Inactive Mfplat.dll, SyncToy, and WIN7 Index fail

EyeSore · Sep 1, 2014

Hello,

I have been using TechSpot forum posts to help clean up my WIN7 PC. Some progress was made but here is what may still be malware related:

1) sfc /scannow
Produces errors:

Cannot repair member file [l:20{10}]"mfplat.dll" of Microsoft-Windows-MFPlat, Version = 6.1.7600.16385, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

Cannot repair member file [l:42{21}]"CntrtextInstaller.dll" of Microsoft-Windows-ServicingStack, Version = 6.1.7601.17592, pA = PROCESSOR_ARCHITECTURE_INTEL (0), Culture neutral, VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral in the store, hash mismatch

2) A cold boot (no power to main board) corrupts my WIN7 index file. Event View shows:

The gatherer is unable to read the registry URL.

Context: Application, SystemIndex Catalog

Details:

(HRESULT : 0x0) (0x00000000)

====

The application cannot be initialized.

Context: Windows Application

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

====

The Windows Search service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

====

A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

====

The index cannot be initialized.

Details:

The registry value cannot be read because the configuration is invalid. Recreate the content index configuration by removing the content index. (HRESULT : 0x80040d03) (0x80040d03)

====

The Windows Search service terminated with service-specific error %%-2147218173.

====

The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

=====

The search service has detected corrupted data files in the index {id=431}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

====

The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:

The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

3) SyncToy does not work reliably.
It finds untouched files that it wants to delete.

4) I have run many virus checkers; memtest86 finds no error; Hard disk checks pass.

I) Old logs have been saved. First run of Malwarebytes Anti-Malware ==

Registry Values: 4

PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{7e8a1050-cf67-4575-92df-dcc60e7d952d}, Quarantined, [0816616c1a615dd9401be395bf4356aa],

PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{7E8A1050-CF67-4575-92DF-DCC60E7D952D}, SweetPacks Toolbar, Quarantined, [0816616c1a615dd9401be395bf4356aa]

PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{7E8A1050-CF67-4575-92DF-DCC60E7D952D}, Quarantined, [0816616c1a615dd9401be395bf4356aa],

PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{7e8a1050-cf67-4575-92df-dcc60e7d952d}, Quarantined, [7ca2fad3304b41f5bd9e6e0a1fe322de],

Registry Data: 2

Broken.OpenCommand, HKCR\scrfile\shell\open\command, NOTEPAD.EXE Good: ("Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]" /S), %4, %5

Broken.OpenCommand, HKCR\regfile\shell\open\command, NOTEPAD.EXE Good: (regedit.exe "Bad: (NOTEPAD.EXE %1),Replaced,[ffffffffffffffffffffffffffffffff]"), %4, %5

Folders: 0

(No malicious items detected)

Files: 3

PUP.Optional.OpenCandy, C:\Users\Fred\Desktop\FreeFileSync_6.8_Windows_Setup.exe, Quarantined, [36e8a825accf340272a0fd0f768fc23e],

PUP.Optional.Conduit.A, C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://search.conduit.com/ResultsEx...earchSource=2&CUI=UN46422662120452130&UM=2&q=")

, Replaced,[3be309c45c1ff83e4bb5ee2b877e58a8]

PUP.Optional.Conduit.A, C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js, Good: (), Bad: (user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsEx...120452130&UM=2&SearchSource=3&q={searchTerms}")

, Replaced,[f22c498489f2023416fdb1685aab8878]

ii) Latest run ==

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2014-09-01

Scan Time: 4:22:01 PM

Logfile: Malwarebutes 2014-09-01.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.09.01.08

Rootkit Database: v2014.08.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Fred

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 498085

Time Elapsed: 7 min, 48 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

=====================

iii) DDS was run, ComboFix, Rkill, AdwCleaner, JRT, …

5) The PC seems to work otherwise.

What do you recommend I try next?

Thanks.

Broni · Sep 1, 2014

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

EyeSore · Sep 1, 2014

Hi Broni, Thanks for your help.

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 2014-09-01

Scan Time: 4:22:01 PM

Logfile: Malwarebutes 2014-09-01.txt

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.09.01.08

Rootkit Database: v2014.08.21.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Fred

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 498085

Time Elapsed: 7 min, 48 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

=================

***Opening up log file from history tab results in the same information as above.

=================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 2011-05-16 11:20:16 PM

System Uptime: 2014-09-01 4:51:54 PM (4 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5Q-PRO

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz | LGA 775 | 3166/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 447 GiB total, 146.811 GiB free.

D: is FIXED (NTFS) - 1863 GiB total, 370.552 GiB free.

E: is FIXED (NTFS) - 1863 GiB total, 1595.001 GiB free.

F: is CDROM ()

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: ASUS PCE-N15 11n Wireless LAN PCI-E Card

Device ID: PCI\VEN_10EC&DEV_8178&SUBSYS_84B61043&REV_01\4&298F2D5&0&00E0

Manufacturer: ASUSTeK Computer Inc.

Name: ASUS PCE-N15 11n Wireless LAN PCI-E Card

PNP Device ID: PCI\VEN_10EC&DEV_8178&SUBSYS_84B61043&REV_01\4&298F2D5&0&00E0

Service: RTL8192Ce

.

==== System Restore Points ===================

.

RP1218: 2014-08-24 6:00:10 PM - Windows Backup

RP1219: 2014-08-25 7:16:54 AM - Windows Update

RP1220: 2014-08-25 3:00:14 PM - System Stable

RP1221: 2014-08-25 9:31:20 PM - SQL and SyncToy repairs

RP1222: 2014-08-25 9:32:03 PM - Installed Microsoft Sync Framework 2.0 SDK (x64) ENU

RP1223: 2014-08-26 6:00:09 PM - Windows Backup

RP1224: 2014-08-28 8:18:57 AM - Windows Update

RP1225: 2014-08-28 1:58:44 PM - Windows Update

RP1226: 2014-08-28 6:00:28 PM - Windows Backup

RP1227: 2014-08-30 1:04:30 PM - Before Akamai ASUS

RP1228: 2014-08-30 4:40:19 PM - Removed SyncToy 2.1 (x64)

RP1229: 2014-08-30 6:00:10 PM - Windows Backup

RP1230: 2014-08-31 8:39:13 AM - before antivirus round2

RP1231: 2014-08-31 9:14:33 AM - Before DDS after malwareBytes

RP1232: 2014-08-31 9:42:41 AM - TDSSKiller next

RP1233: 2014-08-31 9:47:48 AM - Before MBRCheck

RP1234: 2014-08-31 9:52:37 AM - combofix

RP1235: 2014-08-31 10:36:19 AM - OTL Restore Point - 2014-08-31 10:36:19 AM

RP1236: 2014-08-31 5:21:07 PM - After Virus Cleanup vefore OTL clean with out Restore point del

RP1237: 2014-08-31 6:43:36 PM - after cleanup

RP1238: 2014-08-31 7:04:20 PM - Installed Adobe Flash Player 14 ActiveX.

RP1239: 2014-08-31 7:17:53 PM - chrome

RP1240: 2014-08-31 8:26:12 PM - Acrobat working

RP1241: 2014-08-31 8:42:41 PM - Removed iTunes

RP1242: 2014-08-31 8:48:07 PM - Installed Java 7 Update 65

RP1243: 2014-08-31 9:04:05 PM - photoshop

RP1244: 2014-09-01 10:14:54 AM - Windows Update

RP1245: 2014-09-01 11:41:06 AM - AdwCleaner

RP1246: 2014-09-01 3:45:27 PM - MSFT Malicious removal tool and offce SP3 and IE11

RP1247: 2014-09-01 4:06:26 PM - FRST64

RP1248: 2014-09-01 6:00:11 PM - Windows Backup

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.20 (x64 edition)

Acrobat X Suite

Acronis True Image Home 2012

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Captivate Quiz Results Analyzer

Adobe Captivate Reviewer

Adobe Community Help

Adobe Flash Player 14 ActiveX

Adobe Flash Player 14 Plugin

Adobe Media Player

Adobe PDF iFilter 9 for 64-bit platforms

Adobe Photoshop Lightroom 3.6 64-bit

Adobe Presenter 7

Agilent B2900A Quick IV Measurement Software

Agilent BenchVue

Agilent Communications Fabric

Agilent Firmware Update Utility Type 2

Agilent IO Libraries Suite 16.3 Update 2

Agilent IO Libraries Suite 64-bit

Agilent LXI Mdns Responder 64bit

AI Suite

Akamai NetSession Interface

Amazon Kindle

Apple Application Support

Apple Software Update

ASUSUpdate

Atmel Software Framework

Atmel Studio 6.0

Atmel USB

Bonjour

Brother BRAdmin Light 1.21.0001

Brother MFL-Pro Suite MFC-9560CDW

Brother P-touch Editor 5.1

Brother P-touch Editor Label Collection - Calendar #1 [ENU]

Brother P-touch Editor Label Collection - Caution

Brother P-touch Editor Label Collection - Christmas [ENU]

Brother P-touch Editor Label Collection - Eco

Brother P-touch Editor Label Collection - Facility #1 [ENU]

Brother P-touch Editor Label Collection - Files

Brother P-touch Editor Label Collection - Halloween [ENU]

Brother P-touch Editor Label Collection - Holiday #1 [ENU]

Brother P-touch Editor Label Collection - Office Signage

Brother P-touch Editor Label Collection - Personal

Brother P-touch Editor Label Collection - Personal #3 [ENU]

Brother P-touch Editor Label Collection - Personal Files [ENU]

Brother P-touch Editor Label Collection - Retail

Brother P-touch Editor Label Collection - Retail #3 [ENU]

Brother P-touch Editor Label Collection - Retail #4 [ENU]

Brother P-touch Editor Label Collection - Shipping

Brother P-touch Editor Label Collection - Spices [ENU]

Brother P-touch Editor Label Collection - Valentine's Day [ENU]

Brother P-touch Update Software

Cadence Allegro Free Physical Viewers 16.6

CCleaner

Cisco WebEx Meeting Center for Firefox or Chrome

Cisco WebEx Meetings

CiscoVirtualCom(x64)

D3DX10

Defraggler

Dropbox

dsdminst

eReg

EVGA OC Scanner X 2.2.2

Fuze Meeting

Google Chrome

Google Drive

Google Earth

Google Update Helper

GoToMeeting 5.1.0.880

HiJackThis

Hotfix for Microsoft Visual Studio 2008 Standard Edition - ENU (KB971091)

HP Virtual Room Client Launcher Plugin

IAR Embedded Workbench for ARM

ImgBurn

iolo technologies' System Mechanic

iPort Utility Pack V5.5.0

iSEEK AnswerWorks English Runtime

IVI Shared Component 64-bit

IVI Shared Components 2.2.1

Java 7 Update 65

Java 7 Update 65 (64-bit)

JLink OB CDC Driver Package

Junk Mail filter update

Libero SoC v10.1

Logitech SetPoint 6.65

Logitech Unifying Software 2.50

LTspice IV

Malwarebytes Anti-Malware version 2.0.2.1012

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft .NET Framework 4.5.1

Microsoft Access database engine 2010 (English)

Microsoft Application Error Reporting

Microsoft Document Explorer 2008

Microsoft Help Viewer 1.1

Microsoft Mathematics (64-bit)

Microsoft Mathematics Add-in (32-bit)

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)

Microsoft Office Ultimate 2007

Microsoft Office Visio 2007 Service Pack 3 (SP3)

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Visual Web Developer 2007

Microsoft Office Visual Web Developer MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server 2008 R2 Management Objects

Microsoft SQL Server Compact 3.5 Design Tools ENU

Microsoft SQL Server Compact 3.5 ENU

Microsoft SQL Server Database Publishing Wizard 1.2

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server System CLR Types

Microsoft SQL Server VSS Writer

Microsoft Sync Framework 2.0 Core Components (x64) ENU

Microsoft Sync Framework 2.0 Provider Services (x64) ENU

Microsoft Sync Framework 2.0 SDK (x64) ENU

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU

Microsoft Visual Studio 2008 Standard Edition - ENU

Microsoft Visual Studio 2010 Service Pack 1

Microsoft Visual Studio 2010 Shell (Isolated) - ENU

Microsoft Visual Studio 2010 Tools for Office Runtime (x64)

Microsoft Visual Studio Web Authoring Component

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense

Microsoft Windows SDK for Visual Studio 2008 Tools

Microsoft Windows SDK for Visual Studio 2008 Win32 Tools

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Mindjet MindManager 2012

Mozilla Firefox 31.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

MyPhoneExplorer

Nikon Message Center 2

Nikon Movie Editor

NirSoft NK2Edit

Notepad++

Nuance PaperPort 12

Nuance PDF Viewer Plus

NVIDIA 3D Vision Controller Driver 335.21

NVIDIA 3D Vision Driver 331.65

NVIDIA Control Panel 331.65

NVIDIA Graphics Driver 331.65

NVIDIA HD Audio Driver 1.3.30.1

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.13.1220

NVIDIA Stereoscopic 3D Driver

P&E Multilink Universal

PaperPort Image Printer 64-bit

PC Probe II

PDF-XChange 3

PDF Settings CS5

Picture Control Utility

Picture Control Utility x64

PL-2303 USB-to-Serial

PuTTY development snapshot 2014-09-01:r10214

PVSonyDll

Python 3.4 pyserial-2.7

Python 3.4.0 (64-bit)

Quicken 2011

QuickTime

Recuva

SAMSUNG USB Driver for Mobile Phones

Scansoft PDF Professional

SeaTools for Windows

Secunia PSI (3.0.0.9016)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition

Sentinel Protection Installer 7.6.3

Speccy

SuperNZB v4.0.6

TiVo Desktop 2.8.2

TrueCrypt

TurboTax 2013

TurboTax 2013 wcaiper

TurboTax 2013 WinPerFedFormset

TurboTax 2013 WinPerReleaseEngine

TurboTax 2013 WinPerTaxSupport

TurboTax 2013 wrapper

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Visio 2007 Help (KB963666)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221)

USB ACF Modem

VC Runtimes MSI

ViewNX 2

VISA Shared Components 64-Bit

Visual Studio .NET Prerequisites - English

Wacom Tablet

WebTablet IE Plugin

WebTablet Netscape Plugin

Windows Driver Package - Actel Corporation (FP3B-CYUSB) USB (03/30/2010 1.0.0.1)

Windows Driver Package - Actel Corporation (FP4-CYUSB) USB (03/30/2010 1.0.0.1)

Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05)

Windows Driver Package - Segger (jlink_ob_x64) USB (03/13/2012 2.6.6.2)

Windows Driver Package - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows XP Mode

WinPcap 4.1.3

Wireshark 1.12.0 (64-bit)

.

