 2014-09-02 at 18:28:28.17

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014

    Ran by Fred (administrator) on MOSSLANDING on 02-09-2014 18:30:48

    Running from C:\Users\Fred\Desktop

    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

    Internet Explorer Version 9

    Boot Mode: Normal



    The only official download link for FRST:

    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

    Download link from any site other than Bleeping Computer is unpermitted or outdated.

    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/



    ==================== Processes (Whitelisted) =================



    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)



    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

    (Microsoft Corporation) C:\Windows\System32\wisptis.exe

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

    (Agilent Technologies, Inc.) C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe

    (Agilent) C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe

    (Agilent) C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

    (Agilent) C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

    (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

    (Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

    (Microsoft Corporation) C:\Windows\System32\vds.exe

    (Agilent Technologies) C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe

    (Agilent Technologies) C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

    (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

    (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

    (Microsoft Corporation) C:\Windows\System32\wisptis.exe

    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

    (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

    (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

    (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

    (iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

    (Agilent) C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe

    (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

    (Microsoft Corporation) C:\Windows\System32\dllhost.exe

    (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

    (Microsoft Corporation) C:\Windows\splwow64.exe





    ==================== Registry (Whitelisted) ==================



    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)



    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)

    HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)

    HKLM-x32\...\Run: [] => [X]

    HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)

    HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

    HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

    HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)

    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)

    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

    ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

    Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk

    ShortcutTarget: SetPoint.lnk -> C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

    ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

    BootExecute: ???????

    ????????????????????[1]?????????? L????????.????À11#???[1]HC:\Programe.


    ==================== Internet (Whitelisted) ====================



    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)



    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

    BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

    DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

    DPF: HKLM-x32 {CE335477-C2B3-4B59-8305-5D9A77D1F133} https://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

    Winsock: Catalog5 10 C:\Program Files (x86)\Agilent\IO Libraries Suite\LxiMdnsNsp.dll [144896] (Agilent Technologies, Inc.)

    Winsock: Catalog5-x64 10 C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsNsp.dll [161792] (Agilent Technologies, Inc.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254



    FireFox:

    ========

    FF ProfilePath: C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default

    FF DefaultSearchEngine: Wikipedia (en)

    FF SelectedSearchEngine: Wikipedia (en)

    FF Homepage: hxxp://www.google.com/

    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

    FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )

    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

    FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

    FF Plugin ProgramFiles/Appdata: C:\Users\Fred\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)

    FF SearchPlugin: C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\searchplugins\wolframalpha.xml

    FF Extension: Flashblock - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17]

    FF Extension: WOT - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-01]

    FF Extension: Adblock Plus - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]

    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-26]

    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-30]






    ==== Will place remainder in next post
     
  10. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Chrome:

    =======

    CHR HomePage: Default ->

    CHR DefaultSearchKeyword: Default -> BEB5C69727333193F2A7F623AEFFA0FB45CEB1DE786CA9EEAD732C90FD3A31E7

    CHR DefaultSearchURL: Default -> B264C0A4AA6BBDCC96A444FD08578F71E04F95613474B59A48971430CF2DC75B

    CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default

    CHR Extension: (Google Docs) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]

    CHR Extension: (Google Drive) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]

    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

    CHR Extension: (YouTube) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]

    CHR Extension: (Google Search) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]

    CHR Extension: (FlashFree) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2013-11-20]

    CHR Extension: (AdBlock) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-20]

    CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]

    CHR Extension: (Gmail) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]



    ==================== Services (Whitelisted) =================



    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



    R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)

    R2 AgilentCommunicationsFabric; C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [32072 2014-01-21] (Agilent Technologies, Inc.)

    R2 AgilentIOLibrariesService; C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [82248 2013-11-14] (Agilent)

    R3 AgilentPXIResourceManager; C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [262984 2013-11-14] (Agilent)

    R2 AgtMdnsResponder; C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [426496 2012-05-26] (Agilent) [File not signed]

    R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

    S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-26] (Macrovision Europe Ltd.) [File not signed]

    S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

    R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)

    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

    R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

    S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)

    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

    R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

    R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

    R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

    S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

    S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)



    ==================== Drivers (Whitelisted) ====================



    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)



    R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)

    R3 AgPciMem; C:\Program Files\Agilent\IO Libraries Suite\AgPciMem.sys [15592 2013-11-14] (Agilent Technologies)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()

    R3 CiscoSerial; C:\Windows\System32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [95232 2009-10-16] (Cisco Systems, Inc.)

    R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)

    R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-10-26] (EldoS Corporation)

    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)

    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

    R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)

    R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)

    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

    R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()

    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

    R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

    S3 PORTMON; C:\data\Utilities\Sysinternals\PORTMSYS.SYS [28656 2014-08-17] (Systems Internals) [File not signed]

    R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

    R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)

    S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)

    S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)

    S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)

    S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)

    S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)

    S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)

    S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)

    R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)

    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

    U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-01] ()

    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

    R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)

    R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)

    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

    S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]

    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

    S3 VGPU; System32\drivers\rdvgkmd.sys [X]



    ==================== NetSvcs (Whitelisted) ===================



    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)





    ==================== One Month Created Files and Folders ========



    (If an entry is included in the fixlist, the file\folder will be moved.)



    2014-09-02 18:30 - 2014-09-02 18:31 - 00024173 _____ () C:\Users\Fred\Desktop\FRST.txt

    2014-09-02 18:30 - 2014-09-02 18:30 - 00000000 ____D () C:\FRST

    2014-09-02 18:13 - 2014-09-02 18:13 - 01370483 _____ () C:\Users\Fred\Desktop\adwcleaner_3.309.exe

    2014-09-02 17:15 - 2014-09-02 17:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe

    2014-09-02 17:11 - 2014-09-02 17:11 - 00031837 _____ () C:\ComboFix.txt

    2014-09-02 17:02 - 2014-09-02 17:11 - 00000000 ____D () C:\Qoobox

    2014-09-02 17:02 - 2014-09-02 17:11 - 00000000 ____D () C:\ComboFix

    2014-09-02 17:02 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

    2014-09-02 17:02 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

    2014-09-02 17:02 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

    2014-09-02 17:02 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

    2014-09-02 17:02 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

    2014-09-02 17:02 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

    2014-09-02 17:02 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

    2014-09-02 17:02 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

    2014-09-02 16:59 - 2014-09-02 16:59 - 05576326 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe

    2014-09-01 21:17 - 2014-09-01 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    2014-09-01 21:16 - 2014-09-01 21:26 - 00000000 ____D () C:\Users\Fred\Desktop\mbar

    2014-09-01 21:15 - 2014-09-01 21:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe

    2014-09-01 21:01 - 2014-09-01 21:01 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

    2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\RogueKiller

    2014-09-01 20:59 - 2014-09-01 20:59 - 04857944 _____ () C:\Users\Fred\Desktop\RogueKiller.exe

    2014-09-01 20:18 - 2014-09-01 20:18 - 00688992 ____R (Swearware) C:\Users\Fred\Desktop\dds.com

    2014-09-01 15:56 - 2014-09-01 15:56 - 00000000 ____D () C:\Windows\ERUNT

    2014-09-01 15:43 - 2014-09-01 15:49 - 368945248 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\office2007sp3-kb2526086-fullfile-en-us.exe

    2014-09-01 15:43 - 2014-09-01 15:47 - 55915216 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\IE11-Windows6.1-x64-en-us.exe

    2014-09-01 15:39 - 2014-09-01 15:39 - 00186504 _____ () C:\Users\Fred\Desktop\sfcdetails.txt

    2014-09-01 11:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

    2014-09-01 11:41 - 2014-09-02 18:17 - 00000000 ____D () C:\AdwCleaner

    2014-09-01 11:17 - 2014-09-02 18:14 - 02104832 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe

