Multiple iexplore.exe, svchost.exe in Task Manager without launching IE, CPU quickly climbs to 100%

Solved
By DDTech
Jan 27, 2014
  1. I am running Windows 7 64-bit edition, and use Microsoft Security Essentials and have several instances of iexplore.exe and svchost.exe that spawn automatically after logging in, without launching any application (namely IE). I keep my OS and (frequently used, anyway) software and drivers up-to-date with security updates. Recently, (I relate this to updating Adobe Flash Player after a restart forced by installing MS critical updates and iTunes about a week ago) the symptoms began. Recognizing a real problem, I immediately disabled my Internet connection and ran MSE, then, with no relief downloaded Malwarebytes, Hitman Pro, and Spybot Search and Destroy on another computer to a USB thumb drive and ran on the troubled computer. Even disconnected from the Internet, the spawning continued, so I rebooted in Safe Mode. This keeps them from spawning, but booting in Safe Mode with Networking (still physically disconnected) allows them to propagate.

    I’ve read several other threads here that have the same symptoms, but realize that while many steps are similar, each seems to be resolved at a different step, so would greatly appreciate specialized guidance resolving mine, unless following a generic set of steps (4-Step Viruses/Spyware/Malware Removal Preliminary Instructions or those of BrianD75/Nasty, Nasty iexplore.exe infection-Active) is recommended. My computer has a large number of files on it, so full scans take a long time and create large log files. The upshot of this is that it is best to take scan/repair actions in Safe Mode whenever possible. I will endeavor to follow the steps as precisely as possible, and thank you for any assistance you are able to provide. For the record, I am frustrated and embarrassed that after three-and-a-half decades of computing and being connected to other computers in one form or another (started with a Hayes 300 baud Modem on an Apple II in the late 1970’s) I have – for the first time – been foiled by the wretched hive of scum and computing villainy out there on the ‘net. :-/

    Thank you in advance.
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  3. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-01-2014 02
    Ran by David (administrator) on 8FMXTC1 on 27-01-2014 15:57:14
    Running from C:\Users\David\Desktop
    Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Safe Mode (minimal)
    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe

    ==================== Registry (Whitelisted) ==================
    HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [15960096 2009-03-06] (NVIDIA Corporation)
    HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [82464 2009-03-06] (NVIDIA Corporation)
    HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
    HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2782096 2010-07-26] (CANON INC.)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [963072 2006-11-15] (Synaptics, Inc.)
    HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-09] (NVIDIA Corporation)
    HKLM-x32\...\Run: [Adobe Version Cue CS2] - C:\Program Files (x86)\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe [856064 2005-04-04] (Adobe Sytems Incorporated)
    HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)
    HKLM-x32\...\Run: [ScanSnap WIA Service Checker] - C:\Windows\SSDriver\fi5110\SsWiaChecker.exe [86016 2009-09-30] (PFU LIMITED)
    HKLM-x32\...\Run: [] - [x]
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2013-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-12-18] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [Rkiwrtk] - C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe [66952 2011-03-22] (PFU LIMITED)
    HKLM-x32\...\Run: [Intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
    HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)
    HKCU\...\Run: [updateMgr] - "C:\Progra~2\adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
    HKCU\...\Run: [Speech Recognition] - C:\Windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
    HKCU\...\Run: [Akamai NetSession Interface] - "C:\Users\David\AppData\Local\Akamai\netsession_win.exe"
    HKCU\...\Run: [MobileDocuments] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    HKCU\...\Run: [YflPack] - regsvr32.exe "C:\Users\David\AppData\Local\YflPack\WdMon2.dll" <===== ATTENTION
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\DAVIDD~1\AppData\Local\Temp\spxbvjn\sjoverm\wow.dll ATTENTION! ====> ZeroAccess?
    MountPoints2: E - E:\Windows\CHECK\DriveNavigator.exe
    Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rack2 Folder Monitor Software.lnk
    ShortcutTarget: Rack2 Folder Monitor Software.lnk -> C:\Program Files (x86)\PFU\Rack2-Filer\Raku2AutoImp.exe (PFU LIMITED)
    ==================== Internet (Whitelisted) ====================
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?rd=1
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x92E131DEABCFCB01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    SearchScopes: HKCU - DefaultScope {388B8743-CE4B-4AFF-A0D6-507F9F684D9F} URL = https://www.google.com/search?q={searchTerms}
    SearchScopes: HKCU - {388B8743-CE4B-4AFF-A0D6-507F9F684D9F} URL = https://www.google.com/search?q={searchTerms}
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: HKLM-x32 {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: HKLM-x32 {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} http://www.co.jefferson.wa.us/imw32o40.cab
    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
    Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 192.168.1.1
    FireFox:
    ========
    FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/Photosynth,version=2.0 - C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Extension: Garmin Communicator - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-04-25]
    FF Extension: CFindNetPrinters Class - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\Extensions\{8F9302F8-8A8C-7292-8375-186488E85FE4} [2014-01-24]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011-07-03]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-06-13]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-08-31]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-11-21]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2013-02-13]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-03-14]
    ==================== Services (Whitelisted) =================
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2011-02-19] (Adobe Systems)
    S2 Adobe Version Cue CS2; C:\Program Files (x86)\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe [163840 2005-04-04] (Adobe Systems Incorporated)
    S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
    S2 Bufssvr; C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [95536 2009-06-17] (BUFFALO INC.)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
    S2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
    S2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [58345832 2011-09-22] (Microsoft Corporation)
    S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
    S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-09] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-09] (NVIDIA Corporation)
    S3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2012-12-22] (Intuit, Inc.)
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
    S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
    S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431464 2011-09-22] (Microsoft Corporation)
    S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
    ==================== Drivers (Whitelisted) ====================
    R3 bautpw64; C:\Windows\System32\drivers\bautpw64.sys [16000 2009-07-10] (BUFFALO INC.)
    S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
    S3 bcm; C:\Windows\System32\DRIVERS\drxvi314_64.sys [359040 2010-03-26] (Beceem communications pvt ltd.)
    S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr_64.sys [62976 2010-03-26] (Beceem communications pvt ltd.)
    R3 btusb64h; C:\Windows\System32\drivers\btusb64h.sys [28728 2009-06-24] (BUFFALO INC.)
    S3 DIFMBUS; C:\Windows\System32\DRIVERS\DIFMBUS.sys [69960 2010-04-28] (DEVGURU Co., LTD.)
    S3 DIFMCVsp; C:\Windows\System32\DRIVERS\DIFMCVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 DIFMMdm; C:\Windows\System32\DRIVERS\DIFMMdm.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 DIFMNET; C:\Windows\System32\DRIVERS\DIFMNET.sys [123976 2010-05-04] (DEVGURU Co., LTD.)
    S3 DIFMNVsp; C:\Windows\System32\DRIVERS\DIFMNVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 DIFMVsp; C:\Windows\System32\DRIVERS\DIFMVsp.sys [181320 2010-04-28] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 guardian2; C:\Windows\System32\Drivers\oz776x64.sys [85280 2009-09-09] (O2Micro)
    S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
    S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
    S2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
    S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
    S3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [x]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========
    2014-01-27 15:57 - 2014-01-27 15:57 - 00018198 _____ C:\Users\David\Desktop\FRST.txt
    2014-01-27 15:56 - 2014-01-27 15:56 - 00000000 ____D C:\FRST
    2014-01-27 15:56 - 2014-01-27 15:53 - 02079232 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-01-26 15:19 - 2014-01-26 15:22 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2014-01-26 15:06 - 2014-01-26 15:08 - 00000000 ____D C:\ProgramData\HitmanPro
    2014-01-26 12:18 - 2014-01-26 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-26 12:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-01-25 17:02 - 2014-01-25 17:02 - 00003842 _____ C:\Windows\System32\Tasks\Security Center Update - 2378523995
    2014-01-25 17:01 - 2014-01-26 14:49 - 00000000 ____D C:\Users\David\AppData\Roaming\Zomyohb
    2014-01-25 16:57 - 2014-01-25 16:57 - 00013601 _____ C:\Users\David\Desktop\hs_err_pid3644.log
    2014-01-25 16:31 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-01-25 16:27 - 2014-01-25 16:27 - 00000000 ____D C:\Program Files\iPod
    2014-01-25 16:26 - 2014-01-25 16:31 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-25 16:26 - 2014-01-25 16:30 - 00000000 ____D C:\Program Files\iTunes
    2014-01-25 16:25 - 2014-01-25 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2014-01-25 16:25 - 2014-01-25 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2014-01-25 16:24 - 2014-01-25 16:24 - 00000000 ____D C:\Program Files\Bonjour
    2014-01-25 16:24 - 2014-01-25 16:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2014-01-25 16:21 - 2014-01-25 16:23 - 148904784 _____ (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
    2014-01-24 11:56 - 2014-01-24 11:57 - 00000000 ____D C:\Users\David\AppData\Local\YflPack
    2014-01-18 17:15 - 2014-01-18 17:15 - 00001218 _____ C:\Users\David\Desktop\Scan - Shortcut.lnk
    2014-01-16 10:23 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2014-01-16 10:23 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2014-01-16 10:23 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
    2014-01-16 10:23 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
    2014-01-16 10:23 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
    2014-01-16 10:23 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
    2014-01-16 10:22 - 2014-01-18 17:21 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2014-01-16 10:22 - 2013-12-09 18:15 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-01-16 10:22 - 2013-12-09 18:14 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-01-16 10:21 - 2014-01-16 10:28 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA
    2014-01-16 10:21 - 2014-01-16 10:22 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2014-01-16 10:21 - 2013-12-05 00:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-01-16 10:21 - 2013-12-05 00:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2014-01-16 10:21 - 2013-12-05 00:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-01-16 10:20 - 2014-01-16 10:22 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2014-01-16 10:19 - 2014-01-16 10:19 - 30234168 _____ (NVIDIA Corporation) C:\Users\David\Downloads\GeForce_Experience_v1.8.1.0.exe
    2014-01-15 14:32 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-01-15 14:32 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-01-15 14:32 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-01-15 14:32 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    ==================== One Month Modified Files and Folders =======
    2014-01-27 15:57 - 2014-01-27 15:57 - 00018198 _____ C:\Users\David\Desktop\FRST.txt
    2014-01-27 15:56 - 2014-01-27 15:56 - 00000000 ____D C:\FRST
    2014-01-27 15:53 - 2014-01-27 15:56 - 02079232 _____ (Farbar) C:\Users\David\Desktop\FRST64.exe
    2014-01-27 13:36 - 2012-07-21 17:39 - 00000000 _____ C:\Windows\SysWOW64\DllHost.exe.Z-missing.txt
    2014-01-27 10:30 - 2011-02-18 12:33 - 01497490 _____ C:\Windows\WindowsUpdate.log
    2014-01-26 18:26 - 2011-10-31 15:56 - 00196608 _____ C:\Windows\system32\Ikeext.etl
    2014-01-26 18:25 - 2012-07-21 17:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2014-01-26 15:22 - 2014-01-26 15:19 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
    2014-01-26 15:08 - 2014-01-26 15:06 - 00000000 ____D C:\ProgramData\HitmanPro
    2014-01-26 15:08 - 2011-02-19 14:24 - 00901720 _____ C:\Windows\system32\perfh00A.dat
    2014-01-26 15:08 - 2011-02-19 14:24 - 00875202 _____ C:\Windows\system32\perfh019.dat
    2014-01-26 15:08 - 2011-02-19 14:24 - 00552664 _____ C:\Windows\system32\perfh011.dat
    2014-01-26 15:08 - 2011-02-19 14:24 - 00216494 _____ C:\Windows\system32\perfc00A.dat
    2014-01-26 15:08 - 2011-02-19 14:24 - 00208424 _____ C:\Windows\system32\perfc019.dat
    2014-01-26 15:08 - 2011-02-19 14:24 - 00175870 _____ C:\Windows\system32\perfc011.dat
    2014-01-26 15:08 - 2009-07-13 21:13 - 03906810 _____ C:\Windows\system32\PerfStringBackup.INI
    2014-01-26 15:00 - 2013-08-15 09:18 - 00000354 ____H C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job
    2014-01-26 14:59 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-01-26 14:59 - 2009-07-13 20:45 - 00013632 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-01-26 14:52 - 2012-07-05 21:48 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-01-26 14:52 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2014-01-26 14:52 - 2009-07-13 20:51 - 00036293 _____ C:\Windows\setupact.log
    2014-01-26 14:52 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
    2014-01-26 14:50 - 2011-02-18 15:44 - 00499582 _____ C:\Windows\PFRO.log
    2014-01-26 14:49 - 2014-01-25 17:01 - 00000000 ____D C:\Users\David\AppData\Roaming\Zomyohb
    2014-01-26 14:49 - 2011-03-01 18:08 - 00000000 ____D C:\Users\David\AppData\Roaming\Intuit
    2014-01-26 14:49 - 2011-02-18 12:33 - 00000000 ____D C:\Users\David
    2014-01-26 12:18 - 2014-01-26 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-25 17:37 - 2012-07-05 21:48 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-01-25 17:02 - 2014-01-25 17:02 - 00003842 _____ C:\Windows\System32\Tasks\Security Center Update - 2378523995
    2014-01-25 16:57 - 2014-01-25 16:57 - 00013601 _____ C:\Users\David\Desktop\hs_err_pid3644.log
    2014-01-25 16:31 - 2014-01-25 16:26 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-25 16:30 - 2014-01-25 16:26 - 00000000 ____D C:\Program Files\iTunes
    2014-01-25 16:29 - 2011-02-18 15:36 - 00000000 ____D C:\Program Files (x86)\itunes
    2014-01-25 16:27 - 2014-01-25 16:27 - 00000000 ____D C:\Program Files\iPod
    2014-01-25 16:25 - 2014-01-25 16:25 - 00000000 ____D C:\Windows\System32\Tasks\Apple
    2014-01-25 16:25 - 2014-01-25 16:25 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2014-01-25 16:25 - 2011-04-14 21:04 - 00000000 ____D C:\Program Files\Common Files\Apple
    2014-01-25 16:24 - 2014-01-25 16:24 - 00000000 ____D C:\Program Files\Bonjour
    2014-01-25 16:24 - 2014-01-25 16:24 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2014-01-25 16:24 - 2011-02-20 03:40 - 00000000 ____D C:\ProgramData\Apple
    2014-01-25 16:23 - 2014-01-25 16:21 - 148904784 _____ (Apple Inc.) C:\Users\David\Downloads\iTunes64Setup.exe
    2014-01-25 14:31 - 2011-02-18 12:39 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B06E2498-E45E-48AD-9AD9-5ECEECECA720}
    2014-01-25 13:16 - 2011-02-19 16:54 - 00007600 _____ C:\Users\David\AppData\Local\resmon.resmoncfg
    2014-01-24 14:16 - 2011-02-18 15:51 - 00000468 _____ C:\Windows\BRWMARK.INI
    2014-01-24 11:57 - 2014-01-24 11:56 - 00000000 ____D C:\Users\David\AppData\Local\YflPack
    2014-01-23 15:41 - 2011-02-18 15:51 - 00001152 _____ C:\Windows\Brpfx04a.ini
    2014-01-21 15:04 - 2011-02-19 12:44 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
    2014-01-18 23:33 - 2011-02-18 12:49 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-01-18 17:21 - 2014-01-16 10:22 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2014-01-18 17:15 - 2014-01-18 17:15 - 00001218 _____ C:\Users\David\Desktop\Scan - Shortcut.lnk
    2014-01-17 14:06 - 2007-10-01 01:03 - 00002294 ____H C:\Users\David\Documents\Default.rdp
    2014-01-16 10:28 - 2014-01-16 10:21 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA
    2014-01-16 10:24 - 2011-02-25 02:13 - 00000000 ____D C:\Users\DefaultAppPool
    2014-01-16 10:22 - 2014-01-16 10:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2014-01-16 10:22 - 2014-01-16 10:20 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2014-01-16 10:19 - 2014-01-16 10:19 - 30234168 _____ (NVIDIA Corporation) C:\Users\David\Downloads\GeForce_Experience_v1.8.1.0.exe
    2014-01-16 09:58 - 2011-02-18 16:37 - 03878642 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-01-16 09:36 - 2009-07-13 20:45 - 00643512 _____ C:\Windows\system32\FNTCACHE.DAT
    2014-01-16 09:12 - 2011-02-18 17:08 - 00000000 ____D C:\ProgramData\Microsoft Help
    2014-01-16 09:11 - 2013-07-29 17:34 - 00000000 ____D C:\Windows\system32\MRT
    2014-01-16 09:06 - 2011-02-19 13:21 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-01-15 15:09 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\NDF
    2014-01-13 18:35 - 2011-07-03 17:55 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
    2014-01-13 11:29 - 2012-03-14 11:57 - 00000000 ___RD C:\Users\David\Documents\ScanSnap
    ZeroAccess:
    C:\Users\David\AppData\Local\Google\Desktop\Install
    ZeroAccess:
    C:\$Recycle.Bin\S-1-5-21-1877471262-2881997727-3604617974-1001\$483563bd32fe987a1329543b37b1bdd2
    Files to move or delete:
    ====================
    C:\Users\David\acrobatreader.exe
    C:\Users\David\flashplayer.exe
    C:\Users\David\mstsc.exe
    C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job