==== Event Viewer Messages From Past Week ========

.

2014-09-01 4:18:46 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

2014-09-01 4:18:45 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16555 BrowserJavaVersion: 10.65.2

Run by Fred at 20:19:30 on 2014-09-01

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5725 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k AcfXAudioService

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe

C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe

C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe

C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Browny02\BrYNSvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\splwow64.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.bing.com/

BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe

mRun: [PDF5 Registry Controller] C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

StartupFolder: C:\Users\Fred\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SetPoint.lnk - C:\Program Files\Logitech\SetPointP\SetPoint.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab

DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} - hxxps://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} : DHCPNameServer = 172.27.35.1 192.168.1.1

TCP: Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9}\D4F63737C416E64696E676 : DHCPNameServer = 172.27.35.1 192.168.1.1

TCP: Interfaces\{E85B1010-51EC-4612-B0B6-45D69A433BED} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{F028D76E-22FC-4F33-B2EC-D4F62E648F0D} : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB} - C:\Program Files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-2-23 137312]

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]

R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-5-12 211552]

R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2013-6-9 146528]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\ElRawDsk.sys [2012-10-26 30752]

R1 RawDisk3;RawDisk3;C:\Windows\System32\drivers\rawdsk3.sys [2014-7-28 32912]

R2 AcfXAudioService;AcfXAudioService;C:\Windows\System32\svchost.exe -k AcfXAudioService [2009-7-13 27136]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-6-9 3459024]

R2 AgilentCommunicationsFabric;Agilent Communications Fabric;C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [2014-1-21 32072]

R2 AgilentIOLibrariesService;Agilent IO Libraries Service;C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [2013-11-14 82248]

R2 AgtMdnsResponder;Agilent mDNS Responder Service;C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [2012-5-26 426496]

R2 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2014-8-26 4700872]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-8-31 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-8-31 860472]

R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-9 144672]

R2 PDFsFilter;PDFsFilter;C:\Windows\System32\drivers\PDFsFilter.sys [2014-8-15 82160]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-12-6 1229528]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-12-6 662232]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2012-11-14 145448]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-6-28 5915352]

R3 acfva;acfva;C:\Windows\System32\drivers\ACFVA64.sys [2009-9-2 123008]

R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-6-9 367200]

R3 AgilentPXIResourceManager;Agilent PXI Resource Manager;C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [2013-11-14 262984]

R3 AgPciMem;AgPciMem;C:\Program Files\Agilent\IO Libraries Suite\agPcimem.sys [2013-11-14 15592]

R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-8-24 266240]

R3 CiscoSerial;CiscoPort;C:\Windows\System32\drivers\CiscoUsbConsoleWindowsDriver64.sys [2009-10-16 95232]

R3 dgcfltr;DGC Filter Driver;C:\Windows\System32\drivers\ACFDCP64.sys [2009-4-29 34944]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2014-3-18 77592]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2014-3-18 13080]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-8-31 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-8-31 122584]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-8-31 63704]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-12-6 18456]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-5-21 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 133928]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]

S3 PORTMON;PORTMON;C:\data\Utilities\Sysinternals\PORTMSYS.SYS [2014-7-3 28656]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-5-21 20992]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2011-6-29 1145960]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\System32\drivers\s1018bus.sys [2009-3-25 113704]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\System32\drivers\s1018mdfl.sys [2009-3-25 19496]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\System32\drivers\s1018mdm.sys [2009-3-25 153128]

S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s1018mgmt.sys [2009-3-25 133160]

S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\System32\drivers\s1018nd5.sys [2009-3-25 34856]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\System32\drivers\s1018obex.sys [2009-3-25 128552]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\System32\drivers\s1018unic.sys [2009-3-25 146472]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-21 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2011-5-22 16384]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-17 1255736]

S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-2-16 137232]

S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-1-3 14624]

S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-10-23 414496]

S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2013-3-12 6438264]

S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .jse: JSEFile=NOTEPAD.EXE %1

FileExt: .wsf: WSFFile=NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2014-09-02 00:07:28 75888 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4191C800-F0B4-4397-A2F8-D7CE1ECC0F7C}\offreg.dll

2014-09-02 00:07:06 11319192 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4191C800-F0B4-4397-A2F8-D7CE1ECC0F7C}\mpengine.dll

2014-09-01 22:56:00 -------- d-----w-C:\Windows\ERUNT

2014-09-01 18:42:28 536576 ----a-w-C:\Windows\SysWow64\sqlite3.dll

2014-09-01 18:41:45 -------- d-----w-C:\AdwCleaner

2014-09-01 03:48:24 98216 ----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2014-09-01 03:31:39 159744 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2014-09-01 01:45:46 -------- d-----w-C:\Users\Fred\AppData\Local\Secunia PSI

2014-09-01 01:45:37 -------- d-----w-C:\Program Files (x86)\Secunia

2014-09-01 01:40:18 11319192 ----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-08-31 17:08:46 -------- d-sh--w- C:\$RECYCLE.BIN

2014-08-31 15:46:01 122584 ----a-w-C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-08-31 15:45:26 91352 ----a-w-C:\Windows\System32\drivers\mbamchameleon.sys

2014-08-31 15:45:26 63704 ----a-w-C:\Windows\System32\drivers\mwac.sys

2014-08-31 15:45:26 25816 ----a-w-C:\Windows\System32\drivers\mbam.sys

2014-08-31 15:45:26 -------- d-----w-C:\ProgramData\Malwarebytes

2014-08-31 15:45:26 -------- d-----w-C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-30 20:05:34 -------- d-----w-C:\Users\Fred\AppData\Local\Akamai

2014-08-29 15:05:27 1169712 ------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A5BC01DE-5AF0-44BD-AA2F-55209F16FBE5}\gapaengine.dll

2014-08-28 13:52:16 404480 ----a-w-C:\Windows\System32\gdi32.dll

2014-08-28 13:52:16 3163648 ----a-w-C:\Windows\System32\win32k.sys

2014-08-28 13:52:16 311808 ----a-w-C:\Windows\SysWow64\gdi32.dll

2014-08-27 04:34:49 2155152 ----a-w-C:\Windows\System32\Incinerator64.dll

2014-08-16 01:10:26 2097984 ----a-w-C:\Windows\SysWow64\Incinerator32.dll

2014-08-16 01:10:12 82160 ----a-w-C:\Windows\System32\drivers\PDFsFilter.sys

2014-08-16 01:10:12 57584 ----a-w-C:\Windows\System32\iolobtdfg.exe

2014-08-16 01:10:12 26184 ----a-w-C:\Windows\System32\smrgdf.exe

2014-08-16 01:10:12 -------- d-----w-C:\ProgramData\ioloGovernor

2014-08-16 01:10:11 -------- d-----w-C:\Users\Fred\AppData\Roaming\ioloGovernor

2014-08-16 01:10:09 69000 ----a-w-C:\Windows\System32\offreg.dll

2014-08-16 01:10:09 56200 ----a-w-C:\Windows\SysWow64\offreg.dll

2014-08-16 01:10:06 -------- d-----w-C:\Program Files (x86)\iolo

2014-08-16 01:06:01 74703 ----a-w-C:\Windows\SysWow64\mfc45.dat

2014-08-16 01:06:01 -------- d-----w-C:\Users\Fred\AppData\Roaming\iolo

2014-08-16 01:06:01 -------- d-----w-C:\ProgramData\iolo

2014-08-15 04:24:52 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2014-08-15 04:18:30 99480 ----a-w-C:\Windows\SysWow64\infocardapi.dll

2014-08-15 04:18:30 619672 ----a-w-C:\Windows\SysWow64\icardagt.exe

2014-08-15 04:18:30 171160 ----a-w-C:\Windows\System32\infocardapi.dll

2014-08-15 04:18:30 1389208 ----a-w-C:\Windows\System32\icardagt.exe

2014-08-15 04:18:28 8856 ----a-w-C:\Windows\SysWow64\icardres.dll

2014-08-15 04:18:28 8856 ----a-w-C:\Windows\System32\icardres.dll

2014-08-15 04:18:17 35480 ----a-w-C:\Windows\SysWow64\TsWpfWrp.exe

2014-08-15 04:18:17 35480 ----a-w-C:\Windows\System32\TsWpfWrp.exe

2014-08-15 01:25:22 7168 ----a-w-C:\Windows\SysWow64\KBDYAK.DLL

2014-08-15 01:25:22 7168 ----a-w-C:\Windows\System32\KBDYAK.DLL

2014-08-15 01:25:22 7168 ----a-w-C:\Windows\System32\KBDBASH.DLL

2014-08-15 01:25:22 6656 ----a-w-C:\Windows\SysWow64\KBDBASH.DLL

2014-08-11 15:13:14 48656 ----a-w-C:\Windows\System32\drivers\asd2fsm.sys

2014-08-11 15:13:13 -------- d-----w-C:\ProgramData\Anvisoft

2014-08-11 15:13:10 -------- d-----w-C:\Program Files (x86)\Anvisoft

2014-08-09 06:03:51 -------- d-----w-C:\ProgramData\Spybot - Search & Destroy

2014-08-03 22:14:57 -------- d-----w-C:\MATS

2014-08-03 09:54:28 188304 ----a-w-C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2014-09-01 02:04:45 71344 ----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-01 02:04:45 699568 ----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe

2014-07-31 03:23:00 18960 ----a-w-C:\Windows\System32\drivers\LNonPnP.sys

2014-07-28 18:29:09 111016 ----a-w-C:\Windows\System32\WindowsAccessBridge-64.dll

2014-07-16 03:23:41 2048 ----a-w-C:\Windows\System32\tzres.dll

2014-07-16 02:46:02 2048 ----a-w-C:\Windows\SysWow64\tzres.dll

2014-07-14 02:02:45 1216000 ----a-w-C:\Windows\System32\rpcrt4.dll

2014-07-14 01:40:58 664064 ----a-w-C:\Windows\SysWow64\rpcrt4.dll

2014-07-13 20:33:58 32912 ----a-w-C:\Windows\System32\drivers\rawdsk3.sys

2014-06-16 02:10:19 985536 ----a-w-C:\Windows\System32\drivers\dxgkrnl.sys

.

============= FINISH: 20:19:55.32 ===============

Broni · Sep 1, 2014

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]

EyeSore · Sep 2, 2014

Nothing found by MBAR. All logs follow:

RogueKiller V9.2.9.0 [Jul 11 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : https://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Fred [Admin rights]

Mode : Remove -- Date : 09/01/2014 21:12:04

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 39 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7A3AA2B3-C0BD-4318-A121-41F76992DFF9} | DhcpNameServer : 172.27.35.1 192.168.1.1 -> NOT SELECTED

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0 -> NOT SELECTED

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> NOT SELECTED

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> NOT SELECTED

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> NOT SELECTED

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> NOT SELECTED

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> NOT SELECTED

[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> NOT SELECTED

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> NOT SELECTED

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0 -> NOT SELECTED

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> NOT SELECTED

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0 -> NOT SELECTED

[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0 -> NOT SELECTED

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> NOT SELECTED

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bing.com/ -> NOT SELECTED

[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> NOT SELECTED

[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3443260511-751025859-1096921692-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD20EZRX-00DC0B0 ATA Device +++++

--- User ---

[MBR] 644ff445fc91eb1d73cee9f8a8d202cf

[BSP] 15609027c25b2027dd8638a363dccd1b : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive1: ST32000542AS ATA Device +++++

--- User ---

[MBR] 73a4192c17468c8b3f77948e693f9a73

[BSP] e0833ea19b169022a3fd30e8063b69fe : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive2: MKNSSDCR480GB-DX ATA Device +++++

--- User ---

[MBR] 776e1daf09d738089d2c5905500809a3

[BSP] a9a810ea272c58751d44f7e05daf9e17 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 457761 MB

User = LL1 ... OK

User = LL2 ... OK

+++++ PhysicalDrive3: Generic Ultra HS-SD/MMC USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

============================================

RKreport_SCN_09012014_211101.log

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

www.malwarebytes.org

Database version: v2014.09.02.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Fred :: MOSSLANDING [administrator]

2014-09-01 9:18:04 PM

mbar-log-2014-09-01 (21-18-04).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 500122

Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED

CPU speed: 3.166000 GHz

Memory total: 8588939264, free: 4776030208

Downloaded database version: v2014.09.02.02

Downloaded database version: v2014.08.21.01

Initializing...