    2014-09-01 11:16 - 2014-09-02 18:13 - 01016261 _____ (Thisisu) C:\Users\Fred\Desktop\JRT.exe

    2014-08-31 22:15 - 2014-08-31 22:15 - 00009712 _____ () C:\Users\Fred\Documents\cc_20140831_221532.reg

    2014-08-31 22:14 - 2014-08-31 22:15 - 00871886 _____ () C:\Users\Fred\Documents\cc_20140831_221432 itunes etc removed.reg

    2014-08-31 20:48 - 2014-08-31 20:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

    2014-08-31 20:30 - 2014-08-31 20:30 - 00004642 _____ () C:\Users\Fred\Documents\cc_20140831_203012.reg

    2014-08-31 20:08 - 2014-08-31 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    2014-08-31 20:08 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime

    2014-08-31 20:04 - 2014-08-31 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

    2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

    2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

    2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY

    2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\Program Files (x86)\PuTTY

    2014-08-31 19:07 - 2014-09-01 15:36 - 00000000 ____D () C:\Users\Fred\Desktop\OLD

    2014-08-31 19:04 - 2014-09-02 18:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-08-31 19:04 - 2014-08-31 20:58 - 00004626 _____ () C:\Windows\SecuniaPackage.log

    2014-08-31 19:04 - 2014-08-31 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-08-31 18:45 - 2014-08-31 18:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

    2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Users\Fred\AppData\Local\Secunia PSI

    2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Program Files (x86)\Secunia

    2014-08-31 11:00 - 2014-08-31 11:00 - 00448512 _____ (OldTimer Tools) C:\Users\Fred\Desktop\TFC.exe

    2014-08-31 09:54 - 2014-08-31 10:06 - 00000000 ____D () C:\Windows\erdnt

    2014-08-31 08:46 - 2014-09-02 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-08-31 08:45 - 2014-09-01 21:16 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

    2014-08-31 08:45 - 2014-08-31 08:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-08-31 08:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

    2014-08-31 08:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    2014-08-30 18:55 - 2014-08-30 19:34 - 3320903680 _____ () C:\Users\Fred\Desktop\X17-59465.iso

    2014-08-30 18:40 - 2014-08-30 18:48 - 00001908 _____ () C:\Windows\diagwrn.xml

    2014-08-30 18:40 - 2014-08-30 18:48 - 00001908 _____ () C:\Windows\diagerr.xml

    2014-08-30 16:42 - 2014-08-30 16:42 - 00001178 _____ () C:\Users\Fred\Documents\cc_20140830_164215.reg

    2014-08-30 13:05 - 2014-08-30 13:06 - 00000000 ____D () C:\Users\Fred\AppData\Local\Akamai

    2014-08-30 11:52 - 2014-08-30 11:52 - 00002216 _____ () C:\Users\Fred\Documents\cc_20140830_115248.reg

    2014-08-28 14:03 - 2014-08-28 14:03 - 00001604 _____ () C:\Users\Fred\Documents\cc_20140828_140310.reg

    2014-08-28 06:52 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

    2014-08-28 06:52 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

    2014-08-28 06:52 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2014-08-26 21:34 - 2014-08-12 23:41 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll

    2014-08-25 21:32 - 2014-08-28 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework

    2014-08-25 21:29 - 2014-08-25 21:29 - 00000020 _____ () C:\Windows\àö

    2014-08-25 13:37 - 2014-08-25 13:37 - 00002898 _____ () C:\Users\Fred\Documents\cc_20140825_133741.reg

    2014-08-22 13:26 - 2014-08-22 13:26 - 00002140 _____ () C:\Users\Fred\Documents\cc_20140822_132634.reg

    2014-08-18 09:25 - 2014-08-18 09:25 - 00003460 _____ () C:\Users\Fred\Documents\cc_20140818_092516 spybott removed.reg

    2014-08-18 09:20 - 2014-08-18 09:20 - 00000085 _____ () C:\Windows\wininit.ini

    2014-08-18 09:20 - 2014-08-18 09:20 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

    2014-08-17 16:18 - 2014-08-17 16:18 - 00001508 _____ () C:\Users\Fred\Documents\cc_20140817_161807.reg

    2014-08-16 12:01 - 2014-08-16 12:01 - 00001574 _____ () C:\Users\Fred\Documents\cc_20140816_120135.reg

    2014-08-15 20:52 - 2014-08-15 20:52 - 00003110 _____ () C:\Users\Fred\Documents\cc_20140815_205247.reg

    2014-08-15 18:10 - 2014-08-26 21:34 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor

    2014-08-15 18:10 - 2014-08-26 21:34 - 00001441 _____ () C:\Users\Fred\Desktop\LiveBoost.lnk

    2014-08-15 18:10 - 2014-08-26 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic

    2014-08-15 18:10 - 2014-08-26 21:34 - 00000000 ____D () C:\ProgramData\ioloGovernor

    2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\ioloGovernor

    2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Program Files (x86)\iolo

    2014-08-15 18:10 - 2014-08-12 23:57 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe

    2014-08-15 18:10 - 2014-08-12 23:57 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe

    2014-08-15 18:10 - 2014-08-12 23:41 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

    2014-08-15 18:10 - 2014-07-13 13:31 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys

    2014-08-15 18:10 - 2014-07-13 13:31 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll

    2014-08-15 18:10 - 2014-07-13 13:31 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll

    2014-08-15 18:06 - 2014-08-26 21:36 - 00000000 ____D () C:\ProgramData\iolo

    2014-08-15 18:06 - 2014-08-15 18:56 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\iolo

    2014-08-15 18:06 - 2014-08-15 18:06 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat

    2014-08-14 21:24 - 2014-08-14 21:24 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%

    2014-08-14 21:18 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

    2014-08-14 21:18 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

    2014-08-14 21:18 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

    2014-08-14 21:18 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

    2014-08-14 21:18 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

    2014-08-14 21:18 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

    2014-08-14 21:18 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

    2014-08-14 21:18 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

    2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

    2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

    2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

    2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

    2014-08-14 18:25 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

    2014-08-14 18:25 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

    2014-08-14 18:25 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

    2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

    2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

    2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

    2014-08-14 18:25 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls

    2014-08-14 18:25 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

    2014-08-14 18:24 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

    2014-08-14 18:24 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    2014-08-14 18:24 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

    2014-08-14 18:24 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

    2014-08-14 18:24 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

    2014-08-14 18:24 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

    2014-08-14 18:24 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

    2014-08-14 18:24 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

    2014-08-14 18:24 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

    2014-08-14 18:24 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

    2014-08-14 18:24 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

    2014-08-14 18:24 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

    2014-08-14 18:24 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

    2014-08-14 18:24 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

    2014-08-14 08:07 - 2014-08-14 08:07 - 00000392 _____ () C:\Users\Fred\Documents\cc_20140814_080741.reg

    2014-08-13 13:41 - 2014-08-13 13:42 - 00000514 _____ () C:\Users\Fred\Documents\cc_20140813_134158.reg

    2014-08-11 23:12 - 2014-08-11 23:12 - 00000534 _____ () C:\Users\Fred\Documents\cc_20140811_231221.reg

    2014-08-11 23:03 - 2014-08-11 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer

    2014-08-11 22:15 - 2014-08-11 22:15 - 00001752 _____ () C:\Users\Fred\Documents\cc_20140811_221548 Myphoneexp2.reg

    2014-08-11 22:14 - 2014-08-11 22:15 - 00015072 _____ () C:\Users\Fred\Documents\cc_20140811_221441 PhoneExplorer Virus cleanup.reg

    2014-08-11 08:14 - 2014-08-28 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

    2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\ProgramData\Anvisoft

    2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\Program Files (x86)\Anvisoft