    Some content of TEMP:
    ====================
    C:\Users\David\AppData\Local\Temp\ose00000.exe
    C:\Users\David\AppData\Local\Temp\_is279C.exe
    C:\Users\David\AppData\Local\Temp\_is6779.exe
    C:\Users\David\AppData\Local\Temp\_isD76A.exe

    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    LastRegBack: 2014-01-19 14:25
    ==================== End Of Log ============================
  4. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-01-2014 02
    Ran by David Day at 2014-01-27 15:58:01
    Running from C:\Users\David Day\Desktop
    Boot Mode: Safe Mode (minimal)
    ==========================================================

    ==================== Security Center ========================
    AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    ==================== Installed Programs ======================
    Overlook Fing (x32 Version: 2.1 - Overlook)
    Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)
    ABBYY FineReader for ScanSnap (TM) 4.1 (x32 Version: 8.02.650.72520 - ABBYY)
    Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.1.9 - Adobe Systems)
    Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
    Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
    Adobe Creative Suite 2 (x32 Version: - )
    Adobe GoLive CS2 (x32 Version: 8.0.1 - Adobe Systems) Hidden
    Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
    Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
    Adobe InDesign CS2 (x32 Version: 004.000.000 - Adobe Systems Incorporated) Hidden
    Adobe PDF iFilter 11 for 64-bit platforms (Version: 11.0.00 - Adobe)
    Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
    Adobe Reader X (10.1.9) (x32 Version: 10.1.9 - Adobe Systems Incorporated)
    Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
    Adobe SVG Viewer 3.0 (x32 Version: 3.0 - Adobe Systems, Inc.)
    Adobe Version Cue CS2 (x32 Version: 2.0.1 - Adobe Systems, Inc.) Hidden
    AnswerWorks 5.0 English Runtime (x32 Version: 5.0.7 - Vantage Software Technologies)
    Apple Application Support (x32 Version: 3.0 - Apple Inc.)
    Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)
    Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
    Applet (HKCU Version: - Applet)
    BCM Monitor (x32 Version: 44.1.1.27 - Nortel)
    Beceem_5.2.6.8_P3_SMSI_64Bit (Version: 1.00.0000 - Smith Micro Software, Inc.)
    Bonjour (Version: 3.0.0.10 - Apple Inc.)
    Brother MFL-Pro Suite MFC-9840CDW (x32 Version: 1.0.1.0 - Brother Industries, Ltd.)
    BUFFALO eco Manager for HD (x32 Version: - )
    BUFFALO SecureLockManagerEasy for HD (x32 Version: - )
    BUFFALO TurboUSB for FLASH/HDD (x32 Version: - )
    Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation)
    Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
    CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Canon Easy-PhotoPrint EX (x32 Version: - )
    Canon iP100 series (Version: - )
    Canon My Printer (x32 Version: - )
    Canon Setup Utility 2.4 (x32 Version: - )
    CardMinder (x32 Version: V4.1L40 - PFU)
    CardMinder V4.1 (x32 Version: 4.1.40.1 - PFU) Hidden
    Creative MediaSource 5 (x32 Version: 5.26 - Creative Technology Limited)
    Creative WaveStudio 7 (x32 Version: 7.12 - Creative Technology Limited)
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
    DWG TrueView 2011 (Version: 18.1.49.0 - Autodesk)
    DWG TrueView 2011 (Version: 18.1.49.0 - Autodesk) Hidden
    eQUEST 3-64 (HKCU Version: 3.64 - )
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    Garmin BaseCamp (x32 Version: 3.1.3 - Garmin Ltd or its subsidiaries)
    Garmin City Navigator Europe NT v9 (x32 Version: 9.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin City Navigator North America NT v8 (x32 Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin MapSource (x32 Version: 6.16.3 - Garmin Ltd or its subsidiaries)
    Garmin TOPO U.S. 2008 (x32 Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin Trip and Waypoint Manager v4 (x32 Version: 4.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (x32 Version: 1.0.0.0 - Garmin Ltd or its subsidiaries)
    Garmin USB Drivers (x32 Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
    Garmin WebUpdater (x32 Version: 2.4.2 - Garmin Ltd or its subsidiaries)
    GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
    Google Earth (x32 Version: 7.1.2.2041 - Google)
    Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
    Hugin 2012.0.0 (x32 Version: 2012.0.0 hg_a6e4184ad538 - The Hugin Development Team)
    iCloud (Version: 3.1.0.40 - Apple Inc.)
    Indigo Renderer x64 v3.4.19 (x32 Version: 3.4.19 - Glare Technologies Ltd.)
    IP Calculator (x32 Version: 1.1.0 - Bitcricket)
    IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)
    Irrigation System Design Calculator (x32 Version: - )
    iTunes (Version: 11.1.4.62 - Apple Inc.)
    Java(TM) 6 Update 39 (x32 Version: 6.0.390 - Oracle)
    Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech)
    Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
    Logitech Webcam Software (x32 Version: 2.0 - Logitech Inc.)
    LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
    LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
    LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
    LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
    LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
    LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
    LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
    LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
    LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
    LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
    LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
    LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Macromedia Contribute 3.11 (x32 Version: 3.11.0.2419 - Macromedia, Inc.)
    Macromedia Dreamweaver 8 (x32 Version: 8.0.2 - Macromedia)
    Macromedia Extension Manager (x32 Version: 1.7.240 - Macromedia, Inc.)
    Macromedia Fireworks 8 (x32 Version: 8.0.0.777 - Macromedia)
    Macromedia Flash 8 (x32 Version: 8.00.0000 - Macromedia)
    Macromedia Flash 8 Video Encoder (x32 Version: 1.00.0000 - Macromedia)
    Macromedia HomeSite+ (x32 Version: - )
    Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
    MapSource - US Topo 24K National Parks, West v3 (x32 Version: 3.00 - Garmin Ltd. and its subsidiaries)
    MapSource - US Topo 24K National Parks, West v3 (x32 Version: 3.00 - Garmin Ltd. and its subsidiaries) Hidden
    MapSource (x32 Version: 6.3 - Garmin Ltd. and its subsidiaries)
    Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (ESN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (español) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (JPN) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (RUS) (Version: 4.5.50938 - Корпорация Майкрософт) Hidden
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (Русский) (Version: 4.5.50938 - Корпорация Майкрософт)
    Microsoft .NET Framework 4.5.1 (日本語) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools (x32 Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft ASP.NET MVC 2 (x32 Version: 2.0.50217.0 - Microsoft Corporation)
    Microsoft Baseline Security Analyzer 2.2 (Version: 2.2.2170 - Microsoft Corporation)
    Microsoft Expression Blend 3 SDK (x32 Version: 1.0.1343.0 - Microsoft Corporation)
    Microsoft Expression Blend 4 (x32 Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend 4 (x32 Version: 4.0.20525.0 - Microsoft Corporation) Hidden
    Microsoft Expression Blend SDK for .NET 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Blend SDK for Silverlight 4 (x32 Version: 2.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation)
    Microsoft Expression Design 4 (x32 Version: 7.0.20516.0 - Microsoft Corporation) Hidden
    Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation)
    Microsoft Expression Encoder 4 (x32 Version: 4.0.1651.0 - Microsoft Corporation) Hidden
    Microsoft Expression Encoder 4 Screen Capture Codec (x32 Version: 4.0.1651.0 - Microsoft Corporation)
    Microsoft Expression Studio 4 (x32 Version: 4.0.20525.0 - Microsoft Corporation)
    Microsoft Expression Studio 4 (x32 Version: 4.0.20525.0 - Microsoft Corporation) Hidden
    Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation)
    Microsoft Expression Web 4 (x32 Version: 4.0.1303.0 - Microsoft Corporation) Hidden
    Microsoft Expression Web 4 Service Pack 2 (x32 Version: - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)
    Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
    Microsoft Image Composite Editor (Version: 1.4.4 - Microsoft Corporation)