======================

Done!

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 3FBADE9A

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 3907024896

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes

Sector size: 512 bytes

Done!

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 61394F6

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 63 Numsec = 3907023659

Partition file system is NTFS

Partition is not bootable

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 2000398934016 bytes

Sector size: 512 bytes

Done!

Drive 2

This is a System drive

Scanning MBR on drive 2...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 1C3AFD17

Partition information:

Partition 0 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 2048 Numsec = 204800

Partition file system is NTFS

Partition is bootable

Partition 1 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 206848 Numsec = 937494528

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 480103981056 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 2 (1-2047-937683088-937703088)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-63-I.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-2048-I.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...

Removal finished

Broni · Sep 2, 2014

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
If the connection is not there use restore point you created prior to running Combofix.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

EyeSore · Sep 2, 2014

Hi Broni,

Both programs were run. I was not 100% sure about your text near the end of your message. I was not sure what run your_name.exe meant. There was nothing created on my desktop like that. The first version of rKill ran.

Note that Firefox is no longer not tied to links and that PDF icons are no longer valid.

Thanks for helping

ComboFix 14-08-31.01 - Fred 2014-09-02 17:04:13.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5859 [GMT -7:00]

Running from: c:\users\Fred\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2014-08-03 to 2014-09-03 )))))))))))))))))))))))))))))))

.

.

2014-09-03 00:09 . 2014-09-03 00:09 -------- d-----w-c:\users\Theresa\AppData\Local\temp

2014-09-02 15:03 . 2014-09-02 15:03 75888 ----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8058A308-9FBF-4E3F-8764-8D7187DDF590}\offreg.dll

2014-09-02 15:02 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8058A308-9FBF-4E3F-8764-8D7187DDF590}\mpengine.dll

2014-09-02 04:17 . 2014-09-02 04:26 -------- d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)

2014-09-02 04:01 . 2014-09-02 04:01 33512 ----a-w- c:\windows\SysWow64\drivers\TrueSight.sys

2014-09-02 04:01 . 2014-09-02 04:01 -------- d-----w-c:\programdata\RogueKiller

2014-09-02 00:07 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-09-01 22:56 . 2014-09-01 22:56 -------- d-----w-c:\windows\ERUNT

2014-09-01 18:42 . 2010-08-30 15:34 536576 ----a-w-c:\windows\SysWow64\sqlite3.dll

2014-09-01 18:41 . 2014-09-01 18:52 -------- d-----w-C:\AdwCleaner

2014-09-01 03:48 . 2014-09-01 03:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2014-09-01 03:31 . 2014-09-01 03:31 159744 ----a-w-c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2014-09-01 03:08 . 2014-09-01 03:31 -------- d-----w-c:\program files (x86)\QuickTime

2014-09-01 03:04 . 2014-09-01 03:04 -------- d-----w-c:\program files (x86)\Apple Software Update

2014-09-01 02:16 . 2014-09-01 02:16 -------- d-----w-c:\program files (x86)\PuTTY

2014-09-01 01:45 . 2014-09-01 01:45 -------- d-----w-c:\users\Fred\AppData\Local\Secunia PSI

2014-09-01 01:45 . 2014-09-01 01:45 -------- d-----w-c:\program files (x86)\Secunia

2014-08-31 15:46 . 2014-09-02 21:38 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-08-31 15:45 . 2014-09-02 04:16 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-08-31 15:45 . 2014-08-31 15:45 -------- d-----w-c:\program files (x86)\Malwarebytes Anti-Malware

2014-08-31 15:45 . 2014-08-31 15:45 -------- d-----w-c:\programdata\Malwarebytes

2014-08-31 15:45 . 2014-05-12 14:26 63704 ----a-w-c:\windows\system32\drivers\mwac.sys

2014-08-31 15:45 . 2014-05-12 14:25 25816 ----a-w-c:\windows\system32\drivers\mbam.sys

2014-08-30 20:05 . 2014-08-30 20:06 -------- d-----w-c:\users\Fred\AppData\Local\Akamai

2014-08-29 15:05 . 2014-08-19 15:22 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A5BC01DE-5AF0-44BD-AA2F-55209F16FBE5}\gapaengine.dll

2014-08-28 13:52 . 2014-08-23 02:07 404480 ----a-w-c:\windows\system32\gdi32.dll

2014-08-28 13:52 . 2014-08-23 01:45 311808 ----a-w-c:\windows\SysWow64\gdi32.dll

2014-08-28 13:52 . 2014-08-23 00:59 3163648 ----a-w-c:\windows\system32\win32k.sys

2014-08-27 04:34 . 2014-08-13 06:41 2155152 ----a-w- c:\windows\system32\Incinerator64.dll

2014-08-16 01:10 . 2014-08-13 06:41 2097984 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2014-08-16 01:10 . 2014-08-13 06:57 57584 ----a-w-c:\windows\system32\iolobtdfg.exe

2014-08-16 01:10 . 2014-08-13 06:57 26184 ----a-w-c:\windows\system32\smrgdf.exe

2014-08-16 01:10 . 2014-07-13 20:31 82160 ----a-w-c:\windows\system32\drivers\PDFsFilter.sys

2014-08-16 01:10 . 2014-07-13 20:31 69000 ----a-w-c:\windows\system32\offreg.dll

2014-08-16 01:10 . 2014-07-13 20:31 56200 ----a-w-c:\windows\SysWow64\offreg.dll

2014-08-16 01:10 . 2014-08-16 01:10 -------- d-----w-c:\program files (x86)\iolo

2014-08-16 01:06 . 2014-08-27 04:36 -------- d-----w-c:\programdata\iolo

2014-08-16 01:06 . 2014-08-16 01:56 -------- d-----w-c:\users\Fred\AppData\Roaming\iolo

2014-08-16 01:06 . 2014-08-16 01:06 74703 ----a-w-c:\windows\SysWow64\mfc45.dat

2014-08-15 04:24 . 2014-08-15 04:24 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2014-08-15 04:18 . 2014-03-09 21:48 171160 ----a-w-c:\windows\system32\infocardapi.dll

2014-08-15 04:18 . 2014-03-09 21:48 1389208 ----a-w-c:\windows\system32\icardagt.exe

2014-08-15 04:18 . 2014-03-09 21:47 99480 ----a-w-c:\windows\SysWow64\infocardapi.dll

2014-08-15 04:18 . 2014-03-09 21:47 619672 ----a-w-c:\windows\SysWow64\icardagt.exe

2014-08-15 04:18 . 2014-06-30 22:24 8856 ----a-w-c:\windows\system32\icardres.dll

2014-08-15 04:18 . 2014-06-30 22:14 8856 ----a-w-c:\windows\SysWow64\icardres.dll

2014-08-15 04:18 . 2014-06-06 06:16 35480 ----a-w-c:\windows\SysWow64\TsWpfWrp.exe

2014-08-15 04:18 . 2014-06-06 06:12 35480 ----a-w-c:\windows\system32\TsWpfWrp.exe

2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDYAK.DLL

2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDTAT.DLL

2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDRU1.DLL

2014-08-15 01:25 . 2014-07-09 02:03 6656 ----a-w-c:\windows\system32\KBDRU.DLL

2014-08-15 01:25 . 2014-07-09 02:03 7168 ----a-w-c:\windows\system32\KBDBASH.DLL

2014-08-15 01:25 . 2014-07-09 01:31 7168 ----a-w-c:\windows\SysWow64\KBDYAK.DLL

2014-08-15 01:25 . 2014-07-09 01:31 6656 ----a-w-c:\windows\SysWow64\KBDBASH.DLL

2014-08-11 15:13 . 2014-05-29 02:03 48656 ----a-w-c:\windows\system32\drivers\asd2fsm.sys

2014-08-11 15:13 . 2014-08-11 15:13 -------- d-----w-c:\programdata\Anvisoft

2014-08-11 15:13 . 2014-08-11 15:13 -------- d-----w-c:\program files (x86)\Anvisoft

2014-08-09 06:03 . 2014-08-18 16:20 -------- d-----w-c:\programdata\Spybot - Search & Destroy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-09-01 02:04 . 2012-04-03 00:20 699568 ----a-w-c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-01 02:04 . 2011-05-17 07:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-08-19 15:22 . 2011-05-21 13:39 1169712 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2014-08-01 06:41 . 2011-05-21 13:40 99218768 ----a-w-c:\windows\system32\MRT.exe

2014-07-31 03:23 . 2011-05-21 21:59 18960 ----a-w-c:\windows\system32\drivers\LNonPnP.sys

2014-07-28 18:29 . 2014-07-28 18:29 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2014-07-28 18:29 . 2014-07-28 18:29 319912 ----a-w-c:\windows\system32\javaws.exe

2014-07-28 18:29 . 2014-07-28 18:29 189352 ----a-w-c:\windows\system32\javaw.exe

2014-07-28 18:29 . 2014-07-28 18:29 189352 ----a-w-c:\windows\system32\java.exe

2014-07-13 20:33 . 2014-07-29 03:36 32912 ----a-w-c:\windows\system32\drivers\rawdsk3.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 130736 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-29 5955088]

"PDFHook"="c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe" [2010-03-06 636192]

"PDF5 Registry Controller"="c:\program files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe" [2010-03-06 62752]

"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-07 143360]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]

"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-29 1171336]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2014-05-08 840568]

.

c:\users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

SetPoint.lnk - c:\program files\Logitech\SetPointP\SetPoint.exe [2014-5-19 3100440]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-12-6 565464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ ???????\0

\0\0????\0????\0\0????????????\0\0\0????\0??????\0 L????\0????\0\0.\0????\0À11#\0???\0H\0c:\program\0e.
.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 PORTMON;PORTMON;c:\data\Utilities\Sysinternals\PORTMSYS.SYS;c:\data\Utilities\Sysinternals\PORTMSYS.SYS [x]

R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS;c:\windows\SYSNATIVE\Drivers\PROCEXP151.SYS [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]

R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]

R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]

R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]

R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]

R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]

R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys;c:\windows\SYSNATIVE\DRIVERS\vpcuxd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe;c:\windows\SysWOW64\atashost.exe [x]

R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R4 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [x]

R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]

S1 RawDisk3;RawDisk3;c:\windows\system32\drivers\rawdsk3.sys;c:\windows\SYSNATIVE\drivers\rawdsk3.sys [x]

S2 AcfXAudioService;AcfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

S2 AgilentCommunicationsFabric;Agilent Communications Fabric;c:\program files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe;c:\program files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [x]

S2 AgilentIOLibrariesService;Agilent IO Libraries Service;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe;c:\program files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [x]

S2 AgtMdnsResponder;Agilent mDNS Responder Service;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe;c:\program files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [x]

S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]

S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

S2 Sentinel64;Sentinel64;c:\windows\System32\Drivers\Sentinel64.sys;c:\windows\SYSNATIVE\Drivers\Sentinel64.sys [x]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]

S3 acfva;acfva;c:\windows\system32\DRIVERS\ACFVA64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFVA64.sys [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

S3 AgilentPXIResourceManager;Agilent PXI Resource Manager;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe;c:\program files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [x]

S3 AgPciMem;AgPciMem;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys;c:\program files\Agilent\IO Libraries Suite\AgPciMem.sys [x]

S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

S3 CiscoSerial;CiscoPort;c:\windows\system32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys;c:\windows\SYSNATIVE\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [x]

S3 dgcfltr;DGC Filter Driver;c:\windows\system32\DRIVERS\ACFDCP64.sys;c:\windows\SYSNATIVE\DRIVERS\ACFDCP64.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - CPUZ135

*NewlyCreated* - MBAMSWISSARMY

*Deregistered* - cpuz135

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-09-01 02:18 1096520 ----a-w-c:\program files (x86)\Google\Chrome\Application\37.0.2062.102\Installer\chrmstp.exe

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{90EF4A5E-85DB-4825-96F5-1AB93C2A8EEB}]

2012-02-27 11:49 1409 ----a-r- c:\program files (x86)\Mindjet\MindManager 10\sys\MmInternetExplorerActiveSetup.vbs

.

Contents of the 'Scheduled Tasks' folder

.

2014-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:04]

.

2014-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 22:45]

.

2014-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 22:45]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-06-05 17:17 164016 ----a-w- c:\users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-08-08 17:34 777032 ----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-11-09 497648]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-29 403144]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalServiceNetworkRestricted

netman

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.bing.com/

uInternet Settings,ProxyOverride = *.local;<local>

TCP: DhcpNameServer = 192.168.1.254

DPF: {CE335477-C2B3-4B59-8305-5D9A77D1F133} - hxxps://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-09-02 17:11:30

ComboFix-quarantined-files.txt 2014-09-03 00:11

.

Pre-Run: 157,674,631,168 bytes free

Post-Run: 157,579,255,808 bytes free

.

- - End Of File - - BF64A23D4657CEBA466B9A9AF7AAB8ED

A36C5E4F47E84449FF07ED3517B43A31

Rkill 2.6.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2014 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/02/2014 05:22:42 PM in x64 mode. (Safe Mode)

Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Base Filtering Engine (BFE) is not Running.

Startup Type set to: Automatic

* DHCP Client (Dhcp) is not Running.

Startup Type set to: Automatic

* DNS Client (Dnscache) is not Running.

Startup Type set to: Automatic

* COM+ Event System (EventSystem) is not Running.