    2014-08-11 08:13 - 2014-05-28 19:03 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys

    2014-08-11 08:10 - 2014-08-11 08:11 - 36035456 _____ (Anvisoft) C:\Users\Fred\Desktop\asdsetup.exe

    2014-08-09 07:35 - 2014-08-09 07:35 - 00000258 _____ () C:\Users\Fred\Documents\cc_20140809_073514.reg

    2014-08-09 07:34 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140809-073433.backup

    2014-08-09 06:41 - 2014-08-09 06:41 - 00000000 ____D () C:\Users\Fred\Documents\ProcAlyzer Dumps

    2014-08-08 23:03 - 2014-08-18 09:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

    2014-08-06 10:50 - 2014-08-06 10:50 - 00001200 _____ () C:\Users\Fred\Documents\cc_20140806_105003.reg

    2014-08-03 17:51 - 2014-08-03 17:51 - 00000134 _____ () C:\Users\Fred\Desktop\Internet Explorer Troubleshooting.url

    2014-08-03 17:49 - 2014-08-03 18:14 - 00019983 _____ () C:\Windows\IE11_main.log

    2014-08-03 15:14 - 2014-08-03 16:10 - 00000000 ____D () C:\MATS

    2014-08-03 11:28 - 2014-08-03 11:28 - 00008962 _____ () C:\Users\Fred\Documents\cc_20140803_112816.reg

    2014-08-03 11:28 - 2014-08-03 11:28 - 00001926 _____ () C:\Users\Fred\Documents\cc_20140803_112841.reg

    2014-08-03 11:11 - 2014-08-03 11:11 - 00002084 _____ () C:\Users\Fred\Documents\cc_20140803_111132.reg



    ==================== One Month Modified Files and Folders =======



    (If an entry is included in the fixlist, the file\folder will be moved.)



    2014-09-02 18:31 - 2014-09-02 18:30 - 00024173 _____ () C:\Users\Fred\Desktop\FRST.txt

    2014-09-02 18:30 - 2014-09-02 18:30 - 00000000 ____D () C:\FRST

    2014-09-02 18:25 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI

    2014-09-02 18:25 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    2014-09-02 18:25 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    2014-09-02 18:21 - 2014-08-31 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

    2014-09-02 18:21 - 2012-12-10 12:43 - 01205996 _____ () C:\Windows\WindowsUpdate.log

    2014-09-02 18:18 - 2014-08-02 21:26 - 00049016 _____ () C:\Windows\PFRO.log

    2014-09-02 18:18 - 2014-08-02 10:06 - 00002011 _____ () C:\Windows\setupact.log

    2014-09-02 18:18 - 2013-12-04 20:07 - 00000110 _____ () C:\Windows\agPXICfg.ini

    2014-09-02 18:18 - 2013-06-22 15:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

    2014-09-02 18:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

    2014-09-02 18:17 - 2014-09-01 11:41 - 00000000 ____D () C:\AdwCleaner

    2014-09-02 18:14 - 2014-09-01 11:17 - 02104832 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe

    2014-09-02 18:13 - 2014-09-02 18:13 - 01370483 _____ () C:\Users\Fred\Desktop\adwcleaner_3.309.exe

    2014-09-02 18:13 - 2014-09-01 11:16 - 01016261 _____ (Thisisu) C:\Users\Fred\Desktop\JRT.exe

    2014-09-02 18:08 - 2014-08-31 19:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

    2014-09-02 17:15 - 2014-09-02 17:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe

    2014-09-02 17:11 - 2014-09-02 17:11 - 00031837 _____ () C:\ComboFix.txt

    2014-09-02 17:11 - 2014-09-02 17:02 - 00000000 ____D () C:\Qoobox

    2014-09-02 17:11 - 2014-09-02 17:02 - 00000000 ____D () C:\ComboFix

    2014-09-02 17:09 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

    2014-09-02 16:59 - 2014-09-02 16:59 - 05576326 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe

    2014-09-01 21:26 - 2014-09-01 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

    2014-09-01 21:26 - 2014-09-01 21:16 - 00000000 ____D () C:\Users\Fred\Desktop\mbar

    2014-09-01 21:16 - 2014-09-01 21:15 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe

    2014-09-01 21:16 - 2014-08-31 08:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

    2014-09-01 21:01 - 2014-09-01 21:01 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

    2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\RogueKiller

    2014-09-01 20:59 - 2014-09-01 20:59 - 04857944 _____ () C:\Users\Fred\Desktop\RogueKiller.exe

    2014-09-01 20:23 - 2011-05-28 10:58 - 00000000 ____D () C:\Users\Fred\Desktop\PC Problems

    2014-09-01 20:18 - 2014-09-01 20:18 - 00688992 ____R (Swearware) C:\Users\Fred\Desktop\dds.com

    2014-09-01 20:13 - 2011-11-06 11:36 - 00000000 ____D () C:\Users\Fred\Desktop\Scans

    2014-09-01 15:56 - 2014-09-01 15:56 - 00000000 ____D () C:\Windows\ERUNT

    2014-09-01 15:49 - 2014-09-01 15:43 - 368945248 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\office2007sp3-kb2526086-fullfile-en-us.exe

    2014-09-01 15:47 - 2014-09-01 15:43 - 55915216 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\IE11-Windows6.1-x64-en-us.exe

    2014-09-01 15:39 - 2014-09-01 15:39 - 00186504 _____ () C:\Users\Fred\Desktop\sfcdetails.txt

    2014-09-01 15:36 - 2014-08-31 19:07 - 00000000 ____D () C:\Users\Fred\Desktop\OLD

    2014-09-01 15:30 - 2011-05-17 07:25 - 00007656 _____ () C:\Users\Fred\AppData\Local\resmon.resmoncfg

    2014-08-31 22:15 - 2014-08-31 22:15 - 00009712 _____ () C:\Users\Fred\Documents\cc_20140831_221532.reg

    2014-08-31 22:15 - 2014-08-31 22:14 - 00871886 _____ () C:\Users\Fred\Documents\cc_20140831_221432 itunes etc removed.reg

    2014-08-31 21:28 - 2012-01-15 16:15 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\MyPhoneExplorer

    2014-08-31 20:58 - 2014-08-31 19:04 - 00004626 _____ () C:\Windows\SecuniaPackage.log

    2014-08-31 20:58 - 2014-07-13 09:51 - 00000000 ____D () C:\Users\Fred\AppData\Local\Adobe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

    2014-08-31 20:48 - 2014-08-31 20:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

    2014-08-31 20:48 - 2011-11-03 11:58 - 00000000 ____D () C:\Program Files (x86)\Java

    2014-08-31 20:31 - 2014-08-31 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

    2014-08-31 20:31 - 2014-08-31 20:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime

    2014-08-31 20:30 - 2014-08-31 20:30 - 00004642 _____ () C:\Users\Fred\Documents\cc_20140831_203012.reg

    2014-08-31 20:25 - 2011-05-26 21:38 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk

    2014-08-31 20:12 - 2011-05-26 21:38 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk

    2014-08-31 20:12 - 2011-05-26 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

    2014-08-31 20:12 - 2011-05-26 21:20 - 00000000 ____D () C:\ProgramData\Adobe

    2014-08-31 20:04 - 2014-08-31 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

    2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

    2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

    2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY

    2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\Program Files (x86)\PuTTY

    2014-08-31 19:04 - 2014-08-31 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

    2014-08-31 19:04 - 2012-04-02 17:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

    2014-08-31 19:04 - 2011-05-17 00:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

    2014-08-31 18:45 - 2014-08-31 18:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

    2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Users\Fred\AppData\Local\Secunia PSI

    2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Program Files (x86)\Secunia