    Microsoft Location Finder (x32 Version: 1.2.0 - Microsoft Corporation)
    Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Project Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office SharePoint Designer 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office SharePoint Designer 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft)
    Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office SharePoint Designer MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0 - Microsoft Corporation)
    Microsoft Office Visio Professional 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Pocket Streets for Smartphone (x32 Version: 13.0.0 - Microsoft Corporation)
    Microsoft Portable Library Multi-Targeting Pack (x32 Version: 11.0.60130.00 - Microsoft Corporation) Hidden
    Microsoft Project Standard 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
    Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft Silverlight 3 SDK (x32 Version: 3.0.40818.0 - Microsoft Corporation)
    Microsoft Silverlight 4 SDK (x32 Version: 4.0.50826.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 (x32 Version: - Microsoft Corporation)
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Browser (x32 Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Common Files (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Shared (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Native Client (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Setup Support Files (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Database Publishing Wizard 1.4 (x32 Version: 10.1.2512.8 - Microsoft Corporation)
    Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x32 Version: 10.50.1750.9 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (Version: 10.3.5500.0 - Microsoft Corporation)
    Microsoft Streets & Trips 2006 with GPS Locator (x32 Version: 13.00.09.0200 - Microsoft Corporation)
    Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Basic 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C# 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: - Microsoft Corporation)
    Microsoft Visual Studio 2005 Tools for Office Runtime (x32 Version: 8.0.60940.0 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
    Microsoft Visual Web Developer 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Web Developer 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
    MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
    Mozilla Firefox 8.0 (x86 en-US) (x32 Version: 8.0 - Mozilla)
    MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
    Nortel Business Element Manager (x32 Version: 1.0.0.0 - Nortel)
    NVIDIA Drivers (Version: 1.3 - NVIDIA Corporation)
    NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
    NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
    NVIDIA Optimus Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
    NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
    PE-DESIGN NEXT (Trial Version) (x32 Version: 9.02.0000 - Brother Industries, Ltd.)
    Photosynth 2.0110.0317.1042 (x32 Version: 3.3.3.3 - Microsoft)
    PuTTY version 0.62 (x32 Version: 0.62 - Simon Tatham)
    QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
    QuickBooks File Doctor (x32 Version: 3.5.5 - Intuit)
    QuickBooks Premier: Contractor Edition 2013 (x32 Version: 23.0.4005.2305 - Intuit Inc.)
    Quicken 2011 (x32 Version: 20.1.7.4 - Intuit)
    QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
    Rack2 Folder Monitor Software (x32 Version: V5.0L52 - PFU)
    Rack2-Filer (x32 Version: 5.00.6100 - PFU) Hidden
    Rack2-Filer (x32 Version: V5.0L62 - PFU)
    Rack2-Viewer (This application may be deleted by deleting Rack2-Filer) (x32 Version: V5.0L52 - PFU)
    Remote Control USB Driver (x32 Version: 2.3.2.317 - )
    RICOH R5C83x/84x Media Driver Ver.3.53.02 (x32 Version: 3.53.02 - )
    Safari (x32 Version: 5.34.57.2 - Apple Inc.)
    Scan to Microsoft SharePoint (x32 Version: 3.4.1 - KnowledgeLake)
    ScanSnap (x32 Version: 5.1.30.19 - PFU Limited) Hidden
    ScanSnap (x32 Version: 5.1.51.23 Update - PFU Limited) Hidden
    ScanSnap (x32 Version: 5.1.62.2 - PFU Limited) Hidden
    ScanSnap Manager (x32 Version: V5.1L62 - PFU)
    ScanSnap Organizer (x32 Version: 4.1.30.16 - PFU LIMITED) Hidden
    ScanSnap Organizer (x32 Version: 4.1.41.1 - PFU LIMITED) Hidden
    ScanSnap Organizer (x32 Version: V4.1L41 - PFU)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit) (Version: 10.3.5500.0 - Microsoft Corporation)
    SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
    SketchUp 8 (x32 Version: 3.0.16846 - Trimble Navigation Limited)
    Skype Click to Call (x32 Version: 5.9.9216 - Skype Technologies S.A.)
    Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
    Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
    Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
    Synaptics Pointing Device Driver (Version: 9.0.1.3 - Synaptics)
    System Requirements Lab (x32 Version: - )
    System Requirements Lab for Intel (x32 Version: 4.5.13.0 - Husdawg, LLC)
    TopStyle Lite (Version 3.0) (x32 Version: 3.1.0 - Bradbury Software, LLC)
    Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
    Update for Microsoft Office Sharepoint Designer 2007 Help (KB963675) (x32 Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (x32 Version: 4.0.8080.0 - Microsoft Corporation)
    Visual Studio 2012 Update 2 (KB2707250) (x32 Version: 11.0.60315 - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (x32 Version: 1 - Microsoft Corporation)
    WCF RIA Services V1.0 SP1 (x32 Version: 4.1.60114.0 - Microsoft Corporation)
    Web Deployment Tool (Version: 1.1.0618 - Microsoft Corporation)
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
    Windows Mobile Device Center (Version: 6.1.6965.0 - Microsoft Corporation)
    WinHTTrack Website Copier 3.44-1 (x64) (Version: 3.44.1 - HTTrack)
    WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)
    Wireshark 1.8.6 (64-bit) (x32 Version: 1.8.6 - The Wireshark developer community, http://www.wireshark.org)
    WMV Converter 3.2 (x32 Version: - WMV Converter)
    WPF Toolkit February 2010 (Version 3.5.50211.1) (x32 Version: 3.5.50211.1 - Microsoft Corporation)
    ==================== Restore Points =========================
    14-12-2013 11:00:19 Windows Update
    16-12-2013 19:37:02 Windows Backup
    18-12-2013 15:32:16 Windows Update
    23-12-2013 17:41:49 Windows Update
    27-12-2013 22:21:28 Windows Update
    31-12-2013 17:24:21 Windows Backup
    31-12-2013 21:45:27 Windows Update
    05-01-2014 01:15:57 Windows Update
    06-01-2014 17:13:08 Windows Backup
    07-01-2014 05:10:26 Windows Backup
    08-01-2014 16:09:03 Windows Update
    12-01-2014 17:27:21 Windows Update
    13-01-2014 16:35:38 Windows Backup
    16-01-2014 17:04:58 Windows Update
    16-01-2014 17:52:47 Windows Update
    16-01-2014 18:22:49 Installed DirectX
    19-01-2014 21:45:01 Windows Update
    21-01-2014 16:38:19 Windows Backup
    22-01-2014 00:25:28 Windows Backup
    23-01-2014 23:09:22 Windows Update
    25-01-2014 22:48:00 Installed iTunes
    25-01-2014 23:47:17 Removed iTunes
    25-01-2014 23:55:25 Removed Apple Software Update
    25-01-2014 23:56:23 Removed Apple Mobile Device Support
    25-01-2014 23:57:08 Removed Bonjour
    25-01-2014 23:58:35 Removed Apple Application Support
    26-01-2014 00:25:31 Installed iTunes
    ==================== Hosts content: ==========================
    2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    ==================== Scheduled Tasks (whitelisted) =============
    Task: {1B8E5277-90AF-4451-A0AF-F18B92E341A1} - System32\Tasks\{D948E460-8438-4557-B405-2F45C204C6D5} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
    Task: {1B9F8345-B1EF-4E0E-8B30-75A33E9AA379} - System32\Tasks\Security Center Update - 2378523995 => C:\Users\David Day\AppData\Roaming\Zomyohb\veypvi.exe <==== ATTENTION
    Task: {1F811D45-C290-4613-8335-9E09AB916770} - System32\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5} => C:\Users\David Day\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    Task: {3B793411-5548-4546-A387-61B05DD4AFAD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.)
    Task: {4B1A07B3-A503-490D-B421-1C90314FD282} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {D3CB7087-DA13-46CE-A421-D6F141C57752} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
    Task: {E0377CF4-9DD1-4C03-A70B-95884BB60C13} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-05] (Google Inc.)
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job => C:\Users\David Day\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    ==================== Loaded Modules (whitelisted) =============