Startup Type set to: Automatic

* Windows Firewall (MpsSvc) is not Running.

Startup Type set to: Automatic

* Network Connections (Netman) is not Running.

Startup Type set to: Automatic

* Network Store Interface Service (nsi) is not Running.

Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.

Startup Type set to: Automatic (Delayed Start)

* Ancillary Function Driver for Winsock (AFD) is not Running.

Startup Type set to: System

* Windows Firewall Authorization Driver (mpsdrv) is not Running.

Startup Type set to: Manual

* NetBT (NetBT) is not Running.

Startup Type set to: System

* NSI proxy service driver. (nsiproxy) is not Running.

Startup Type set to: System

* NetIO Legacy TDI Support Driver (tdx) is not Running.

Startup Type set to: System

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 09/02/2014 05:22:58 PM

Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

Broni · Sep 2, 2014

Looks good.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

EyeSore · Sep 2, 2014

# AdwCleaner v3.309 - Report created 02/09/2014 at 18:16:54

# Updated 02/09/2014 by Xplode

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

# Username : Fred - MOSSLANDING

# Running from : C:\Users\Fred\Desktop\adwcleaner_3.309.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16555

-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\apvakfg6.default\prefs.js ]

[ File : C:\Users\Be My Guest\AppData\Roaming\Mozilla\Firefox\Profiles\6m0j1cov.default\prefs.js ]

[ File : C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\prefs.js ]

[ File : C:\Users\Theresa\AppData\Roaming\Mozilla\Firefox\Profiles\76716l4z.default\prefs.js ]

-\\ Google Chrome v37.0.2062.102

[ File : C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}

[ File : C:\Users\Theresa\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [5814 octets] - [01/09/2014 11:41:51]

AdwCleaner[R1].txt - [1602 octets] - [02/09/2014 18:15:15]

AdwCleaner[S0].txt - [5840 octets] - [01/09/2014 11:52:38]

AdwCleaner[S1].txt - [1527 octets] - [02/09/2014 18:16:54]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1587 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Ultimate x64

Ran by Fred on 2014-09-02 at 18:21:04.66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 2014-09-02 at 18:28:28.17

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014

Ran by Fred (administrator) on MOSSLANDING on 02-09-2014 18:30:48

Running from C:\Users\Fred\Desktop

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Agilent Technologies, Inc.) C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe

(Agilent) C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe

(Agilent) C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe

(Agilent) C:\Program Files\Agilent\IO Libraries Suite\AgilentNkoServer.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Agilent Technologies) C:\Program Files\Agilent\IO Libraries Suite\bin\iproc488.exe

(Agilent Technologies) C:\Program Files\Agilent\IO Libraries Suite\bin\iproc82357.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Microsoft Corporation) C:\Windows\System32\wisptis.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(Agilent) C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-11-08] (Adobe Systems Incorporated)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403144 2012-06-28] (Acronis)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)

HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

Startup: C:\Users\Fred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SetPoint.lnk

ShortcutTarget: SetPoint.lnk -> C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll (Dropbox, Inc.)

BootExecute: ???????

????????????????????[1]?????????? L????????.????À11#???[1]HC:\Programe.

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: CmjBrowserHelperObject Object -> {6FE6A929-59D1-4763-91AD-29B61CFFB35B} -> C:\Program Files (x86)\Mindjet\MindManager 10\Mm8InternetExplorer.dll (Mindjet)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {CE335477-C2B3-4B59-8305-5D9A77D1F133} https://dropbox.kirkland.com/COM/MOVEitUploadWizard7.1.0.ocx

Winsock: Catalog5 10 C:\Program Files (x86)\Agilent\IO Libraries Suite\LxiMdnsNsp.dll [144896] (Agilent Technologies, Inc.)

Winsock: Catalog5-x64 10 C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsNsp.dll [161792] (Agilent Technologies, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF ProfilePath: C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default

FF DefaultSearchEngine: Wikipedia (en)

FF SelectedSearchEngine: Wikipedia (en)

FF Homepage: hxxp://www.google.com/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @rooms.hp.com -> C:\Program Files (x86)\Hewlett-Packard\HP Virtual Room Client Launcher Plugin\nphpvrl.dll ( )

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll (Cisco WebEx LLC)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\Fred\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)

FF SearchPlugin: C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\searchplugins\wolframalpha.xml

FF Extension: Flashblock - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-04-17]

FF Extension: WOT - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-09-01]

FF Extension: Adblock Plus - C:\Users\Fred\AppData\Roaming\Mozilla\Firefox\Profiles\d8ou69rg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-05-17]

FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011-05-26]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-07-30]

==== Will place remainder in next post

EyeSore · Sep 2, 2014

Chrome:

=======

CHR HomePage: Default ->

CHR DefaultSearchKeyword: Default -> BEB5C69727333193F2A7F623AEFFA0FB45CEB1DE786CA9EEAD732C90FD3A31E7

CHR DefaultSearchURL: Default -> B264C0A4AA6BBDCC96A444FD08578F71E04F95613474B59A48971430CF2DC75B

CHR Profile: C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-20]

CHR Extension: (Google Drive) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-20]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]

CHR Extension: (YouTube) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-20]

CHR Extension: (Google Search) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-20]

CHR Extension: (FlashFree) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebmieckllmmifjjbipnppinpiohpfahm [2013-11-20]

CHR Extension: (AdBlock) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-11-20]

CHR Extension: (Google Wallet) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-20]

CHR Extension: (Gmail) - C:\Users\Fred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AcfXAudioService; C:\Windows\SysWOW64\ACFXAU64.dll [436736 2009-04-29] (Conexant Systems, Inc.)

R2 AgilentCommunicationsFabric; C:\Program Files (x86)\Agilent\Communications\Fabric\AgilentCommunicationsFabric.exe [32072 2014-01-21] (Agilent Technologies, Inc.)

R2 AgilentIOLibrariesService; C:\Program Files\Agilent\IO Libraries Suite\AgilentIOLibrariesService.exe [82248 2013-11-14] (Agilent)

R3 AgilentPXIResourceManager; C:\Program Files (x86)\Agilent\IO Libraries Suite\AgilentPXIResourceManager.exe [262984 2013-11-14] (Agilent)

R2 AgtMdnsResponder; C:\Program Files\Agilent\IO Libraries Suite\LxiMdnsResponder.exe [426496 2012-05-26] (Agilent) [File not signed]

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-05-26] (Macrovision Europe Ltd.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]

R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-08-12] (iolo technologies, LLC)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-07] (Microsoft Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)

S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)

R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)

R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)

S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 acfva; C:\Windows\System32\DRIVERS\ACFVA64.sys [123008 2009-09-02] (Conexant Systems Inc.)

R3 AgPciMem; C:\Program Files\Agilent\IO Libraries Suite\AgPciMem.sys [15592 2013-11-14] (Agilent Technologies)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()

R3 CiscoSerial; C:\Windows\System32\DRIVERS\CiscoUsbConsoleWindowsDriver64.sys [95232 2009-10-16] (Cisco Systems, Inc.)

R3 dgcfltr; C:\Windows\System32\DRIVERS\ACFDCP64.sys [34944 2009-04-29] (Conexant Systems, Inc.)

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2012-10-26] (EldoS Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-02] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)

R2 mdmxsdk; C:\Windows\System32\DRIVERS\ACFSDK64.sys [17024 2007-03-15] (Conexant)

R3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)

S3 PORTMON; C:\data\Utilities\Sysinternals\PORTMSYS.SYS [28656 2014-08-17] (Systems Internals) [File not signed]

R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)

R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)

S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)

S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)

S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)

S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)

S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)

S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)

S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)

R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)

R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-01] ()

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]

R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)

R2 XAudio; C:\Windows\System32\DRIVERS\ACFXAU64.sys [10240 2009-04-29] (Conexant Systems, Inc.)

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:30 - 2014-09-02 18:31 - 00024173 _____ () C:\Users\Fred\Desktop\FRST.txt

2014-09-02 18:30 - 2014-09-02 18:30 - 00000000 ____D () C:\FRST

2014-09-02 18:13 - 2014-09-02 18:13 - 01370483 _____ () C:\Users\Fred\Desktop\adwcleaner_3.309.exe

2014-09-02 17:15 - 2014-09-02 17:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe

2014-09-02 17:11 - 2014-09-02 17:11 - 00031837 _____ () C:\ComboFix.txt

2014-09-02 17:02 - 2014-09-02 17:11 - 00000000 ____D () C:\Qoobox

2014-09-02 17:02 - 2014-09-02 17:11 - 00000000 ____D () C:\ComboFix

2014-09-02 17:02 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-09-02 17:02 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-09-02 17:02 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-09-02 17:02 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-09-02 17:02 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-09-02 17:02 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe

2014-09-02 17:02 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe

2014-09-02 17:02 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe

2014-09-02 16:59 - 2014-09-02 16:59 - 05576326 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe

2014-09-01 21:17 - 2014-09-01 21:26 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-01 21:16 - 2014-09-01 21:26 - 00000000 ____D () C:\Users\Fred\Desktop\mbar

2014-09-01 21:15 - 2014-09-01 21:16 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe

2014-09-01 21:01 - 2014-09-01 21:01 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-01 20:59 - 2014-09-01 20:59 - 04857944 _____ () C:\Users\Fred\Desktop\RogueKiller.exe

2014-09-01 20:18 - 2014-09-01 20:18 - 00688992 ____R (Swearware) C:\Users\Fred\Desktop\dds.com

2014-09-01 15:56 - 2014-09-01 15:56 - 00000000 ____D () C:\Windows\ERUNT

2014-09-01 15:43 - 2014-09-01 15:49 - 368945248 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\office2007sp3-kb2526086-fullfile-en-us.exe

2014-09-01 15:43 - 2014-09-01 15:47 - 55915216 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\IE11-Windows6.1-x64-en-us.exe

2014-09-01 15:39 - 2014-09-01 15:39 - 00186504 _____ () C:\Users\Fred\Desktop\sfcdetails.txt

2014-09-01 11:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll

2014-09-01 11:41 - 2014-09-02 18:17 - 00000000 ____D () C:\AdwCleaner

2014-09-01 11:17 - 2014-09-02 18:14 - 02104832 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe

2014-09-01 11:16 - 2014-09-02 18:13 - 01016261 _____ (Thisisu) C:\Users\Fred\Desktop\JRT.exe

2014-08-31 22:15 - 2014-08-31 22:15 - 00009712 _____ () C:\Users\Fred\Documents\cc_20140831_221532.reg

2014-08-31 22:14 - 2014-08-31 22:15 - 00871886 _____ () C:\Users\Fred\Documents\cc_20140831_221432 itunes etc removed.reg

2014-08-31 20:48 - 2014-08-31 20:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-31 20:30 - 2014-08-31 20:30 - 00004642 _____ () C:\Users\Fred\Documents\cc_20140831_203012.reg

2014-08-31 20:08 - 2014-08-31 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-08-31 20:08 - 2014-08-31 20:31 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-08-31 20:04 - 2014-08-31 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY

2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\Program Files (x86)\PuTTY

2014-08-31 19:07 - 2014-09-01 15:36 - 00000000 ____D () C:\Users\Fred\Desktop\OLD

2014-08-31 19:04 - 2014-09-02 18:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-31 19:04 - 2014-08-31 20:58 - 00004626 _____ () C:\Windows\SecuniaPackage.log

2014-08-31 19:04 - 2014-08-31 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-31 18:45 - 2014-08-31 18:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Users\Fred\AppData\Local\Secunia PSI

2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-08-31 11:00 - 2014-08-31 11:00 - 00448512 _____ (OldTimer Tools) C:\Users\Fred\Desktop\TFC.exe

2014-08-31 09:54 - 2014-08-31 10:06 - 00000000 ____D () C:\Windows\erdnt

2014-08-31 08:46 - 2014-09-02 18:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-31 08:45 - 2014-09-01 21:16 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-31 08:45 - 2014-08-31 08:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-31 08:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-31 08:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-30 18:55 - 2014-08-30 19:34 - 3320903680 _____ () C:\Users\Fred\Desktop\X17-59465.iso

2014-08-30 18:40 - 2014-08-30 18:48 - 00001908 _____ () C:\Windows\diagwrn.xml

2014-08-30 18:40 - 2014-08-30 18:48 - 00001908 _____ () C:\Windows\diagerr.xml

2014-08-30 16:42 - 2014-08-30 16:42 - 00001178 _____ () C:\Users\Fred\Documents\cc_20140830_164215.reg

2014-08-30 13:05 - 2014-08-30 13:06 - 00000000 ____D () C:\Users\Fred\AppData\Local\Akamai

2014-08-30 11:52 - 2014-08-30 11:52 - 00002216 _____ () C:\Users\Fred\Documents\cc_20140830_115248.reg

2014-08-28 14:03 - 2014-08-28 14:03 - 00001604 _____ () C:\Users\Fred\Documents\cc_20140828_140310.reg

2014-08-28 06:52 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-28 06:52 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-28 06:52 - 2014-08-22 17:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 21:34 - 2014-08-12 23:41 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll

2014-08-25 21:32 - 2014-08-28 18:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework

2014-08-25 21:29 - 2014-08-25 21:29 - 00000020 _____ () C:\Windows\àö

2014-08-25 13:37 - 2014-08-25 13:37 - 00002898 _____ () C:\Users\Fred\Documents\cc_20140825_133741.reg

2014-08-22 13:26 - 2014-08-22 13:26 - 00002140 _____ () C:\Users\Fred\Documents\cc_20140822_132634.reg