    2014-08-31 11:00 - 2014-08-31 11:00 - 00448512 _____ (OldTimer Tools) C:\Users\Fred\Desktop\TFC.exe

    2014-08-31 10:08 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default

    2014-08-31 10:06 - 2014-08-31 09:54 - 00000000 ____D () C:\Windows\erdnt

    2014-08-31 10:05 - 2011-05-16 23:20 - 00000000 ____D () C:\Users\Fred

    2014-08-31 09:03 - 2009-07-14 00:46 - 00000000 ____D () C:\Windows\CSC

    2014-08-31 08:45 - 2014-08-31 08:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes

    2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

    2014-08-30 19:34 - 2014-08-30 18:55 - 3320903680 _____ () C:\Users\Fred\Desktop\X17-59465.iso

    2014-08-30 18:48 - 2014-08-30 18:40 - 00001908 _____ () C:\Windows\diagwrn.xml

    2014-08-30 18:48 - 2014-08-30 18:40 - 00001908 _____ () C:\Windows\diagerr.xml

    2014-08-30 18:40 - 2014-08-02 10:06 - 00000000 _____ () C:\Windows\setuperr.log

    2014-08-30 16:42 - 2014-08-30 16:42 - 00001178 _____ () C:\Users\Fred\Documents\cc_20140830_164215.reg

    2014-08-30 16:38 - 2011-05-21 10:26 - 00000000 ____D () C:\data

    2014-08-30 13:06 - 2014-08-30 13:05 - 00000000 ____D () C:\Users\Fred\AppData\Local\Akamai

    2014-08-30 11:52 - 2014-08-30 11:52 - 00002216 _____ () C:\Users\Fred\Documents\cc_20140830_115248.reg

    2014-08-28 18:49 - 2011-05-17 00:03 - 00846762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

    2014-08-28 18:47 - 2014-08-25 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework

    2014-08-28 15:08 - 2011-08-24 18:19 - 00000336 _____ () C:\Windows\BRCALIB.INI

    2014-08-28 14:06 - 2014-08-11 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

    2014-08-28 14:03 - 2014-08-28 14:03 - 00001604 _____ () C:\Users\Fred\Documents\cc_20140828_140310.reg

    2014-08-28 14:00 - 2009-07-13 21:45 - 04752936 _____ () C:\Windows\system32\FNTCACHE.DAT

    2014-08-28 12:35 - 2011-11-03 13:00 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\webex

    2014-08-28 08:30 - 2011-05-18 06:45 - 00000000 ____D () C:\Program Files\CCleaner

    2014-08-26 21:36 - 2014-08-15 18:06 - 00000000 ____D () C:\ProgramData\iolo

    2014-08-26 21:34 - 2014-08-15 18:10 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor

    2014-08-26 21:34 - 2014-08-15 18:10 - 00001441 _____ () C:\Users\Fred\Desktop\LiveBoost.lnk

    2014-08-26 21:34 - 2014-08-15 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic

    2014-08-26 21:34 - 2014-08-15 18:10 - 00000000 ____D () C:\ProgramData\ioloGovernor

    2014-08-25 21:32 - 2011-05-20 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs

    2014-08-25 21:29 - 2014-08-25 21:29 - 00000020 _____ () C:\Windows\àö

    2014-08-25 13:37 - 2014-08-25 13:37 - 00002898 _____ () C:\Users\Fred\Documents\cc_20140825_133741.reg

    2014-08-24 08:25 - 2011-05-22 16:28 - 00000000 ___RD () C:\Users\Fred\Virtual Machines

    2014-08-23 18:37 - 2014-07-04 15:44 - 00001772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

    2014-08-23 18:37 - 2014-07-04 15:44 - 00000000 ____D () C:\Program Files\Wireshark

    2014-08-22 19:07 - 2014-08-28 06:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

    2014-08-22 18:45 - 2014-08-28 06:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

    2014-08-22 17:59 - 2014-08-28 06:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

    2014-08-22 13:26 - 2014-08-22 13:26 - 00002140 _____ () C:\Users\Fred\Documents\cc_20140822_132634.reg

    2014-08-18 18:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

    2014-08-18 14:58 - 2014-04-23 17:58 - 00000000 ____D () C:\Users\Fred\AppData\Local\NVIDIA Corporation

    2014-08-18 14:58 - 2012-11-16 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

    2014-08-18 14:58 - 2011-08-24 17:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

    2014-08-18 14:58 - 2011-05-21 08:06 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

    2014-08-18 14:58 - 2011-05-21 08:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

    2014-08-18 10:00 - 2014-01-27 09:00 - 00001377 _____ () C:\Users\Fred\Desktop\Fuze Meeting .lnk

    2014-08-18 09:25 - 2014-08-18 09:25 - 00003460 _____ () C:\Users\Fred\Documents\cc_20140818_092516 spybott removed.reg

    2014-08-18 09:20 - 2014-08-18 09:20 - 00000085 _____ () C:\Windows\wininit.ini

    2014-08-18 09:20 - 2014-08-18 09:20 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

    2014-08-18 09:20 - 2014-08-08 23:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

    2014-08-18 07:29 - 2012-07-28 18:02 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

    2014-08-17 17:12 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

    2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK

    2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

    2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\zh-HK

    2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\tr-TR

    2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

    2014-08-17 16:18 - 2014-08-17 16:18 - 00001508 _____ () C:\Users\Fred\Documents\cc_20140817_161807.reg

    2014-08-17 15:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration

    2014-08-16 13:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

    2014-08-16 12:23 - 2013-09-07 12:04 - 00002054 _____ () C:\Users\Public\Desktop\Google Slides.lnk

    2014-08-16 12:23 - 2013-09-07 12:04 - 00002052 _____ () C:\Users\Public\Desktop\Google Sheets.lnk

    2014-08-16 12:23 - 2013-09-07 12:04 - 00002042 _____ () C:\Users\Public\Desktop\Google Docs.lnk

    2014-08-16 12:23 - 2013-09-07 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

    2014-08-16 12:01 - 2014-08-16 12:01 - 00001574 _____ () C:\Users\Fred\Documents\cc_20140816_120135.reg

    2014-08-15 20:52 - 2014-08-15 20:52 - 00003110 _____ () C:\Users\Fred\Documents\cc_20140815_205247.reg

    2014-08-15 18:56 - 2014-08-15 18:06 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\iolo

    2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\ioloGovernor

    2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Program Files (x86)\iolo

    2014-08-15 18:06 - 2014-08-15 18:06 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat

    2014-08-14 21:25 - 2011-05-16 23:45 - 00000000 ____D () C:\ProgramData\Microsoft Help

    2014-08-14 21:24 - 2014-08-14 21:24 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%

    2014-08-14 21:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

    2014-08-14 08:07 - 2014-08-14 08:07 - 00000392 _____ () C:\Users\Fred\Documents\cc_20140814_080741.reg

    2014-08-13 13:42 - 2014-08-13 13:41 - 00000514 _____ () C:\Users\Fred\Documents\cc_20140813_134158.reg

    2014-08-12 23:57 - 2014-08-15 18:10 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe

    2014-08-12 23:57 - 2014-08-15 18:10 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe

    2014-08-12 23:41 - 2014-08-26 21:34 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll

    2014-08-12 23:41 - 2014-08-15 18:10 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

    2014-08-11 23:14 - 2011-05-27 18:33 - 00000000 ____D () C:\Users\Theresa

    2014-08-11 23:14 - 2011-05-21 20:01 - 00000000 ____D () C:\Users\Be My Guest

    2014-08-11 23:14 - 2011-05-21 12:42 - 00000000 ____D () C:\Users\Administrator

    2014-08-11 23:12 - 2014-08-11 23:12 - 00000534 _____ () C:\Users\Fred\Documents\cc_20140811_231221.reg