    ==================== Alternate Data Streams (whitelisted) =========

    ==================== Safe Mode (whitelisted) ===================
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
    ==================== Faulty Device Manager Devices =============
    Name: Security Processor Loader Driver
    Description: Security Processor Loader Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: spldr
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    Error: (01/25/2014 04:07:33 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
    Error: (01/25/2014 03:39:33 PM) (Source: Bonjour Service) (User: )
    Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 139.1.168.192.in-addr.arpa. PTR 8FMXTC1.local.
    Error: (01/25/2014 03:39:33 PM) (Source: Bonjour Service) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.1.139:5353 17 139.1.168.192.in-addr.arpa. PTR 8FMXTC1-2.local.
    Error: (01/25/2014 03:37:29 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
    Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
    Error: (01/25/2014 02:59:02 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: iTunes -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.
    Error: (01/25/2014 02:47:42 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.
    Error: (01/25/2014 02:47:42 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: iTunes -- Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.
    Error: (01/25/2014 02:47:06 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.
    Error: (01/25/2014 02:47:06 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: iTunes -- Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.
    Error: (01/25/2014 02:46:33 PM) (Source: MsiInstaller) (User: 8FMXTC1)
    Description: Product: Apple Mobile Device Support -- Error 1920. Service 'Apple Mobile Device' (Apple Mobile Device) failed to start. Verify that you have sufficient privileges to start system services.