2014-08-18 09:25 - 2014-08-18 09:25 - 00003460 _____ () C:\Users\Fred\Documents\cc_20140818_092516 spybott removed.reg

2014-08-18 09:20 - 2014-08-18 09:20 - 00000085 _____ () C:\Windows\wininit.ini

2014-08-18 09:20 - 2014-08-18 09:20 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-08-17 16:18 - 2014-08-17 16:18 - 00001508 _____ () C:\Users\Fred\Documents\cc_20140817_161807.reg

2014-08-16 12:01 - 2014-08-16 12:01 - 00001574 _____ () C:\Users\Fred\Documents\cc_20140816_120135.reg

2014-08-15 20:52 - 2014-08-15 20:52 - 00003110 _____ () C:\Users\Fred\Documents\cc_20140815_205247.reg

2014-08-15 18:10 - 2014-08-26 21:34 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor

2014-08-15 18:10 - 2014-08-26 21:34 - 00001441 _____ () C:\Users\Fred\Desktop\LiveBoost.lnk

2014-08-15 18:10 - 2014-08-26 21:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic

2014-08-15 18:10 - 2014-08-26 21:34 - 00000000 ____D () C:\ProgramData\ioloGovernor

2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\ioloGovernor

2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Program Files (x86)\iolo

2014-08-15 18:10 - 2014-08-12 23:57 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe

2014-08-15 18:10 - 2014-08-12 23:57 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe

2014-08-15 18:10 - 2014-08-12 23:41 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2014-08-15 18:10 - 2014-07-13 13:31 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys

2014-08-15 18:10 - 2014-07-13 13:31 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll

2014-08-15 18:10 - 2014-07-13 13:31 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll

2014-08-15 18:06 - 2014-08-26 21:36 - 00000000 ____D () C:\ProgramData\iolo

2014-08-15 18:06 - 2014-08-15 18:56 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\iolo

2014-08-15 18:06 - 2014-08-15 18:06 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat

2014-08-14 21:24 - 2014-08-14 21:24 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%

2014-08-14 21:18 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-14 21:18 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-14 21:18 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-14 21:18 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-14 21:18 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-14 21:18 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-14 21:18 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-14 21:18 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL

2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL

2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL

2014-08-14 18:25 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL

2014-08-14 18:25 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL

2014-08-14 18:25 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL

2014-08-14 18:25 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL

2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL

2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL

2014-08-14 18:25 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL

2014-08-14 18:25 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls

2014-08-14 18:25 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls

2014-08-14 18:24 - 2014-07-15 20:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-14 18:24 - 2014-07-15 19:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-14 18:24 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-14 18:24 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-14 18:24 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-14 18:24 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-14 18:24 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-14 18:24 - 2014-06-03 03:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-14 18:24 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-14 18:24 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-14 18:24 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-14 18:24 - 2014-06-03 02:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-14 18:24 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-14 18:24 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-14 08:07 - 2014-08-14 08:07 - 00000392 _____ () C:\Users\Fred\Documents\cc_20140814_080741.reg

2014-08-13 13:41 - 2014-08-13 13:42 - 00000514 _____ () C:\Users\Fred\Documents\cc_20140813_134158.reg

2014-08-11 23:12 - 2014-08-11 23:12 - 00000534 _____ () C:\Users\Fred\Documents\cc_20140811_231221.reg

2014-08-11 23:03 - 2014-08-11 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer

2014-08-11 22:15 - 2014-08-11 22:15 - 00001752 _____ () C:\Users\Fred\Documents\cc_20140811_221548 Myphoneexp2.reg

2014-08-11 22:14 - 2014-08-11 22:15 - 00015072 _____ () C:\Users\Fred\Documents\cc_20140811_221441 PhoneExplorer Virus cleanup.reg

2014-08-11 08:14 - 2014-08-28 14:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\ProgramData\Anvisoft

2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\Program Files (x86)\Anvisoft

2014-08-11 08:13 - 2014-05-28 19:03 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys

2014-08-11 08:10 - 2014-08-11 08:11 - 36035456 _____ (Anvisoft) C:\Users\Fred\Desktop\asdsetup.exe

2014-08-09 07:35 - 2014-08-09 07:35 - 00000258 _____ () C:\Users\Fred\Documents\cc_20140809_073514.reg

2014-08-09 07:34 - 2009-06-10 14:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140809-073433.backup

2014-08-09 06:41 - 2014-08-09 06:41 - 00000000 ____D () C:\Users\Fred\Documents\ProcAlyzer Dumps

2014-08-08 23:03 - 2014-08-18 09:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-08-06 10:50 - 2014-08-06 10:50 - 00001200 _____ () C:\Users\Fred\Documents\cc_20140806_105003.reg

2014-08-03 17:51 - 2014-08-03 17:51 - 00000134 _____ () C:\Users\Fred\Desktop\Internet Explorer Troubleshooting.url

2014-08-03 17:49 - 2014-08-03 18:14 - 00019983 _____ () C:\Windows\IE11_main.log

2014-08-03 15:14 - 2014-08-03 16:10 - 00000000 ____D () C:\MATS

2014-08-03 11:28 - 2014-08-03 11:28 - 00008962 _____ () C:\Users\Fred\Documents\cc_20140803_112816.reg

2014-08-03 11:28 - 2014-08-03 11:28 - 00001926 _____ () C:\Users\Fred\Documents\cc_20140803_112841.reg

2014-08-03 11:11 - 2014-08-03 11:11 - 00002084 _____ () C:\Users\Fred\Documents\cc_20140803_111132.reg

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-02 18:31 - 2014-09-02 18:30 - 00024173 _____ () C:\Users\Fred\Desktop\FRST.txt

2014-09-02 18:30 - 2014-09-02 18:30 - 00000000 ____D () C:\FRST

2014-09-02 18:25 - 2009-07-13 22:13 - 00852386 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-09-02 18:25 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-09-02 18:25 - 2009-07-13 21:45 - 00013936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-09-02 18:21 - 2014-08-31 08:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-09-02 18:21 - 2012-12-10 12:43 - 01205996 _____ () C:\Windows\WindowsUpdate.log

2014-09-02 18:18 - 2014-08-02 21:26 - 00049016 _____ () C:\Windows\PFRO.log

2014-09-02 18:18 - 2014-08-02 10:06 - 00002011 _____ () C:\Windows\setupact.log

2014-09-02 18:18 - 2013-12-04 20:07 - 00000110 _____ () C:\Windows\agPXICfg.ini

2014-09-02 18:18 - 2013-06-22 15:45 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-02 18:18 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-09-02 18:17 - 2014-09-01 11:41 - 00000000 ____D () C:\AdwCleaner

2014-09-02 18:14 - 2014-09-01 11:17 - 02104832 _____ (Farbar) C:\Users\Fred\Desktop\FRST64.exe

2014-09-02 18:13 - 2014-09-02 18:13 - 01370483 _____ () C:\Users\Fred\Desktop\adwcleaner_3.309.exe

2014-09-02 18:13 - 2014-09-01 11:16 - 01016261 _____ (Thisisu) C:\Users\Fred\Desktop\JRT.exe

2014-09-02 18:08 - 2014-08-31 19:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-09-02 17:15 - 2014-09-02 17:15 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Fred\Desktop\rkill.exe

2014-09-02 17:11 - 2014-09-02 17:11 - 00031837 _____ () C:\ComboFix.txt

2014-09-02 17:11 - 2014-09-02 17:02 - 00000000 ____D () C:\Qoobox

2014-09-02 17:11 - 2014-09-02 17:02 - 00000000 ____D () C:\ComboFix

2014-09-02 17:09 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini

2014-09-02 16:59 - 2014-09-02 16:59 - 05576326 ____R (Swearware) C:\Users\Fred\Desktop\ComboFix.exe

2014-09-01 21:26 - 2014-09-01 21:17 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2014-09-01 21:26 - 2014-09-01 21:16 - 00000000 ____D () C:\Users\Fred\Desktop\mbar

2014-09-01 21:16 - 2014-09-01 21:15 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Fred\Desktop\mbar-1.07.0.1012.exe

2014-09-01 21:16 - 2014-08-31 08:45 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-09-01 21:01 - 2014-09-01 21:01 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys

2014-09-01 21:01 - 2014-09-01 21:01 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-09-01 20:59 - 2014-09-01 20:59 - 04857944 _____ () C:\Users\Fred\Desktop\RogueKiller.exe

2014-09-01 20:23 - 2011-05-28 10:58 - 00000000 ____D () C:\Users\Fred\Desktop\PC Problems

2014-09-01 20:18 - 2014-09-01 20:18 - 00688992 ____R (Swearware) C:\Users\Fred\Desktop\dds.com

2014-09-01 20:13 - 2011-11-06 11:36 - 00000000 ____D () C:\Users\Fred\Desktop\Scans

2014-09-01 15:56 - 2014-09-01 15:56 - 00000000 ____D () C:\Windows\ERUNT

2014-09-01 15:49 - 2014-09-01 15:43 - 368945248 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\office2007sp3-kb2526086-fullfile-en-us.exe

2014-09-01 15:47 - 2014-09-01 15:43 - 55915216 _____ (Microsoft Corporation) C:\Users\Fred\Desktop\IE11-Windows6.1-x64-en-us.exe

2014-09-01 15:39 - 2014-09-01 15:39 - 00186504 _____ () C:\Users\Fred\Desktop\sfcdetails.txt

2014-09-01 15:36 - 2014-08-31 19:07 - 00000000 ____D () C:\Users\Fred\Desktop\OLD

2014-09-01 15:30 - 2011-05-17 07:25 - 00007656 _____ () C:\Users\Fred\AppData\Local\resmon.resmoncfg

2014-08-31 22:15 - 2014-08-31 22:15 - 00009712 _____ () C:\Users\Fred\Documents\cc_20140831_221532.reg

2014-08-31 22:15 - 2014-08-31 22:14 - 00871886 _____ () C:\Users\Fred\Documents\cc_20140831_221432 itunes etc removed.reg

2014-08-31 21:28 - 2012-01-15 16:15 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\MyPhoneExplorer

2014-08-31 20:58 - 2014-08-31 19:04 - 00004626 _____ () C:\Windows\SecuniaPackage.log

2014-08-31 20:58 - 2014-07-13 09:51 - 00000000 ____D () C:\Users\Fred\AppData\Local\Adobe

2014-08-31 20:48 - 2014-08-31 20:48 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-08-31 20:48 - 2014-08-31 20:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-31 20:48 - 2011-11-03 11:58 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-31 20:31 - 2014-08-31 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

2014-08-31 20:31 - 2014-08-31 20:08 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-08-31 20:30 - 2014-08-31 20:30 - 00004642 _____ () C:\Users\Fred\Documents\cc_20140831_203012.reg

2014-08-31 20:25 - 2011-05-26 21:38 - 00002453 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk

2014-08-31 20:12 - 2011-05-26 21:38 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk

2014-08-31 20:12 - 2011-05-26 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

2014-08-31 20:12 - 2011-05-26 21:20 - 00000000 ____D () C:\ProgramData\Adobe

2014-08-31 20:04 - 2014-08-31 20:04 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Windows\System32\Tasks\Apple

2014-08-31 20:04 - 2014-08-31 20:04 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY

2014-08-31 19:16 - 2014-08-31 19:16 - 00000000 ____D () C:\Program Files (x86)\PuTTY

2014-08-31 19:04 - 2014-08-31 19:04 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-31 19:04 - 2012-04-02 17:20 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-31 19:04 - 2011-05-17 00:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-31 18:45 - 2014-08-31 18:45 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Users\Fred\AppData\Local\Secunia PSI

2014-08-31 18:45 - 2014-08-31 18:45 - 00000000 ____D () C:\Program Files (x86)\Secunia

2014-08-31 11:00 - 2014-08-31 11:00 - 00448512 _____ (OldTimer Tools) C:\Users\Fred\Desktop\TFC.exe

2014-08-31 10:08 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default

2014-08-31 10:06 - 2014-08-31 09:54 - 00000000 ____D () C:\Windows\erdnt

2014-08-31 10:05 - 2011-05-16 23:20 - 00000000 ____D () C:\Users\Fred

2014-08-31 09:03 - 2009-07-14 00:46 - 00000000 ____D () C:\Windows\CSC

2014-08-31 08:45 - 2014-08-31 08:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-08-31 08:45 - 2014-08-31 08:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-30 19:34 - 2014-08-30 18:55 - 3320903680 _____ () C:\Users\Fred\Desktop\X17-59465.iso

2014-08-30 18:48 - 2014-08-30 18:40 - 00001908 _____ () C:\Windows\diagwrn.xml

2014-08-30 18:48 - 2014-08-30 18:40 - 00001908 _____ () C:\Windows\diagerr.xml

2014-08-30 18:40 - 2014-08-02 10:06 - 00000000 _____ () C:\Windows\setuperr.log

2014-08-30 16:42 - 2014-08-30 16:42 - 00001178 _____ () C:\Users\Fred\Documents\cc_20140830_164215.reg

2014-08-30 16:38 - 2011-05-21 10:26 - 00000000 ____D () C:\data

2014-08-30 13:06 - 2014-08-30 13:05 - 00000000 ____D () C:\Users\Fred\AppData\Local\Akamai

2014-08-30 11:52 - 2014-08-30 11:52 - 00002216 _____ () C:\Users\Fred\Documents\cc_20140830_115248.reg