    2014-08-11 23:03 - 2014-08-11 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer

    2014-08-11 23:03 - 2012-01-15 16:15 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer

    2014-08-11 22:15 - 2014-08-11 22:15 - 00001752 _____ () C:\Users\Fred\Documents\cc_20140811_221548 Myphoneexp2.reg

    2014-08-11 22:15 - 2014-08-11 22:14 - 00015072 _____ () C:\Users\Fred\Documents\cc_20140811_221441 PhoneExplorer Virus cleanup.reg

    2014-08-11 11:01 - 2011-11-03 12:59 - 00000000 ____D () C:\ProgramData\WebEx

    2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\ProgramData\Anvisoft

    2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\Program Files (x86)\Anvisoft

    2014-08-11 08:11 - 2014-08-11 08:10 - 36035456 _____ (Anvisoft) C:\Users\Fred\Desktop\asdsetup.exe

    2014-08-10 23:29 - 2009-07-13 22:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

    2014-08-10 23:28 - 2009-07-14 00:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

    2014-08-10 23:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat

    2014-08-09 14:53 - 2011-05-23 06:17 - 00000000 ____D () C:\junk

    2014-08-09 14:30 - 2011-05-21 17:47 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT

    2014-08-09 14:30 - 2011-05-21 17:47 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT

    2014-08-09 07:35 - 2014-08-09 07:35 - 00000258 _____ () C:\Users\Fred\Documents\cc_20140809_073514.reg

    2014-08-09 07:34 - 2009-07-13 19:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140818-091220.backup

    2014-08-09 06:41 - 2014-08-09 06:41 - 00000000 ____D () C:\Users\Fred\Documents\ProcAlyzer Dumps

    2014-08-07 19:31 - 2013-06-22 15:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

    2014-08-07 18:36 - 2013-06-22 15:45 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

    2014-08-06 10:50 - 2014-08-06 10:50 - 00001200 _____ () C:\Users\Fred\Documents\cc_20140806_105003.reg

    2014-08-03 22:44 - 2011-06-28 07:33 - 00000000 ____D () C:\Program Files\Recuva

    2014-08-03 18:14 - 2014-08-03 17:49 - 00019983 _____ () C:\Windows\IE11_main.log

    2014-08-03 18:00 - 2011-05-17 00:05 - 00000000 ____D () C:\Windows\Panther

    2014-08-03 17:51 - 2014-08-03 17:51 - 00000134 _____ () C:\Users\Fred\Desktop\Internet Explorer Troubleshooting.url

    2014-08-03 16:10 - 2014-08-03 15:14 - 00000000 ____D () C:\MATS

    2014-08-03 15:56 - 2011-05-21 17:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

    2014-08-03 11:28 - 2014-08-03 11:28 - 00008962 _____ () C:\Users\Fred\Documents\cc_20140803_112816.reg

    2014-08-03 11:28 - 2014-08-03 11:28 - 00001926 _____ () C:\Users\Fred\Documents\cc_20140803_112841.reg

    2014-08-03 11:11 - 2014-08-03 11:11 - 00002084 _____ () C:\Users\Fred\Documents\cc_20140803_111132.reg



    Files to move or delete:

    ====================

    C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs

    C:\Users\Fred\GoPython.bat





    Some content of TEMP:

    ====================

    C:\Users\Fred\AppData\Local\Temp\Quarantine.exe





    ==================== Bamital & volsnap Check =================



    (There is no automatic fix for files that do not pass verification.)



    C:\Windows\System32\winlogon.exe => File is digitally signed

    C:\Windows\System32\wininit.exe => File is digitally signed

    C:\Windows\SysWOW64\wininit.exe => File is digitally signed

    C:\Windows\explorer.exe => File is digitally signed

    C:\Windows\SysWOW64\explorer.exe => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\SysWOW64\svchost.exe => File is digitally signed

    C:\Windows\System32\services.exe => File is digitally signed

    C:\Windows\System32\User32.dll => File is digitally signed

    C:\Windows\SysWOW64\User32.dll => File is digitally signed

    C:\Windows\System32\userinit.exe => File is digitally signed

    C:\Windows\SysWOW64\userinit.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed

    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed





    LastRegBack: 2014-08-28 17:41



    ==================== End Of Log ============================

    MOre in next post
     
  11. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014

    Ran by Fred at 2014-09-02 18:31:22

    Running from C:\Users\Fred\Desktop

    Boot Mode: Normal

    ==========================================================





    ==================== Security Center ========================



    (If an entry is included in the fixlist, it will be removed.)



    AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}



    ==================== Installed Programs ======================



    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)



    Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

    Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

    Acrobat X Suite (HKLM-x32\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)

    Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)

    Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden

    Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

    Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden

    Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)

    Adobe Captivate Quiz Results Analyzer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

    Adobe Captivate Reviewer (HKLM-x32\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)

    Adobe Captivate Reviewer (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)

    Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden

    Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)

    Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

    Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

    Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

    Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)

    Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)

    Adobe Presenter 7 (HKLM-x32\...\Adobe Presenter 7) (Version: 7.0.6 - Adobe Systems)

    Adobe Presenter 7 (x32 Version: 7.0 - Adobe Systems Inc.) Hidden

    Agilent B2900A Quick IV Measurement Software (HKLM-x32\...\{6112E209-7844-4538-83F4-20997F366F5F}) (Version: 30.14.0422 - Agilent Technologies)

    Agilent BenchVue (HKLM-x32\...\{997F599F-4B8D-4E0A-A820-C7C3571D7C53}) (Version: 1.0 - Agilent Technologies)

    Agilent Communications Fabric (HKLM-x32\...\{03D6CB38-947A-4AEE-96EE-9EBBDC5F093B}) (Version: 1.3.18121.11919 - Agilent Technologies, Inc.)

    Agilent Firmware Update Utility Type 2 (HKLM-x32\...\{5765EDDD-AC73-406F-99BB-D9A9B34B85D9}) (Version: 1.1.14403 - Agilent Technologies, Inc)

    Agilent IO Libraries Suite 16.3 Update 2 (HKLM-x32\...\InstallShield_{6419465C-004C-42D1-840D-3E23FA5D8E27}) (Version: 16.3.17914.4 - Agilent Technologies)

    Agilent IO Libraries Suite 16.3 Update 2 (x32 Version: 16.3.17914.4 - Agilent Technologies) Hidden

    Agilent IO Libraries Suite 64-bit (Version: 16.3.17914.4 - Agilent Technologies) Hidden

    Agilent LXI Mdns Responder 64bit (Version: 1.1.16127.10205 - Agilent Technologies) Hidden

    AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )

    Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)

    Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)

    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

    ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )

    Atmel Software Framework (HKLM-x32\...\{2D423733-FCBC-4E27-B026-D6D973C6496F}) (Version: 3.1.121 - Atmel)

    Atmel Studio 6.0 (HKLM-x32\...\{51CC3953-2D06-47FA-832A-B7FD24D01322}) (Version: 6.0.1843 - Atmel)

    Atmel USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.6 - Atmel)

    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

    Brother BRAdmin Light 1.21.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0001 - Brother)

    Brother MFL-Pro Suite MFC-9560CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)

    Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Calendar #1 [ENU] (HKLM-x32\...\{11420356-8C63-4B6F-9D6E-B2B5E5E8CC2D}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Caution (HKLM-x32\...\{83640671-5F02-4528-82B4-1F4637699C38}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Christmas [ENU] (HKLM-x32\...\{85C58A5E-5DBE-4A4C-B920-BEEE647F24B8}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Eco (HKLM-x32\...\{13967EAF-6FE3-4394-ACAD-326C463FB6D4}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Facility #1 [ENU] (HKLM-x32\...\{7E5902CB-8ED3-4B7C-9FDF-2D7CBFC96512}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Files (HKLM-x32\...\{B9AA72E1-DDB0-4344-9FFA-11545382ECB5}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Halloween [ENU] (HKLM-x32\...\{F72DCCC0-60E3-4E2C-9EA6-FFBF60507DCE}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Holiday #1 [ENU] (HKLM-x32\...\{3C7CAD9F-5967-4993-899A-C449BA9E9C74}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Office Signage (HKLM-x32\...\{58A7A4BA-AB8F-410F-963D-0BB3E73389F7}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Personal #3 [ENU] (HKLM-x32\...\{ED13E571-7997-4C44-896D-297C09047B64}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Personal (HKLM-x32\...\{B24F0BA7-A962-47D2-A4E6-0E3AFCE8D874}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Personal Files [ENU] (HKLM-x32\...\{315CF84A-788E-4C14-8511-58BD81D2CD0E}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Retail #3 [ENU] (HKLM-x32\...\{395D8D04-902F-44A5-AC57-51CA2377D074}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Retail #4 [ENU] (HKLM-x32\...\{7B4170CA-3C13-4A4F-97F5-E90E0038E9A4}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Retail (HKLM-x32\...\{CDE0AEA2-2F2F-4894-987F-5BE954E578A8}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Shipping (HKLM-x32\...\{C99C37D6-6ADA-4CDF-971E-46DCB1E743CE}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Spices [ENU] (HKLM-x32\...\{7E891772-627E-4E90-B05F-269390A5279D}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Editor Label Collection - Valentine's Day [ENU] (HKLM-x32\...\{2A30091B-C0FA-45AD-BA11-427FBF0B8313}) (Version: 1.0.001 - Brother Industries, Ltd.)

    Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)

    Cadence Allegro Free Physical Viewers 16.6 (HKLM-x32\...\{2BB61CCF-BB29-42C1-A313-CF4CC2B924B2}) (Version: 16.6.0 - Cadence Design Systems)

    CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

    Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{50B62367-6210-45E4-AA1E-A0532926E429}) (Version: 8.29.3201 - Cisco WebEx LLC)

    Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

    CiscoVirtualCom(x64) (HKLM-x32\...\{4741C69E-1B4E-43DA-9598-7F94BA6B66E7}) (Version: 1.00.0000 - Cisco Systems, Inc.)

    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

    Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)

    Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)

    dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden

    eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

    EVGA OC Scanner X 2.2.2 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)

    Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)

    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)

    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

    Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

    GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)

    HiJackThis (HKLM-x32\...\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}) (Version: 1.0.0 - Trend Micro)

    HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)

    IAR Embedded Workbench for ARM (HKLM-x32\...\{239741D2-0F26-4C44-8777-C544096ECB75}) (Version: 6.70.1 - IAR Systems)

    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

    iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)

    iPort Utility Pack V5.5.0 (HKLM-x32\...\{3247A5E1-6E26-4DB1-8157-A71D5FDCB02B}) (Version: 5.5.0 - Micro Computer Control Corporation (MCC))

    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

    IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden

    IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)

    Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)

    Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

    JLink OB CDC Driver Package (HKLM\...\{CD0E9FFE-70DD-47E3-A7A5-750E9DE6F40B}) (Version: 1.2.1 - SEGGER)

    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Libero SoC v10.1 (HKLM-x32\...\InstallShield_{F4288E89-50D2-463B-B609-0A7405D49E4B}) (Version: 10.1.0.14 - Microsemi Corp.)

    Libero SoC v10.1 (x32 Version: 10.1.0.14 - Microsemi Corp.) Hidden

    Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

    Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

    LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )

    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

    Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)

    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

    Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

    Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)

    Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden

    Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)

    Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden

    Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)

    Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)

    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

    Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)

    Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

    Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

    Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden

    Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

    Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

    Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

    Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)

    Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)

    Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)

    Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)

    Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)

    Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

    Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

    Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

    Microsoft Sync Framework 2.0 SDK (x64) ENU (HKLM\...\{546B499C-2CEB-409C-AA03-59CE8B5A6AFA}) (Version: 2.0.1578.0 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)

    Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden

    Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)

    Microsoft Visual Studio 2008 Standard Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden

    Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden

    Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)

    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)

    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden

    Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)

    Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)

    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)

    Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)

    Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)

    Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)

    Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

    Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

    Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

    Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

    Mindjet MindManager 2012 (HKLM-x32\...\{03D57353-071B-4D21-982A-CC35C962A7C4}) (Version: 10.1.459 - Mindjet)

    More to go
     
     
  12. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

    MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)

    Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)

    Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)

    NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )

    Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )

    Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

    Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

    NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

    NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

    NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

    NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

    NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

    NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

    NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

    NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

    P&E Multilink Universal (HKLM-x32\...\multilink_universal) (Version: - )

    PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)

    PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)

    PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

    PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)

    Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)

    Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)

    PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.0 - Prolific Technology INC)

    PuTTY development snapshot 2014-09-01:r10214 (HKLM-x32\...\PuTTY_is1) (Version: 2014-09-01:r10214 - Simon Tatham)

    PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

    Python 3.4 pyserial-2.7 (HKCU\...\pyserial-py3.4) (Version: - )

    Python 3.4.0 (64-bit) (HKLM\...\{863162A8-ECC2-35EA-BDF7-E09AC456E164}) (Version: 3.4.150 - Python Software Foundation)

    Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)

    QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

    Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

    SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.6.0 - SAMSUNG Electronics Co., Ltd.)

    Scansoft PDF Professional (x32 Version: - ) Hidden

    SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)

    Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

    Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)

    Speccy (HKLM\...\Speccy) (Version: 1.10 - Piriform)

    SuperNZB v4.0.6 (HKLM-x32\...\SuperNZB_is1) (Version: - )

    TiVo Desktop 2.8.2 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.369 - TiVo Inc.)

    TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)

    TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

    TurboTax 2013 wcaiper (x32 Version: 013.000.1280 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden

    TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden

    TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

    Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)

    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)

    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)

    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

    Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM-x32\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version: - Microsoft)

    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

    Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221) (HKLM-x32\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB972221) (Version: 1 - Microsoft Corporation)

    USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.21.50 - Conexant)

    VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden

    ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon)

    VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: 1.6 - IVI Foundation)

    VISA Shared Components 64-Bit (Version: 1.6.0 - IVI Foundation) Hidden

    Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)

    Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)

    WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)

    WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

    Windows Driver Package - Actel Corporation (FP3B-CYUSB) USB (03/30/2010 1.0.0.1) (HKLM\...\F019ECC44078E3948264818BEC4C98589BFAE565) (Version: 03/30/2010 1.0.0.1 - Actel Corporation)

    Windows Driver Package - Actel Corporation (FP4-CYUSB) USB (03/30/2010 1.0.0.1) (HKLM\...\9ACB2B8D83A1D62E6DAC4435E07D197574DB6C5A) (Version: 03/30/2010 1.0.0.1 - Actel Corporation)

    Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05) (HKLM\...\1C43F1704FCDAEB095E591CCD332A2EEE6D1B03B) (Version: 05/23/2012 2.05 - IAR Systems)

    Windows Driver Package - Segger (jlink_ob_x64) USB (03/13/2012 2.6.6.2) (HKLM\...\6D4C34D12E9233ABADF9D04ADF9E288A7ECF3B5B) (Version: 03/13/2012 2.6.6.2 - Segger)

    Windows Driver Package - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)

    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

    Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

    Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

    Wireshark 1.12.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, http://www.wireshark.org)



    ==================== Custom CLSID (selected items): ==========================



    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)



    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

    CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)



    ==================== Restore Points =========================



    25-08-2014 22:00:14 System Stable

    26-08-2014 04:31:20 SQL and SyncToy repairs

    26-08-2014 04:32:03 Installed Microsoft Sync Framework 2.0 SDK (x64) ENU

    27-08-2014 01:00:09 Windows Backup

    28-08-2014 15:18:57 Windows Update

    28-08-2014 20:58:44 Windows Update

    29-08-2014 01:00:28 Windows Backup

    30-08-2014 20:04:30 Before Akamai ASUS

    30-08-2014 23:40:19 Removed SyncToy 2.1 (x64)

    31-08-2014 01:00:10 Windows Backup

    31-08-2014 15:39:13 before antivirus round2

    31-08-2014 16:14:33 Before DDS after malwareBytes

    31-08-2014 16:42:41 TDSSKiller next

    31-08-2014 16:47:48 Before MBRCheck

    31-08-2014 16:52:37 combofix

    31-08-2014 17:36:19 OTL Restore Point - 2014-08-31 10:36:19 AM

    01-09-2014 00:21:07 After Virus Cleanup vefore OTL clean with out Restore point del

    01-09-2014 01:43:36 after cleanup

    01-09-2014 02:04:20 Installed Adobe Flash Player 14 ActiveX.