    System errors:
    =============
    Error: (01/27/2014 03:56:10 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 03:20:54 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 02:27:07 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 02:20:54 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:45:42 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:45:42 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:45:42 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:26:37 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:20:54 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068
    Error: (01/27/2014 00:08:20 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Microsoft Office Sessions:
    =========================
    Error: (10/31/2013 04:50:18 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 56246 seconds with 60 seconds of active time. This session ended with a crash.
    Error: (06/25/2013 08:11:11 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 122472 seconds with 0 seconds of active time. This session ended with a crash.
    Error: (05/06/2013 08:24:56 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 25436 seconds with 2280 seconds of active time. This session ended with a crash.
    Error: (04/11/2013 08:51:08 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 50046 seconds with 840 seconds of active time. This session ended with a crash.
    Error: (03/23/2013 09:00:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 178459 seconds with 17520 seconds of active time. This session ended with a crash.
    Error: (07/18/2012 01:11:57 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 7, Application Name: Microsoft Office SharePoint Designer, Application Version: 12.0.6606.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 87309 seconds with 1560 seconds of active time. This session ended with a crash.
    Error: (03/18/2012 10:50:48 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 633 seconds with 360 seconds of active time. This session ended with a crash.
    Error: (12/04/2011 10:38:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 32 seconds with 0 seconds of active time. This session ended with a crash.
    Error: (12/04/2011 10:37:38 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18107 seconds with 1020 seconds of active time. This session ended with a crash.
    Error: (10/31/2011 04:27:53 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 632927 seconds with 20340 seconds of active time. This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
    Date: 2011-02-21 23:54:45.666
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\grmnusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2011-02-21 23:54:45.649
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\grmnusb.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Percentage of memory in use: 36%
    Total physical RAM: 3326.46 MB
    Available physical RAM: 2118.9 MB
    Total Pagefile: 6651.11 MB
    Available Pagefile: 5691.14 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.84 MB
    ==================== Drives ================================
    Drive c: () (Fixed) (Total:465.66 GB) (Free:278.4 GB) NTFS
    Drive e: (Utility_HD-CXU2) (CDROM) (Total:0.19 GB) (Free:0 GB) CDFS
    Drive f: (HD-CXU2) (Fixed) (Total:930.91 GB) (Free:478.59 GB) NTFS
    Drive g: () (Removable) (Total:0.46 GB) (Free:0.03 GB) FAT
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00849195)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 1 (Size: 931 GB) (Disk ID: EAC6CC18)
    Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
    ========================================================
    Disk: 2 (Size: 471 MB) (Disk ID: 006D0EC3)
    Partition 1: (Active) - (Size=471 MB) - (Type=06)
    ==================== End Of Log ============================
  5. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    What is this Google Update thing I am seeing?!? Looks suspicious to me...
  6. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    You're infected with ZeroAccess rootkit.

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    When done see if you can reconnect to the internet and boot normally.

    Attached Files:

  7. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-01-2014 02
    Ran by David at 2014-01-27 16:48:34 Run:1
    Running from C:\Users\David\Desktop
    Boot Mode: Safe Mode (minimal)
    ==============================================
    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] - [x]
    HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
    HKCU\...\Run: [YflPack] - regsvr32.exe "C:\Users\David\AppData\Local\YflPack\WdMon2.dll" <===== ATTENTION
    C:\Users\David\AppData\Local\YflPack\WdMon2.dll
    HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\DAVID\AppData\Local\Temp\spxbvjn\sjoverm\wow.dll ATTENTION! ====> ZeroAccess?
    MountPoints2: E - E:\Windows\CHECK\DriveNavigator.exe
    Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
    Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
    C:\Users\David\AppData\Local\Google\Desktop\Install
    C:\$Recycle.Bin\S-1-5-21-1877471262-2881997727-3604617974-1001\$483563bd32fe987a1329543b37b1bdd2
    C:\Users\David\acrobatreader.exe
    C:\Users\David\flashplayer.exe
    C:\Users\David\mstsc.exe
    C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job
    C:\Users\David\AppData\Local\Temp\ose00000.exe
    C:\Users\David\AppData\Local\Temp\_is279C.exe
    C:\Users\David\AppData\Local\Temp\_is6779.exe
    C:\Users\David\AppData\Local\Temp\_isD76A.exe
    Task: {1B9F8345-B1EF-4E0E-8B30-75A33E9AA379} - System32\Tasks\Security Center Update - 2378523995 => C:\Users\David\AppData\Roaming\Zomyohb\veypvi.exe <==== ATTENTION
    C:\Users\David\AppData\Roaming\Zomyohb\veypvi.exe
    Task: {1F811D45-C290-4613-8335-9E09AB916770} - System32\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5} => C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    Task: C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job => C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe
    *****************
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\YflPack => Value not found.
    C:\Users\David\AppData\Local\YflPack\WdMon2.dll => Moved successfully.
    HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully. If the key returned, move the associated file, reboot and list the key for deletion.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => Key deleted successfully.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Value deleted successfully.
    HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} => Key not found.
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Value deleted successfully.
    HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => Key not found.
    HKCR\PROTOCOLS\Handler\intu-help-qb6 => Key deleted successfully.
    HKCR\CLSID\{6898B29B-BF49-43cb-A0B1-D0B9496AF491} => Key not found.
    HKCR\PROTOCOLS\Handler\qbwc => Key deleted successfully.
    HKCR\CLSID\{FC598A64-626C-4447-85B8-53150405FD57} => Key not found.
    HKCR\PROTOCOLS\Handler\skype-ie-addon-data => Key deleted successfully.
    HKCR\CLSID\{91774881-D725-4E58-B298-07617B9B86A8} => Key not found.
    C:\Users\David\AppData\Local\Google\Desktop\Install => Moved successfully.
    C:\$Recycle.Bin\S-1-5-21-1877471262-2881997727-3604617974-1001\$483563bd32fe987a1329543b37b1bdd2 => Moved successfully.
    C:\Users\David\acrobatreader.exe => Moved successfully.
    C:\Users\David\flashplayer.exe => Moved successfully.
    C:\Users\David\mstsc.exe => Moved successfully.
    C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job => Moved successfully.
    C:\Users\David\AppData\Local\Temp\ose00000.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\_is279C.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\_is6779.exe => Moved successfully.
    C:\Users\David\AppData\Local\Temp\_isD76A.exe => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B9F8345-B1EF-4E0E-8B30-75A33E9AA379} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B9F8345-B1EF-4E0E-8B30-75A33E9AA379} => Key deleted successfully.
    C:\Windows\System32\Tasks\Security Center Update - 2378523995 => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Security Center Update - 2378523995 => Key deleted successfully.
    "C:\Users\David\AppData\Roaming\Zomyohb\veypvi.exe" => File/Directory not found.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F811D45-C290-4613-8335-9E09AB916770} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F811D45-C290-4613-8335-9E09AB916770} => Key deleted successfully.
    C:\Windows\System32\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5} => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4E64F3BB-2278-4A41-A7C3-7257401B92A5} => Key deleted successfully.
    "C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe" => File/Directory not found.
    C:\Windows\Tasks\{4E64F3BB-2278-4A41-A7C3-7257401B92A5}.job not found.
    "C:\Users\David\AppData\Local\dd675aa5-d7bd-401a-a026-f93aaec7dea8ad\ddaadbdaafaaecdeaad.exe" => File/Directory not found.
    ==== End of Fixlog ====
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

  9. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Ok, iexplore.exe not spawning multiple copies anymore, but dllhost.exe (COM Surrogate) spawns 20 or so instances, slowly drops to 2 instances, and then repeats over and over. CPU usage is well down from the 100% that it previously was, but has odd spikes when no user activity taking place, and spawning dllhost instances.
  10. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Most likely you're still infected.
    I just need to know if you can operate your computer fairly normally while connected and in normal mode.