2014-08-28 18:49 - 2011-05-17 00:03 - 00846762 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-08-28 18:47 - 2014-08-25 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework

2014-08-28 15:08 - 2011-08-24 18:19 - 00000336 _____ () C:\Windows\BRCALIB.INI

2014-08-28 14:06 - 2014-08-11 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft

2014-08-28 14:03 - 2014-08-28 14:03 - 00001604 _____ () C:\Users\Fred\Documents\cc_20140828_140310.reg

2014-08-28 14:00 - 2009-07-13 21:45 - 04752936 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-28 12:35 - 2011-11-03 13:00 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\webex

2014-08-28 08:30 - 2011-05-18 06:45 - 00000000 ____D () C:\Program Files\CCleaner

2014-08-26 21:36 - 2014-08-15 18:06 - 00000000 ____D () C:\ProgramData\iolo

2014-08-26 21:34 - 2014-08-15 18:10 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor

2014-08-26 21:34 - 2014-08-15 18:10 - 00001441 _____ () C:\Users\Fred\Desktop\LiveBoost.lnk

2014-08-26 21:34 - 2014-08-15 18:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic

2014-08-26 21:34 - 2014-08-15 18:10 - 00000000 ____D () C:\ProgramData\ioloGovernor

2014-08-25 21:32 - 2011-05-20 19:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs

2014-08-25 21:29 - 2014-08-25 21:29 - 00000020 _____ () C:\Windows\àö

2014-08-25 13:37 - 2014-08-25 13:37 - 00002898 _____ () C:\Users\Fred\Documents\cc_20140825_133741.reg

2014-08-24 08:25 - 2011-05-22 16:28 - 00000000 ___RD () C:\Users\Fred\Virtual Machines

2014-08-23 18:37 - 2014-07-04 15:44 - 00001772 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk

2014-08-23 18:37 - 2014-07-04 15:44 - 00000000 ____D () C:\Program Files\Wireshark

2014-08-22 19:07 - 2014-08-28 06:52 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-22 18:45 - 2014-08-28 06:52 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-22 17:59 - 2014-08-28 06:52 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 13:26 - 2014-08-22 13:26 - 00002140 _____ () C:\Users\Fred\Documents\cc_20140822_132634.reg

2014-08-18 18:03 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache

2014-08-18 14:58 - 2014-04-23 17:58 - 00000000 ____D () C:\Users\Fred\AppData\Local\NVIDIA Corporation

2014-08-18 14:58 - 2012-11-16 07:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

2014-08-18 14:58 - 2011-08-24 17:12 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-08-18 14:58 - 2011-05-21 08:06 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-08-18 14:58 - 2011-05-21 08:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

2014-08-18 10:00 - 2014-01-27 09:00 - 00001377 _____ () C:\Users\Fred\Desktop\Fuze Meeting .lnk

2014-08-18 09:25 - 2014-08-18 09:25 - 00003460 _____ () C:\Users\Fred\Documents\cc_20140818_092516 spybott removed.reg

2014-08-18 09:20 - 2014-08-18 09:20 - 00000085 _____ () C:\Windows\wininit.ini

2014-08-18 09:20 - 2014-08-18 09:20 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-08-18 09:20 - 2014-08-08 23:03 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-08-18 07:29 - 2012-07-28 18:02 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-08-17 17:12 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK

2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR

2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\zh-HK

2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\tr-TR

2014-08-17 17:10 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-17 16:18 - 2014-08-17 16:18 - 00001508 _____ () C:\Users\Fred\Documents\cc_20140817_161807.reg

2014-08-17 15:20 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration

2014-08-16 13:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-08-16 12:23 - 2013-09-07 12:04 - 00002054 _____ () C:\Users\Public\Desktop\Google Slides.lnk

2014-08-16 12:23 - 2013-09-07 12:04 - 00002052 _____ () C:\Users\Public\Desktop\Google Sheets.lnk

2014-08-16 12:23 - 2013-09-07 12:04 - 00002042 _____ () C:\Users\Public\Desktop\Google Docs.lnk

2014-08-16 12:23 - 2013-09-07 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-08-16 12:01 - 2014-08-16 12:01 - 00001574 _____ () C:\Users\Fred\Documents\cc_20140816_120135.reg

2014-08-15 20:52 - 2014-08-15 20:52 - 00003110 _____ () C:\Users\Fred\Documents\cc_20140815_205247.reg

2014-08-15 18:56 - 2014-08-15 18:06 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\iolo

2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Users\Fred\AppData\Roaming\ioloGovernor

2014-08-15 18:10 - 2014-08-15 18:10 - 00000000 ____D () C:\Program Files (x86)\iolo

2014-08-15 18:06 - 2014-08-15 18:06 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat

2014-08-14 21:25 - 2011-05-16 23:45 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-08-14 21:24 - 2014-08-14 21:24 - 00000000 __SHD () C:\Windows\SysWOW64\%APPDATA%

2014-08-14 21:21 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-08-14 08:07 - 2014-08-14 08:07 - 00000392 _____ () C:\Users\Fred\Documents\cc_20140814_080741.reg

2014-08-13 13:42 - 2014-08-13 13:41 - 00000514 _____ () C:\Users\Fred\Documents\cc_20140813_134158.reg

2014-08-12 23:57 - 2014-08-15 18:10 - 00057584 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe

2014-08-12 23:57 - 2014-08-15 18:10 - 00026184 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe

2014-08-12 23:41 - 2014-08-26 21:34 - 02155152 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll

2014-08-12 23:41 - 2014-08-15 18:10 - 02097984 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll

2014-08-11 23:14 - 2011-05-27 18:33 - 00000000 ____D () C:\Users\Theresa

2014-08-11 23:14 - 2011-05-21 20:01 - 00000000 ____D () C:\Users\Be My Guest

2014-08-11 23:14 - 2011-05-21 12:42 - 00000000 ____D () C:\Users\Administrator

2014-08-11 23:12 - 2014-08-11 23:12 - 00000534 _____ () C:\Users\Fred\Documents\cc_20140811_231221.reg

2014-08-11 23:03 - 2014-08-11 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer

2014-08-11 23:03 - 2012-01-15 16:15 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer

2014-08-11 22:15 - 2014-08-11 22:15 - 00001752 _____ () C:\Users\Fred\Documents\cc_20140811_221548 Myphoneexp2.reg

2014-08-11 22:15 - 2014-08-11 22:14 - 00015072 _____ () C:\Users\Fred\Documents\cc_20140811_221441 PhoneExplorer Virus cleanup.reg

2014-08-11 11:01 - 2011-11-03 12:59 - 00000000 ____D () C:\ProgramData\WebEx

2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\ProgramData\Anvisoft

2014-08-11 08:13 - 2014-08-11 08:13 - 00000000 ____D () C:\Program Files (x86)\Anvisoft

2014-08-11 08:11 - 2014-08-11 08:10 - 36035456 _____ (Anvisoft) C:\Users\Fred\Desktop\asdsetup.exe

2014-08-10 23:29 - 2009-07-13 22:08 - 00032538 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-08-10 23:28 - 2009-07-14 00:45 - 00000000 ___RD () C:\Users\Public\Recorded TV

2014-08-10 23:28 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\AppCompat

2014-08-09 14:53 - 2011-05-23 06:17 - 00000000 ____D () C:\junk

2014-08-09 14:30 - 2011-05-21 17:47 - 00000020 ____H () C:\ProgramData\PKP_DLev.DAT

2014-08-09 14:30 - 2011-05-21 17:47 - 00000020 ____H () C:\ProgramData\PKP_DLet.DAT

2014-08-09 07:35 - 2014-08-09 07:35 - 00000258 _____ () C:\Users\Fred\Documents\cc_20140809_073514.reg

2014-08-09 07:34 - 2009-07-13 19:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140818-091220.backup

2014-08-09 06:41 - 2014-08-09 06:41 - 00000000 ____D () C:\Users\Fred\Documents\ProcAlyzer Dumps

2014-08-07 19:31 - 2013-06-22 15:45 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-08-07 18:36 - 2013-06-22 15:45 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-08-06 10:50 - 2014-08-06 10:50 - 00001200 _____ () C:\Users\Fred\Documents\cc_20140806_105003.reg

2014-08-03 22:44 - 2011-06-28 07:33 - 00000000 ____D () C:\Program Files\Recuva

2014-08-03 18:14 - 2014-08-03 17:49 - 00019983 _____ () C:\Windows\IE11_main.log

2014-08-03 18:00 - 2011-05-17 00:05 - 00000000 ____D () C:\Windows\Panther

2014-08-03 17:51 - 2014-08-03 17:51 - 00000134 _____ () C:\Users\Fred\Desktop\Internet Explorer Troubleshooting.url

2014-08-03 16:10 - 2014-08-03 15:14 - 00000000 ____D () C:\MATS

2014-08-03 15:56 - 2011-05-21 17:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-08-03 11:28 - 2014-08-03 11:28 - 00008962 _____ () C:\Users\Fred\Documents\cc_20140803_112816.reg

2014-08-03 11:28 - 2014-08-03 11:28 - 00001926 _____ () C:\Users\Fred\Documents\cc_20140803_112841.reg

2014-08-03 11:11 - 2014-08-03 11:11 - 00002084 _____ () C:\Users\Fred\Documents\cc_20140803_111132.reg

Files to move or delete:

====================

C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs

C:\Users\Fred\GoPython.bat

Some content of TEMP:

====================

C:\Users\Fred\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-08-28 17:41

==================== End Of Log ============================

MOre in next post

EyeSore · Sep 2, 2014

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014

Ran by Fred at 2014-09-02 18:31:22

Running from C:\Users\Fred\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Acrobat X Suite (HKLM-x32\...\{3F41BA46-09C3-4500-96D7-DC4390AD0124}) (Version: 1.0 - Adobe Systems Incorporated)

Acronis True Image Home 2012 (HKLM-x32\...\{243EF3E5-537D-4A15-8EE8-47D5473D9C73}Visible) (Version: 15.0.7133 - Acronis)

Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.11 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden

Adobe Captivate Quiz Results Analyzer (HKLM-x32\...\QuizResultsAnalyzer.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 1.0 - Adobe Systems Incorporated)

Adobe Captivate Quiz Results Analyzer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

Adobe Captivate Reviewer (HKLM-x32\...\AdobeCaptivateReviewer2.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1) (Version: 2.0 - Adobe Systems Incorporated)

Adobe Captivate Reviewer (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden

Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)

Adobe Community Help (x32 Version: 3.5.23 - Adobe Systems Incorporated.) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe PDF iFilter 9 for 64-bit platforms (HKLM\...\{5EA12CF3-8162-47F6-ACAF-45AD03EFB08F}) (Version: 9.0.0 - Adobe)

Adobe Photoshop Lightroom 3.6 64-bit (HKLM\...\{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}) (Version: 3.6.1 - Adobe)

Adobe Presenter 7 (HKLM-x32\...\Adobe Presenter 7) (Version: 7.0.6 - Adobe Systems)

Adobe Presenter 7 (x32 Version: 7.0 - Adobe Systems Inc.) Hidden

Agilent B2900A Quick IV Measurement Software (HKLM-x32\...\{6112E209-7844-4538-83F4-20997F366F5F}) (Version: 30.14.0422 - Agilent Technologies)

Agilent BenchVue (HKLM-x32\...\{997F599F-4B8D-4E0A-A820-C7C3571D7C53}) (Version: 1.0 - Agilent Technologies)

Agilent Communications Fabric (HKLM-x32\...\{03D6CB38-947A-4AEE-96EE-9EBBDC5F093B}) (Version: 1.3.18121.11919 - Agilent Technologies, Inc.)

Agilent Firmware Update Utility Type 2 (HKLM-x32\...\{5765EDDD-AC73-406F-99BB-D9A9B34B85D9}) (Version: 1.1.14403 - Agilent Technologies, Inc)

Agilent IO Libraries Suite 16.3 Update 2 (HKLM-x32\...\InstallShield_{6419465C-004C-42D1-840D-3E23FA5D8E27}) (Version: 16.3.17914.4 - Agilent Technologies)

Agilent IO Libraries Suite 16.3 Update 2 (x32 Version: 16.3.17914.4 - Agilent Technologies) Hidden

Agilent IO Libraries Suite 64-bit (Version: 16.3.17914.4 - Agilent Technologies) Hidden

Agilent LXI Mdns Responder 64bit (Version: 1.1.16127.10205 - Agilent Technologies) Hidden

AI Suite (HKLM-x32\...\{310BC5E2-31AF-49BB-904D-E71EB93645DC}) (Version: 1.05.32 - )

Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: - )

Atmel Software Framework (HKLM-x32\...\{2D423733-FCBC-4E27-B026-D6D973C6496F}) (Version: 3.1.121 - Atmel)

Atmel Studio 6.0 (HKLM-x32\...\{51CC3953-2D06-47FA-832A-B7FD24D01322}) (Version: 6.0.1843 - Atmel)

Atmel USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.6 - Atmel)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother BRAdmin Light 1.21.0001 (HKLM-x32\...\{DB75941E-30C4-4D97-B000-D17C764B998C}) (Version: 1.21.0001 - Brother)

Brother MFL-Pro Suite MFC-9560CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.1.5.0 - Brother Industries, Ltd.)