    01-09-2014 02:17:53 chrome

    01-09-2014 03:26:12 Acrobat working

    01-09-2014 03:42:41 Removed iTunes

    01-09-2014 03:48:07 Installed Java 7 Update 65

    01-09-2014 04:04:05 photoshop

    01-09-2014 17:14:54 Windows Update

    01-09-2014 18:41:06 AdwCleaner

    01-09-2014 22:45:27 MSFT Malicious removal tool and offce SP3 and IE11

    01-09-2014 23:06:26 FRST64

    02-09-2014 01:00:11 Windows Backup

    02-09-2014 04:14:56 After RogueKiller

    03-09-2014 00:01:54 Combofix



    ==================== Hosts content: ==========================



    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)



    2009-07-13 19:34 - 2014-08-31 10:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost



    ==================== Scheduled Tasks (whitelisted) =============



    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)



    Task: {1F1CDF66-35C3-46AD-94A3-814AAEE30013} - System32\Tasks\AdobeAAMUpdater-1.0-MossLanding-Fred => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)

    Task: {26E59356-D653-429B-8CF5-14A2D489E9F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)

    Task: {2D5351FE-7A2D-46E4-A9F5-AC20D860B8E8} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)

    Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION

    Task: {48654794-C250-491A-B114-C2FD4ECAD08B} - System32\Tasks\AdobeAAMUpdater-1.0-MossLanding-Theresa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)

    Task: {4DBFD76E-E45F-429F-87A6-11751AA730F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)

    Task: {5D4AA109-FC07-4CA8-B494-C3AB3D553AB9} - System32\Tasks\Virus Scan => C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11] (Microsoft Corporation)

    Task: {61858E27-8D65-454B-8BCA-3A6F190BCB1B} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()

    Task: {6DAEDCD1-C66D-4902-B114-F4360BE23528} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

    Task: {9D7B4B4F-8A4F-4B27-90B1-DA65FBC9FCDB} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()

    Task: {A05F2938-1645-435C-B67D-5064B5574D0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-31] (Adobe Systems Incorporated)

    Task: {C0C1CC5A-F9C8-4D25-81F6-960C0C8FE1BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

    Task: {DD7A18A9-D823-48BD-833C-D5AD192F5652} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

    Task: {E1347269-92B8-43E7-8FC7-4BE0B4DD4B87} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()

    Task: {EA8924BE-B19A-48D0-956D-09B0AB190693} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

    Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe



    ==================== Loaded Modules (whitelisted) =============



    2012-02-21 12:48 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

    2011-05-21 09:19 - 2008-06-03 23:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll

    2011-08-24 18:18 - 2010-03-15 16:18 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll

    2008-11-26 04:15 - 2008-11-26 04:15 - 00084992 _____ () C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\PDFLShim.dll

    2008-11-16 16:51 - 2008-11-16 16:51 - 00657408 _____ () C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\AdobeXMP.dll

    2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll

    2011-08-24 18:18 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll



    ==================== Alternate Data Streams (whitelisted) =========



    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)





    ==================== Safe Mode (whitelisted) ===================



    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)



    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"



    ==================== EXE Association (whitelisted) =============



    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)





    ==================== MSCONFIG/TASK MANAGER disabled items =========



    (Currently there is no automatic fix for this section.)



    MSCONFIG\Services: Apple Mobile Device => 2

    MSCONFIG\Services: Bonjour Service => 3

    MSCONFIG\Services: iPod Service => 3

    MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

    MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup

    MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

    MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

    MSCONFIG\startupreg: iTunesHelper =>

    MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe

    MSCONFIG\startupreg: NvBackend =>

    MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

    MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

    MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

    MSCONFIG\startupreg: SunJavaUpdateSched =>

    MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe



    ==================== Faulty Device Manager Devices =============



    Name: ASUS PCE-N15 11n Wireless LAN PCI-E Card

    Description: ASUS PCE-N15 11n Wireless LAN PCI-E Card

    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

    Manufacturer: ASUSTeK Computer Inc.

    Service: RTL8192Ce

    Problem: : This device is disabled. (Code 22)

    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.





    ==================== Event log errors: =========================



    Application errors:

    ==================



    System errors:

    =============



    Microsoft Office Sessions:

    =========================

    Error: (08/28/2014 01:53:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 635 seconds with 600 seconds of active time. This session ended with a crash.



    Error: (08/26/2014 07:30:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.



    Error: (08/26/2014 07:29:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 354 seconds with 300 seconds of active time. This session ended with a crash.



    Error: (08/26/2014 06:46:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash.



    Error: (07/24/2014 01:50:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 501 seconds with 480 seconds of active time. This session ended with a crash.



    Error: (06/15/2014 08:47:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139 seconds with 60 seconds of active time. This session ended with a crash.



    Error: (05/11/2014 08:24:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 168 seconds with 120 seconds of active time. This session ended with a crash.



    Error: (05/11/2014 08:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.



    Error: (05/11/2014 08:19:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4521 seconds with 2280 seconds of active time. This session ended with a crash.



    Error: (04/23/2014 06:11:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61 seconds with 0 seconds of active time. This session ended with a crash.





    CodeIntegrity Errors:

    ===================================

    Date: 2014-08-31 10:05:52.597

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2014-08-31 10:05:52.441

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2014-08-17 14:31:13.761

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\data\Utilities\Sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2014-08-17 14:31:13.599

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\data\Utilities\Sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2011-05-20 18:50:13.298

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\data_bad_drive\Banff\D915PBL Motherboard\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2011-05-20 18:50:13.282

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\data_bad_drive\Banff\D915PBL Motherboard\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2011-05-20 18:50:12.846

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Fred\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.



    Date: 2011-05-20 18:50:12.846

    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Fred\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.





    ==================== Memory info ===========================



    Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz

    Percentage of memory in use: 26%

    Total physical RAM: 8191.05 MB

    Available physical RAM: 5990.7 MB

    Total Pagefile: 9213.23 MB

    Available Pagefile: 6705.62 MB

    Total Virtual: 8192 MB

    Available Virtual: 8191.8 MB



    ==================== Drives ================================



    Drive c: (Moss Landing) (Fixed) (Total:447.03 GB) (Free:146.72 GB) NTFS

    Drive d: (Carmel) (Fixed) (Total:1863.01 GB) (Free:370.55 GB) NTFS

    Drive e: (Arch1) (Fixed) (Total:1863.01 GB) (Free:1594.39 GB) NTFS



    ==================== MBR & Partition Table ==================



    ========================================================

    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3FBADE9A)

    Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)



    ========================================================

    Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 061394F6)

    Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)



    ========================================================

    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 1C3AFD17)

    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

    Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)



    ==================== End Of Log ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014

    Ran by Fred at 2014-09-02 19:55:45 Run:1

    Running from C:\Users\Fred\Desktop

    Boot Mode: Normal

    ==============================================



    Content of fixlist:

    *****************

    HKLM-x32\...\Run: [] => [X]

    BootExecute:

    S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

    S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]

    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

    S3 VGPU; System32\drivers\rdvgkmd.sys [X]

    C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs

    C:\Users\Fred\GoPython.bat

    C:\Users\Fred\AppData\Local\Temp\Quarantine.exe

    Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION

    Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION



    *****************



    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

    BootExecute: => Error: No automatic fix found for this entry.

    nvvad_WaveExtensible => Service deleted successfully.