    [​IMG] Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  11. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Vastly improved after running MBAR, although had two challenges running RogueKiller. First, it appears that RogueKiller got stuck checking process dllhost.exe (probably because the process kept deleting and recreating instances of itself). I gave up after several hours of it not appearing to make any headway and went on to MBAR before returning to RogueKiller. Second, when it appeared to finish prescanning, RogueKiller displayed a dialog box stating, "Error: Your version is outdated. Please download the new version. Download it on the website? (Y/N)". Clicking 'Yes' took me to http://www.adlice.com/softwares/roguekiller/, and at the RogueKiller Download page, and clicking 'No' brought up the French and somewhat broken-English EULA that references the developer 'Tigzy' and downloading the software from sur-la-toile.com (or Geekstogo.com), not adlice.com. Probably something I should mention to Tigzy, but mention it here for the benefit of the group.
    Anyway, the version I downloaded from your link above appears to be V8.8.3, and the version available from the geekstogo.com site appears to be V8.8.4. I downloaded the updated version and completed a full scan. MBAR reported (and cleaned) Hijack.SHELL32 and things have been much better since. Logs follow…
  12. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2014.01.29.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    David :: 8FMXTC1 [administrator]
    1/28/2014 9:22:15 PM
    mbam-log-2014-01-28 (21-22-15).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 323709
    Time elapsed: 25 minute(s), 11 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
  13. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org
    Database version: v2014.01.29.08
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    David :: 8FMXTC1 [administrator]
    1/29/2014 12:27:43 PM
    mbar-log-2014-01-29 (12-27-43).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 341028
    Time elapsed: 21 minute(s), 10 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Hijack.SHELL32) -> Bad: (\\?\globalroot\Device\HarddiskVolume2\Users\DAVID\AppData\Local\Temp\spxbvjn\sjoverm\wow.dll) Good: (SHELL32.dll) -> Replace on reboot.
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)
     
  14. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16476
    Java version: 1.6.0_39
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.163000 GHz
    Memory total: 3488051200, free: 1565233152
    =======================================

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    (c) Malwarebytes Corporation 2011-2012
    OS version: 6.1.7601 Windows 7 Service Pack 1 x64
    Account is Administrative
    Internet Explorer version: 11.0.9600.16476
    Java version: 1.6.0_39
    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, F:\ DRIVE_FIXED
    CPU speed: 2.163000 GHz
    Memory total: 3488051200, free: 1540100096
    Downloaded database version: v2014.01.29.08
    Downloaded database version: v2013.12.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    01/29/2014 12:27:33
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\intelide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vmbus.sys
    \SystemRoot\system32\drivers\winhv.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\MpFilter.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\vmstorfl.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\serial.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\system32\drivers\csc.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETwLv64.sys
    \SystemRoot\system32\DRIVERS\b57nd60a.sys
    \SystemRoot\system32\DRIVERS\usbuhci.sys
    \SystemRoot\system32\DRIVERS\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\usbehci.sys
    \SystemRoot\system32\drivers\1394ohci.sys
    \SystemRoot\system32\drivers\sdbus.sys
    \SystemRoot\system32\DRIVERS\rimmpx64.sys
    \SystemRoot\system32\DRIVERS\rimspx64.sys
    \SystemRoot\system32\DRIVERS\rixdpx64.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\serenum.sys
    \SystemRoot\system32\DRIVERS\parport.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\rdpbus.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\HdAudio.sys
    \SystemRoot\system32\DRIVERS\VSTAZL6.SYS
    \SystemRoot\system32\DRIVERS\VSTDPV6.SYS
    \SystemRoot\system32\DRIVERS\VSTCNXT6.SYS
    \SystemRoot\system32\drivers\modem.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_dumpata.sys
    \SystemRoot\System32\Drivers\dump_atapi.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\System32\Drivers\oz776x64.sys
    \SystemRoot\System32\Drivers\SMCLIB.SYS
    \SystemRoot\System32\DRIVERS\scfilter.sys
    \SystemRoot\system32\drivers\bcbtums.sys
    \SystemRoot\system32\drivers\HIDPARSE.SYS
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\rfcomm.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\bthpan.sys
    \SystemRoot\system32\DRIVERS\bthmodem.sys
    \SystemRoot\system32\DRIVERS\hidbth.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\drivers\hidusb.sys
    \SystemRoot\system32\DRIVERS\lvbflt64.sys
    \SystemRoot\system32\drivers\usbccgp.sys
    \SystemRoot\system32\drivers\usbaudio.sys
    \SystemRoot\system32\DRIVERS\lvrs64.sys
    \SystemRoot\system32\DRIVERS\lvuvc64.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\npf.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\system32\drivers\WudfPf.sys
    \SystemRoot\system32\DRIVERS\WUDFRd.sys
    \SystemRoot\system32\drivers\btusb64h.sys
    \SystemRoot\system32\drivers\bautpw64.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\user32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\usp10.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\nsi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\shell32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR3
    Upper Device Object: 0xfffffa80077386d0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a4\
    Lower Device Object: 0xfffffa800332e880
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk2\DR2
    Upper Device Object: 0xfffffa8007b0d790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\000000a0\
    Lower Device Object: 0xfffffa8006c07b60
    Lower Device Driver Name: \Driver\USBSTOR\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80036ea5d0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
    Lower Device Object: 0xfffffa8003181680
    Lower Device Driver Name: \Driver\atapi\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80036ea5d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80036eb040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80036ea5d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8002759e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8003181680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 849195
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 976564224
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 500107862016 bytes
    Sector size: 512 bytes
    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa80077386d0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8005d0e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80064b9df0, DeviceName: Unknown, DriverName: \Driver\bautpw64\
    DevicePointer: 0xfffffa80090eb870, DeviceName: Unknown, DriverName: \Driver\btusb64h\
    DevicePointer: 0xfffffa80077386d0, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800332e880, DeviceName: \Device\000000a4\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: Unknown, DriverName: \Driver\bautpw64\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: EAC6CC18
    Partition information:
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 1952250867
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 999554703360 bytes
    Sector size: 512 bytes
    Done!
    Physical Sector Size: 512
    Drive: 2, DevicePointer: 0xfffffa8007b0d790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80073f8110, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007b0d790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8006c07b60, DeviceName: \Device\000000a0\, DriverName: \Driver\USBSTOR\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 2
    Scanning MBR on drive 2...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 6D0EC3
    Partition information:
    Partition 0 type is Other (0x6)
    Partition is ACTIVE.
    Partition starts at LBA: 32 Numsec = 964576
    Partition file system is FAT
    Partition is not bootable
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0
    Disk Size: 493879296 bytes
    Sector size: 512 bytes
    Done!
    Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Hijack.SHELL32]
    Scan finished
    Creating System Restore point...
    Cleaning up...
    Removal successful. No system shutdown is required.
    =======================================