Brother P-touch Editor 5.1 (HKLM-x32\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0120 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Calendar #1 [ENU] (HKLM-x32\...\{11420356-8C63-4B6F-9D6E-B2B5E5E8CC2D}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Caution (HKLM-x32\...\{83640671-5F02-4528-82B4-1F4637699C38}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Christmas [ENU] (HKLM-x32\...\{85C58A5E-5DBE-4A4C-B920-BEEE647F24B8}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Eco (HKLM-x32\...\{13967EAF-6FE3-4394-ACAD-326C463FB6D4}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Facility #1 [ENU] (HKLM-x32\...\{7E5902CB-8ED3-4B7C-9FDF-2D7CBFC96512}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Files (HKLM-x32\...\{B9AA72E1-DDB0-4344-9FFA-11545382ECB5}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Halloween [ENU] (HKLM-x32\...\{F72DCCC0-60E3-4E2C-9EA6-FFBF60507DCE}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Holiday #1 [ENU] (HKLM-x32\...\{3C7CAD9F-5967-4993-899A-C449BA9E9C74}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Office Signage (HKLM-x32\...\{58A7A4BA-AB8F-410F-963D-0BB3E73389F7}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Personal #3 [ENU] (HKLM-x32\...\{ED13E571-7997-4C44-896D-297C09047B64}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Personal (HKLM-x32\...\{B24F0BA7-A962-47D2-A4E6-0E3AFCE8D874}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Personal Files [ENU] (HKLM-x32\...\{315CF84A-788E-4C14-8511-58BD81D2CD0E}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Retail #3 [ENU] (HKLM-x32\...\{395D8D04-902F-44A5-AC57-51CA2377D074}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Retail #4 [ENU] (HKLM-x32\...\{7B4170CA-3C13-4A4F-97F5-E90E0038E9A4}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Retail (HKLM-x32\...\{CDE0AEA2-2F2F-4894-987F-5BE954E578A8}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Shipping (HKLM-x32\...\{C99C37D6-6ADA-4CDF-971E-46DCB1E743CE}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Spices [ENU] (HKLM-x32\...\{7E891772-627E-4E90-B05F-269390A5279D}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Editor Label Collection - Valentine's Day [ENU] (HKLM-x32\...\{2A30091B-C0FA-45AD-BA11-427FBF0B8313}) (Version: 1.0.001 - Brother Industries, Ltd.)

Brother P-touch Update Software (HKLM-x32\...\{A598BEC3-4F02-413E-9649-C5A1879DB558}) (Version: 1.0.0010 - Brother Industries, Ltd.)

Cadence Allegro Free Physical Viewers 16.6 (HKLM-x32\...\{2BB61CCF-BB29-42C1-A313-CF4CC2B924B2}) (Version: 16.6.0 - Cadence Design Systems)

CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)

Cisco WebEx Meeting Center for Firefox or Chrome (HKLM-x32\...\{50B62367-6210-45E4-AA1E-A0532926E429}) (Version: 8.29.3201 - Cisco WebEx LLC)

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

CiscoVirtualCom(x64) (HKLM-x32\...\{4741C69E-1B4E-43DA-9598-7F94BA6B66E7}) (Version: 1.00.0000 - Cisco Systems, Inc.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)

Dropbox (HKCU\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)

dsdminst (x32 Version: 1.00.0000 - Brother Industries, Ltd.) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

EVGA OC Scanner X 2.2.2 (HKLM-x32\...\{CB92C58B-7BDF-48E3-92E3-51768DCCA585}_is1) (Version: - EVGA)

Fuze Meeting (HKLM-x32\...\{88F800EE-C2E3-49F1-9A61-DB1EE6DD4245}) (Version: 14.1.3326 - Fuze Box, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.102 - Google Inc.)

Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

GoToMeeting 5.1.0.880 (HKCU\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)

HiJackThis (HKLM-x32\...\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}) (Version: 1.0.0 - Trend Micro)

HP Virtual Room Client Launcher Plugin (HKLM-x32\...\{E9C450A0-4606-11E0-9207-0800200C9A66}) (Version: 2.0.0.1 - Hewlett-Packard)

IAR Embedded Workbench for ARM (HKLM-x32\...\{239741D2-0F26-4C44-8777-C544096ECB75}) (Version: 6.70.1 - IAR Systems)

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)

iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 14.0.1 - iolo technologies, LLC)

iPort Utility Pack V5.5.0 (HKLM-x32\...\{3247A5E1-6E26-4DB1-8157-A71D5FDCB02B}) (Version: 5.5.0 - Micro Computer Control Corporation (MCC))

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

IVI Shared Component 64-bit (Version: 2.21.49152 - IVI Foundation Inc.) Hidden

IVI Shared Components 2.2.1 (HKLM-x32\...\IviSharedComponent) (Version: 2.21.49152 - IVI Foundation)

Java 7 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417065FF}) (Version: 7.0.650 - Oracle)

Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)

JLink OB CDC Driver Package (HKLM\...\{CD0E9FFE-70DD-47E3-A7A5-750E9DE6F40B}) (Version: 1.2.1 - SEGGER)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Libero SoC v10.1 (HKLM-x32\...\InstallShield_{F4288E89-50D2-463B-B609-0A7405D49E4B}) (Version: 10.1.0.14 - Microsemi Corp.)

Libero SoC v10.1 (x32 Version: 10.1.0.14 - Microsemi Corp.) Hidden

Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)

Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)

LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Access database engine 2010 (English) (HKLM-x32\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden

Microsoft Document Explorer 2008 (HKLM-x32\...\Microsoft Document Explorer 2008) (Version: - Microsoft Corporation)

Microsoft Document Explorer 2008 (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden

Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)

Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden

Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation)

Microsoft Mathematics Add-in (32-bit) (HKLM-x32\...\{E2C98732-F973-4985-A9C5-DC06178E16EE}) (Version: 2.0.040811.01 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Ultimate 2007 (HKLM-x32\...\ULTIMATER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Ultimate 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version: - Microsoft)

Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Visio Professional 2007 (HKLM-x32\...\VISPROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Visual Web Developer 2007 (x32 Version: 12.0.4518.1066 - Microsoft Corporation) Hidden

Microsoft Office Visual Web Developer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 Design Tools ENU (HKLM-x32\...\{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}) (Version: 3.5.5386.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 ENU (HKLM-x32\...\{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}) (Version: 3.5.5386.0 - Microsoft Corporation)

Microsoft SQL Server Database Publishing Wizard 1.2 (HKLM-x32\...\{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}) (Version: 1.2.0.0 - Microsoft Corporation)

Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Sync Framework 2.0 SDK (x64) ENU (HKLM\...\{546B499C-2CEB-409C-AA03-59CE8B5A6AFA}) (Version: 2.0.1578.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (Version: 9.0.21022 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2008 Standard Edition - ENU (HKLM-x32\...\Microsoft Visual Studio 2008 Standard Edition - ENU) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2008 Standard Edition - ENU (x32 Version: 9.0.21022 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden

Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50701 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.50706 - Microsoft Corporation) Hidden

Microsoft Visual Studio Web Authoring Component (HKLM-x32\...\VisualWebDeveloper) (Version: 12.0.4518.1066 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools (HKLM\...\{29C93182-34F6-3275-A18D-59326851CD57}) (Version: 3.5.21022 - Microsoft)

Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries (HKLM\...\{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense (HKLM\...\{9aa5f39c-a8de-46b0-919a-0248f8bc8490}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 Tools (HKLM\...\{62EED300-E841-4083-A1D6-60B906271804}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft Windows SDK for Visual Studio 2008 Win32 Tools (HKLM\...\{A992BBAA-723D-4574-A07F-983BF8FAA3E1}) (Version: 6.1.5288.17011 - Microsoft Corporation)

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Mindjet MindManager 2012 (HKLM-x32\...\{03D57353-071B-4D21-982A-CC35C962A7C4}) (Version: 10.1.459 - Mindjet)

More to go

EyeSore · Sep 2, 2014

Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)

MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)

Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)

Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)

NirSoft NK2Edit (HKLM-x32\...\NirSoft NK2Edit) (Version: - )

Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9.6.2 - )

Nuance PaperPort 12 (HKLM-x32\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)

Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)

NVIDIA 3D Vision Controller Driver 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden

NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

P&E Multilink Universal (HKLM-x32\...\multilink_universal) (Version: - )

PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)

PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.72 - ASUSTek)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.3.0 - Nikon)

Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)

PL-2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.8.0 - Prolific Technology INC)

PuTTY development snapshot 2014-09-01:r10214 (HKLM-x32\...\PuTTY_is1) (Version: 2014-09-01:r10214 - Simon Tatham)

PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden

Python 3.4 pyserial-2.7 (HKCU\...\pyserial-py3.4) (Version: - )

Python 3.4.0 (64-bit) (HKLM\...\{863162A8-ECC2-35EA-BDF7-E09AC456E164}) (Version: 3.4.150 - Python Software Foundation)

Quicken 2011 (HKLM-x32\...\{5FE545A1-D215-4216-9189-E7B39C9D1CC1}) (Version: 20.1.8.6 - Intuit)

QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)

Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.6.0 - SAMSUNG Electronics Co., Ltd.)

Scansoft PDF Professional (x32 Version: - ) Hidden

SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.5 - Seagate Technology)

Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)

Sentinel Protection Installer 7.6.3 (HKLM-x32\...\{954D9E32-BE47-43F4-9BFF-6DB46F17EAF2}) (Version: 7.6.3 - SafeNet, Inc.)

Speccy (HKLM\...\Speccy) (Version: 1.10 - Piriform)

SuperNZB v4.0.6 (HKLM-x32\...\SuperNZB_is1) (Version: - )

TiVo Desktop 2.8.2 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.369 - TiVo Inc.)

TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.0a - TrueCrypt Foundation)

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

TurboTax 2013 wcaiper (x32 Version: 013.000.1280 - Intuit Inc.) Hidden

TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden

TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden

TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden

TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office 2007 System (KB2539530) (HKLM-x32\...\{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM-x32\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Update for Microsoft Visual Studio 2008 Standard Edition - ENU (KB972221) (HKLM-x32\...\{F434F50E-7614-3EA8-9008-2FB866B697DA}.KB972221) (Version: 1 - Microsoft Corporation)

USB ACF Modem (HKLM\...\CNXT_MODEM_USB_ACF) (Version: 2.0.21.50 - Conexant)

VC Runtimes MSI (x32 Version: 9.0.21022 - Microsoft) Hidden

ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.4 - Nikon)

VISA Shared Components 64-Bit (HKLM-x32\...\VISASharedComponents) (Version: 1.6 - IVI Foundation)

VISA Shared Components 64-Bit (Version: 1.6.0 - IVI Foundation) Hidden

Visual Studio .NET Prerequisites - English (HKLM\...\{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}) (Version: 9.0.21022 - Microsoft Corporation)

Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.1.7-3 - Wacom Technology Corp.)

WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)

WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)

Windows Driver Package - Actel Corporation (FP3B-CYUSB) USB (03/30/2010 1.0.0.1) (HKLM\...\F019ECC44078E3948264818BEC4C98589BFAE565) (Version: 03/30/2010 1.0.0.1 - Actel Corporation)

Windows Driver Package - Actel Corporation (FP4-CYUSB) USB (03/30/2010 1.0.0.1) (HKLM\...\9ACB2B8D83A1D62E6DAC4435E07D197574DB6C5A) (Version: 03/30/2010 1.0.0.1 - Actel Corporation)

Windows Driver Package - IAR Systems (IJET) IARUSB (05/23/2012 2.05) (HKLM\...\1C43F1704FCDAEB095E591CCD332A2EEE6D1B03B) (Version: 05/23/2012 2.05 - IAR Systems)

Windows Driver Package - Segger (jlink_ob_x64) USB (03/13/2012 2.6.6.2) (HKLM\...\6D4C34D12E9233ABADF9D04ADF9E288A7ECF3B5B) (Version: 03/13/2012 2.6.6.2 - Segger)

Windows Driver Package - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Family Safety (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)

WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)

Wireshark 1.12.0 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.0 - The Wireshark developer community, http://www.wireshark.org)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-3443260511-751025859-1096921692-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Fred\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)

==================== Restore Points =========================

25-08-2014 22:00:14 System Stable

26-08-2014 04:31:20 SQL and SyncToy repairs

26-08-2014 04:32:03 Installed Microsoft Sync Framework 2.0 SDK (x64) ENU

27-08-2014 01:00:09 Windows Backup

28-08-2014 15:18:57 Windows Update

28-08-2014 20:58:44 Windows Update

29-08-2014 01:00:28 Windows Backup

30-08-2014 20:04:30 Before Akamai ASUS

30-08-2014 23:40:19 Removed SyncToy 2.1 (x64)

31-08-2014 01:00:10 Windows Backup

31-08-2014 15:39:13 before antivirus round2

31-08-2014 16:14:33 Before DDS after malwareBytes

31-08-2014 16:42:41 TDSSKiller next

31-08-2014 16:47:48 Before MBRCheck

31-08-2014 16:52:37 combofix

31-08-2014 17:36:19 OTL Restore Point - 2014-08-31 10:36:19 AM

01-09-2014 00:21:07 After Virus Cleanup vefore OTL clean with out Restore point del

01-09-2014 01:43:36 after cleanup

01-09-2014 02:04:20 Installed Adobe Flash Player 14 ActiveX.