    PROCEXP151 => Service deleted successfully.

    Synth3dVsc => Service deleted successfully.

    tsusbhub => Service deleted successfully.

    VGPU => Service deleted successfully.

    C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs => Moved successfully.

    C:\Users\Fred\GoPython.bat => Moved successfully.

    C:\Users\Fred\AppData\Local\Temp\Quarantine.exe => Moved successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" => Key deleted successfully.



    ==== End of Fixlog ====



    FYI: I wrote GoPython.bat
     
  15. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    If you wish you can get that file back from C:\FRST\Qauarantine folder
     
  17. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    I used both links for Security check. Both result in error unsupported OS. I am pretty sure I ran the second version of this program successfully before. I have not started the other tests. What do you recommend I try next?

    I know EST will take a long time to run. I will run it overnight. If it is not complete (I have three hard drives) is it okay if it is past my main drive or should I wait until all scans are done?
     
  18. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    Restart computer and Security Check should work
     
  19. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Here the results of two of the programs. I will start ESET next.



    Results of screen317's Security Check version 0.99.87

    Windows 7 Service Pack 1 x64 (UAC is disabled!)

    Internet Explorer 11

    ``````````````Antivirus/Firewall Check:``````````````

    Windows Security Center service is not running! This report may not be accurate!

    Windows Firewall Enabled!

    Microsoft Security Essentials

    (On Access scanning disabled!)

    Error obtaining update status for antivirus!

    `````````Anti-malware/Other Utilities Check:`````````

    Secunia PSI (3.0.0.9016)

    Java 7 Update 65

    Java version out of Date!

    Adobe Flash Player 14.0.0.179

    Mozilla Firefox (Meeting.)

    Google Chrome 36.0.1985.143

    Google Chrome 37.0.2062.102

    ````````Process Check: objlist.exe by Laurent````````

    Microsoft Security Essentials MSMpEng.exe

    Microsoft Security Essentials msseces.exe

    Malwarebytes Anti-Malware mbamservice.exe

    Malwarebytes Anti-Malware mbam.exe

    Malwarebytes Anti-Malware mbamscheduler.exe

    iolo Common Lib ioloServiceManager.exe

    iolo System Mechanic LiveBoost.exe

    iolo System Mechanic iologovernor64.exe

    `````````````````System Health check`````````````````

    Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

    ````````````````````End of Log``````````````````````





    Farbar Service Scanner Version: 21-07-2014

    Ran by Fred (administrator) on 02-09-2014 at 20:53:57

    Running from "C:\Users\Fred\Desktop"

    Microsoft Windows 7 Ultimate Service Pack 1 (X64)

    Boot Mode: Normal

    ****************************************************************



    Internet Services:

    ============



    Connection Status:

    ==============

    Localhost is accessible.

    LAN connected.

    Google IP is accessible.

    Google.com is accessible.

    Yahoo.com is accessible.





    Windows Firewall:

    =============



    Firewall Disabled Policy:

    ==================





    System Restore:

    ============



    System Restore Disabled Policy:

    ========================





    Action Center:

    ============





    Windows Update:

    ============



    Windows Autoupdate Disabled Policy:

    ============================





    Windows Defender:

    ==============

    WinDefend Service is not running. Checking service configuration:

    The start type of WinDefend service is set to Demand. The default start type is Auto.

    The ImagePath of WinDefend service is OK.

    The ServiceDll of WinDefend service is OK.





    Windows Defender Disabled Policy:

    ==========================

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

    "DisableAntiSpyware"=DWORD:1





    Other Services:

    ==============





    File Check:

    ========

    C:\Windows\System32\nsisvc.dll => File is digitally signed

    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

    C:\Windows\System32\dhcpcore.dll => File is digitally signed

    C:\Windows\System32\drivers\afd.sys => File is digitally signed

    C:\Windows\System32\drivers\tdx.sys => File is digitally signed

    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

    C:\Windows\System32\dnsrslvr.dll => File is digitally signed

    C:\Windows\System32\mpssvc.dll => File is digitally signed

    C:\Windows\System32\bfe.dll => File is digitally signed

    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

    C:\Windows\System32\SDRSVC.dll => File is digitally signed

    C:\Windows\System32\vssvc.exe => File is digitally signed

    C:\Windows\System32\wscsvc.dll => File is digitally signed

    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

    C:\Windows\System32\wuaueng.dll => File is digitally signed

    C:\Windows\System32\qmgr.dll => File is digitally signed

    C:\Windows\System32\es.dll => File is digitally signed

    C:\Windows\System32\cryptsvc.dll => File is digitally signed

    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

    C:\Windows\System32\ipnathlp.dll => File is digitally signed

    C:\Windows\System32\iphlpsvc.dll => File is digitally signed

    C:\Windows\System32\svchost.exe => File is digitally signed

    C:\Windows\System32\rpcss.dll => File is digitally signed
     
  20. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Hi Broni,



    ESET completed and found errors on D:, which is where backups of C: are stored, and on E: which has some ancient programs that are not used any more.



    What does the located conduit do on my system? That is, does is send information to someone? One more thing that may be relevant, I have blocked IP addresses, 31.13.77.65 and 31.13.77.81, which are registered to Facebook Ireland. I have never used Facebook but someone borrowing the PC may have.



    I appreciate your help with this cleanup,

    Fred





    D:\MOSSLANDING\Backup Set 2014-07-09 064333\Backup Files 2014-07-09 064333\Backup files 112.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

    D:\MOSSLANDING\Backup Set 2014-07-18 073017\Backup Files 2014-07-18 073017\Backup files 112.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

    D:\MOSSLANDING\Backup Set 2014-08-04 213000\Backup Files 2014-08-04 213000\Backup files 113.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

    D:\MOSSLANDING\Backup Set 2014-08-12 180000\Backup Files 2014-08-17 081328\Backup files 1.zip Win32/OpenCandy potentially unsafe applicationdeleted - quarantined

    E:\Pgm_files\Norton Your Eyes Only Win95\Emergency unlock\BOOTLOCK.COM probably unknown TSR.COM.EXE.BOOT virus deleted - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    http://malwaretips.com/blogs/conduit-search-removal/

    Update your Java version here: http://www.java.com/en/download/manual.jsp
    Alternate download: http://www.filehippo.com/search?q=java

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

    Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    ===========================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  22. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Hi Broni,

    Thanks for the good news and help with this. Here is what I have tested:
    1) Index files did not die on one power cycle test.
    2) SyncToy still has issues with JPG files.
    3) Still problems with:
    C:\Windows\SysWOW64"\[l:20{10}]"mfplat.dll"; source file in store is also corrupted

    The system seems more responsive. Do you have any more suggestions?

    I am traveling for a while but will send an update in about a month and click the donate button.

    Thanks for your help,
     
  23. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    1. Cool :)
    2. That would be a subject to Windows forum.
    3. Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
    Code:
    :filefind
    mfplat.dll
    
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  24. EyeSore

    EyeSore TS Rookie Topic Starter Posts: 42

    Hi Broni,

    I am on business travel and will not be able to provide this input until I return mid-October. Thanks for your continued input.
     
  25. Broni

    Broni Malware Annihilator Posts: 47,704   +268

    No problem.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.