01-09-2014 02:17:53 chrome

01-09-2014 03:26:12 Acrobat working

01-09-2014 03:42:41 Removed iTunes

01-09-2014 03:48:07 Installed Java 7 Update 65

01-09-2014 04:04:05 photoshop

01-09-2014 17:14:54 Windows Update

01-09-2014 18:41:06 AdwCleaner

01-09-2014 22:45:27 MSFT Malicious removal tool and offce SP3 and IE11

01-09-2014 23:06:26 FRST64

02-09-2014 01:00:11 Windows Backup

02-09-2014 04:14:56 After RogueKiller

03-09-2014 00:01:54 Combofix

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2014-08-31 10:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1F1CDF66-35C3-46AD-94A3-814AAEE30013} - System32\Tasks\AdobeAAMUpdater-1.0-MossLanding-Fred => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)

Task: {26E59356-D653-429B-8CF5-14A2D489E9F4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)

Task: {2D5351FE-7A2D-46E4-A9F5-AC20D860B8E8} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2014-08-13] (iolo technologies, LLC)

Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION

Task: {48654794-C250-491A-B114-C2FD4ECAD08B} - System32\Tasks\AdobeAAMUpdater-1.0-MossLanding-Theresa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-11-08] (Adobe Systems Incorporated)

Task: {4DBFD76E-E45F-429F-87A6-11751AA730F0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22] (Google Inc.)

Task: {5D4AA109-FC07-4CA8-B494-C3AB3D553AB9} - System32\Tasks\Virus Scan => C:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11] (Microsoft Corporation)

Task: {61858E27-8D65-454B-8BCA-3A6F190BCB1B} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.00.95\AsLoader.exe [2008-07-02] ()

Task: {6DAEDCD1-C66D-4902-B114-F4360BE23528} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {9D7B4B4F-8A4F-4B27-90B1-DA65FBC9FCDB} - System32\Tasks\ASUS\Cpu Level Up Hook Lanunch => C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHookLaunch.exe [2007-10-11] ()

Task: {A05F2938-1645-435C-B67D-5064B5574D0A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-31] (Adobe Systems Incorporated)

Task: {C0C1CC5A-F9C8-4D25-81F6-960C0C8FE1BC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

Task: {DD7A18A9-D823-48BD-833C-D5AD192F5652} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {E1347269-92B8-43E7-8FC7-4BE0B4DD4B87} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11] ()

Task: {EA8924BE-B19A-48D0-956D-09B0AB190693} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)

Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-21 12:48 - 2013-10-23 01:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2011-05-21 09:19 - 2008-06-03 23:53 - 00027648 _____ () C:\Windows\System32\spd__l.dll

2011-08-24 18:18 - 2010-03-15 16:18 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll

2008-11-26 04:15 - 2008-11-26 04:15 - 00084992 _____ () C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\PDFLShim.dll

2008-11-16 16:51 - 2008-11-16 16:51 - 00657408 _____ () C:\Program Files\Adobe\Adobe PDF iFilter 9 for 64-bit platforms\bin\AdobeXMP.dll

2012-06-28 16:58 - 2012-06-28 16:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll

2011-08-24 18:18 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ioloSystemService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2

MSCONFIG\Services: Bonjour Service => 3

MSCONFIG\Services: iPod Service => 3

MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk => C:\Windows\pss\EvernoteClipper.lnk.Startup

MSCONFIG\startupfolder: C:^Users^Fred^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: EvtMgr6 => C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

MSCONFIG\startupreg: iTunesHelper =>

MSCONFIG\startupreg: MMReminderService => C:\Program Files (x86)\Mindjet\MindManager 10\MMReminderService.exe

MSCONFIG\startupreg: NvBackend =>

MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"

MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

MSCONFIG\startupreg: SunJavaUpdateSched =>

MSCONFIG\startupreg: TranscodingService => C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe

==================== Faulty Device Manager Devices =============

Name: ASUS PCE-N15 11n Wireless LAN PCI-E Card

Description: ASUS PCE-N15 11n Wireless LAN PCI-E Card

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: ASUSTeK Computer Inc.

Service: RTL8192Ce

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

System errors:

=============

Microsoft Office Sessions:

=========================

Error: (08/28/2014 01:53:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 635 seconds with 600 seconds of active time. This session ended with a crash.

Error: (08/26/2014 07:30:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 49 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/26/2014 07:29:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 354 seconds with 300 seconds of active time. This session ended with a crash.

Error: (08/26/2014 06:46:59 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/24/2014 01:50:23 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6700.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 501 seconds with 480 seconds of active time. This session ended with a crash.

Error: (06/15/2014 08:47:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 139 seconds with 60 seconds of active time. This session ended with a crash.

Error: (05/11/2014 08:24:23 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 168 seconds with 120 seconds of active time. This session ended with a crash.

Error: (05/11/2014 08:20:26 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/11/2014 08:19:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4521 seconds with 2280 seconds of active time. This session ended with a crash.

Error: (04/23/2014 06:11:37 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6695.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 61 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2014-08-31 10:05:52.597

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-31 10:05:52.441

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-17 14:31:13.761

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\data\Utilities\Sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-17 14:31:13.599

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\data\Utilities\Sysinternals\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-20 18:50:13.298

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\data_bad_drive\Banff\D915PBL Motherboard\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-20 18:50:13.282

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\data_bad_drive\Banff\D915PBL Motherboard\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-20 18:50:12.846

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Fred\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2011-05-20 18:50:12.846

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Users\Fred\AppData\Local\Temp\PCIUtil.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz

Percentage of memory in use: 26%

Total physical RAM: 8191.05 MB

Available physical RAM: 5990.7 MB

Total Pagefile: 9213.23 MB

Available Pagefile: 6705.62 MB

Total Virtual: 8192 MB

Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Moss Landing) (Fixed) (Total:447.03 GB) (Free:146.72 GB) NTFS

Drive d: (Carmel) (Fixed) (Total:1863.01 GB) (Free:370.55 GB) NTFS

Drive e: (Arch1) (Fixed) (Total:1863.01 GB) (Free:1594.39 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 3FBADE9A)

Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 061394F6)

Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================

Disk: 2 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 1C3AFD17)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=447 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Broni · Sep 2, 2014

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

EyeSore · Sep 2, 2014

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014

Ran by Fred at 2014-09-02 19:55:45 Run:1

Running from C:\Users\Fred\Desktop

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

BootExecute:

S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]

S3 PROCEXP151; \??\C:\Windows\system32\Drivers\PROCEXP151.SYS [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs

C:\Users\Fred\GoPython.bat

C:\Users\Fred\AppData\Local\Temp\Quarantine.exe

Task: {47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4} - \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip No Task File <==== ATTENTION

Task: {FDD56C73-F0D5-41B6-B767-6EFFD7966428} - \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask No Task File <==== ATTENTION

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

BootExecute: => Error: No automatic fix found for this entry.

nvvad_WaveExtensible => Service deleted successfully.

PROCEXP151 => Service deleted successfully.

Synth3dVsc => Service deleted successfully.

tsusbhub => Service deleted successfully.

VGPU => Service deleted successfully.

C:\Users\Be My Guest\MmInternetExplorerActiveSetup.vbs => Moved successfully.

C:\Users\Fred\GoPython.bat => Moved successfully.

C:\Users\Fred\AppData\Local\Temp\Quarantine.exe => Moved successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47536D45-EEEC-4BDC-8183-A4DC1F8DA9E4}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDD56C73-F0D5-41B6-B767-6EFFD7966428}" => Key deleted successfully.

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" => Key deleted successfully.

==== End of Fixlog ====

FYI: I wrote GoPython.bat

Broni · Sep 2, 2014

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Internet Explorer users - Click on this link to open ESET OnlineScan.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
- Double click on the http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
  [/LIST]
  [*]Check [I]"YES, I accept the Terms of Use."[/I]
  [*]Click the [b]Start[/b] button.
  [*]Accept any security warnings from your browser.[/*]
  [*]Check [I]"Enable detection of potentially unwanted applications"[/I].
  [*]Click [I]Advanced settings[/I] and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
  Do NOT checkmark [I]"Use custom proxy settings"[/I]
  [*]Click the [b]Start[/b] button.
  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  [*]When the scan completes, click [b]List Threats[/b][/*]
  [*]Click [b]Export[/b], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  [*]Click the [b]Back[/b] button.
  [*]Click the [b]Finish[/b] button.
  [/LIST]

Broni · Sep 2, 2014

FYI: I wrote GoPython.bat

If you wish you can get that file back from C:\FRST\Qauarantine folder

EyeSore · Sep 2, 2014

I used both links for Security check. Both result in error unsupported OS. I am pretty sure I ran the second version of this program successfully before. I have not started the other tests. What do you recommend I try next?

I know EST will take a long time to run. I will run it overnight. If it is not complete (I have three hard drives) is it okay if it is past my main drive or should I wait until all scans are done?

Broni · Sep 2, 2014

Restart computer and Security Check should work

EyeSore · Sep 3, 2014

Here the results of two of the programs. I will start ESET next.

Results of screen317's Security Check version 0.99.87

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Microsoft Security Essentials

(On Access scanning disabled!)

Error obtaining update status for antivirus!

`````````Anti-malware/Other Utilities Check:`````````

Secunia PSI (3.0.0.9016)

Java 7 Update 65

Java version out of Date!

Adobe Flash Player 14.0.0.179

Mozilla Firefox (Meeting.)

Google Chrome 36.0.1985.143

Google Chrome 37.0.2062.102

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

iolo Common Lib ioloServiceManager.exe

iolo System Mechanic LiveBoost.exe

iolo System Mechanic iologovernor64.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 21-07-2014

Ran by Fred (administrator) on 02-09-2014 at 20:53:57

Running from "C:\Users\Fred\Desktop"

Microsoft Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => File is digitally signed

C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed

C:\Windows\System32\dhcpcore.dll => File is digitally signed

C:\Windows\System32\drivers\afd.sys => File is digitally signed

C:\Windows\System32\drivers\tdx.sys => File is digitally signed

C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\System32\dnsrslvr.dll => File is digitally signed

C:\Windows\System32\mpssvc.dll => File is digitally signed

C:\Windows\System32\bfe.dll => File is digitally signed

C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed

C:\Windows\System32\SDRSVC.dll => File is digitally signed

C:\Windows\System32\vssvc.exe => File is digitally signed

C:\Windows\System32\wscsvc.dll => File is digitally signed

C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed

C:\Windows\System32\wuaueng.dll => File is digitally signed

C:\Windows\System32\qmgr.dll => File is digitally signed

C:\Windows\System32\es.dll => File is digitally signed

C:\Windows\System32\cryptsvc.dll => File is digitally signed

C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed

C:\Windows\System32\ipnathlp.dll => File is digitally signed

C:\Windows\System32\iphlpsvc.dll => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

EyeSore · Sep 3, 2014

Hi Broni,

ESET completed and found errors on D:, which is where backups of C: are stored, and on E: which has some ancient programs that are not used any more.

What does the located conduit do on my system? That is, does is send information to someone? One more thing that may be relevant, I have blocked IP addresses, 31.13.77.65 and 31.13.77.81, which are registered to Facebook Ireland. I have never used Facebook but someone borrowing the PC may have.

I appreciate your help with this cleanup,

Fred

D:\MOSSLANDING\Backup Set 2014-07-09 064333\Backup Files 2014-07-09 064333\Backup files 112.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

D:\MOSSLANDING\Backup Set 2014-07-18 073017\Backup Files 2014-07-18 073017\Backup files 112.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

D:\MOSSLANDING\Backup Set 2014-08-04 213000\Backup Files 2014-08-04 213000\Backup files 113.zip Win32/Toolbar.Conduit.V potentially unwanted application deleted - quarantined

D:\MOSSLANDING\Backup Set 2014-08-12 180000\Backup Files 2014-08-17 081328\Backup files 1.zip Win32/OpenCandy potentially unsafe applicationdeleted - quarantined

E:\Pgm_files\Norton Your Eyes Only Win95\Emergency unlock\BOOTLOCK.COM probably unknown TSR.COM.EXE.BOOT virus deleted - quarantined

Broni · Sep 3, 2014

Conduit Search is a browser hikacker program that has changed your browser homepage to search.conduit.com and default search engine to bing.com.
Apart from this unwanted changes, Conduit Search will add a toolbar on your browser and whenever your are doing a search, it will display on the first search results their own ads.

http://malwaretips.com/blogs/conduit-search-removal/

Update your Java version here: https://www.techspot.com/downloads/6463-java-se.html
Alternate download: http://www.java.com/en/download/manual.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: If you're running 64-bit system make sure you install BOTH, 32-bit and 64-bit Java.

Note 3: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

===========================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge System Restore
Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

EyeSore · Sep 4, 2014

Hi Broni,

Thanks for the good news and help with this. Here is what I have tested:
1) Index files did not die on one power cycle test.
2) SyncToy still has issues with JPG files.
3) Still problems with:
C:\Windows\SysWOW64"\[l:20{10}]"mfplat.dll"; source file in store is also corrupted

The system seems more responsive. Do you have any more suggestions?

I am traveling for a while but will send an update in about a month and click the donate button.

Thanks for your help,

Broni · Sep 4, 2014

1. Cool

2. That would be a subject to Windows forum.
3. Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.
Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box and paste it into the main textfield:

Code:

:filefind
mfplat.dll

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

EyeSore · Sep 9, 2014

Hi Broni,

I am on business travel and will not be able to provide this input until I return mid-October. Thanks for your continued input.

Broni · Sep 9, 2014

No problem.

Inactive Mfplat.dll, SyncToy, and WIN7 Index fail

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 52 +2

Posts: 52 +2

Posts: 52 +2

Posts: 56,041 +516

Attachments

Posts: 52 +2

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Posts: 52 +2

Posts: 56,041 +516

Similar threads