    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-32-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
    Removal finished
  15. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    RogueKiller V8.8.4 _x64_ [Jan 27 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Scan -- Date : 01/29/2014 15:10:35
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Browser Addons : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST95005620AS ATA Device +++++
    --- User ---
    [MBR] 5b6cf0f7df441e501d0cd165c3625ca6
    [BSP] 747e446e213855202e20b84ff6dee4e7 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB Device +++++
    --- User ---
    [MBR] 6f71b218a8c49a78e2a936700d6573c7
    [BSP] a5f248a8cc10d69aed4fc9133b89d45b : Empty MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 470 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) BUFFALO HD-CXU2 USB Device +++++
    --- User ---
    [MBR] 6efd4d191a6314c963228fe46aeb49c1
    [BSP] 39e60acea9ce63c04edb6d6a88c2f6b3 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953247 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    Finished : << RKreport[0]_S_01292014_151035.txt >>
  16. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    RogueKiller V8.8.4 _x64_ [Jan 27 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : David [Admin rights]
    Mode : Remove -- Date : 01/29/2014 15:15:36
    | ARK || FAK || MBR |
    ¤¤¤ Bad processes : 0 ¤¤¤
    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
    ¤¤¤ Scheduled tasks : 0 ¤¤¤
    ¤¤¤ Startup Entries : 0 ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ Browser Addons : 0 ¤¤¤
    ¤¤¤ Particular Files / Folders: ¤¤¤
    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
    ¤¤¤ External Hives: ¤¤¤
    ¤¤¤ Infection : ¤¤¤
    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    ¤¤¤ MBR Check: ¤¤¤
    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST95005620AS ATA Device +++++
    --- User ---
    [MBR] 5b6cf0f7df441e501d0cd165c3625ca6
    [BSP] 747e446e213855202e20b84ff6dee4e7 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!
    +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) USB Device +++++
    --- User ---
    [MBR] 6f71b218a8c49a78e2a936700d6573c7
    [BSP] a5f248a8cc10d69aed4fc9133b89d45b : Empty MBR Code
    Partition table:
    0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 470 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    +++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) BUFFALO HD-CXU2 USB Device +++++
    --- User ---
    [MBR] 6efd4d191a6314c963228fe46aeb49c1
    [BSP] 39e60acea9ce63c04edb6d6a88c2f6b3 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953247 Mo
    User = LL1 ... OK!
    Error reading LL2 MBR! ([0x32] The request is not supported. )
    Finished : << RKreport[0]_D_01292014_151536.txt >>
    RKreport[0]_S_01292014_151035.txt
  17. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  18. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    ComboFix 14-01-29.01 - David 01/29/2014 20:39:56.1.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3326.1509 [GMT -8:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\David\AppData\Local\Microsoft\Windows\Temporary Internet Files\offlineEcoBox.html
    c:\users\David\GoToAssistDownloadHelper.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-12-28 to 2014-01-30 )))))))))))))))))))))))))))))))
    .
    .
    2014-01-30 04:54 . 2014-01-30 04:54 -------- d-----w- c:\users\QBDataServiceUser23\AppData\Local\temp
    2014-01-30 04:54 . 2014-01-30 04:54 -------- d-----w- c:\users\QBDataServiceUser21\AppData\Local\temp
    2014-01-30 04:54 . 2014-01-30 04:54 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
    2014-01-30 04:54 . 2014-01-30 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-01-30 04:54 . 2014-01-30 04:54 -------- d-----w- c:\users\David\AppData\Local\temp
    2014-01-30 00:02 . 2014-01-30 00:03 -------- d-----w- c:\users\David\AppData\Local\CrashDumps
    2014-01-29 20:27 . 2014-01-29 21:33 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-01-29 20:27 . 2014-01-29 20:27 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-01-29 20:24 . 2014-01-29 20:25 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-01-29 18:55 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BC68438-4289-499B-8877-6757BBB3DFF1}\mpengine.dll
    2014-01-28 23:15 . 2014-01-28 23:18 -------- d-----w- c:\program files (x86)\Administrative Tools
    2014-01-28 05:06 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-01-27 23:56 . 2014-01-27 23:56 -------- d-----w- C:\FRST
    2014-01-26 23:19 . 2014-01-26 23:22 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2014-01-26 23:06 . 2014-01-26 23:08 -------- d-----w- c:\programdata\HitmanPro
    2014-01-26 20:18 . 2014-01-26 20:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-01-26 20:18 . 2013-04-04 22:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-01-26 20:18 . 2014-01-26 20:18 -------- d-----w- c:\users\David\AppData\Local\Programs
    2014-01-26 00:31 . 2012-08-21 21:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2014-01-26 00:27 . 2014-01-26 00:27 -------- d-----w- c:\program files\iPod
    2014-01-26 00:26 . 2014-01-26 00:31 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-01-26 00:26 . 2014-01-26 00:30 -------- d-----w- c:\program files\iTunes
    2014-01-26 00:25 . 2014-01-26 00:25 -------- d-----w- c:\program files (x86)\Apple Software Update
    2014-01-26 00:24 . 2014-01-26 00:24 -------- d-----w- c:\program files\Bonjour
    2014-01-26 00:24 . 2014-01-26 00:24 -------- d-----w- c:\program files (x86)\Bonjour
    2014-01-24 19:56 . 2014-01-28 00:48 -------- d-----w- c:\users\David\AppData\Local\YflPack
    2014-01-23 23:11 . 2013-10-19 17:59 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6C71EC3D-64FE-41BA-9592-DC010E0C2650}\gapaengine.dll
    2014-01-16 18:23 . 2010-05-26 19:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
    2014-01-16 18:23 . 2010-05-26 19:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
    2014-01-16 18:23 . 2010-05-26 19:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
    2014-01-16 18:23 . 2010-05-26 19:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
    2014-01-16 18:23 . 2010-05-26 19:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
    2014-01-16 18:23 . 2010-05-26 19:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
    2014-01-16 18:22 . 2013-12-10 02:15 982232 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-01-16 18:22 . 2013-12-10 02:14 1100248 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-01-16 18:22 . 2014-01-19 01:21 -------- d-----w- c:\programdata\NVIDIA Corporation
    2014-01-16 18:21 . 2014-01-16 18:28 -------- d-----w- c:\users\David\AppData\Local\NVIDIA
    2014-01-16 18:21 . 2014-01-16 18:22 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2014-01-16 18:21 . 2013-12-05 08:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
    2014-01-16 18:21 . 2013-12-05 08:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
    2014-01-16 18:21 . 2013-12-05 08:42 32544 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
    2014-01-16 18:20 . 2014-01-16 18:22 -------- d-----w- c:\program files\NVIDIA Corporation
    2014-01-15 22:32 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-01-15 22:32 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-01-15 22:32 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-01-15 22:32 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-01-15 22:32 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2014-01-15 22:32 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-01-15 22:32 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-01-15 22:32 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-01-15 22:32 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-01-19 07:33 . 2011-02-18 20:49 270496 ------w- c:\windows\system32\MpSigStub.exe
    2014-01-16 17:06 . 2011-02-19 21:21 86054176 ----a-w- c:\windows\system32\MRT.exe
    2013-11-26 11:54 . 2013-12-12 15:07 23183360 ----a-w- c:\windows\system32\mshtml.dll
    2013-11-26 10:19 . 2013-12-12 15:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-26 10:18 . 2013-12-12 15:07 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2013-11-26 09:48 . 2013-12-12 15:07 66048 ----a-w- c:\windows\system32\iesetup.dll
    2013-11-26 09:46 . 2013-12-12 15:07 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2013-11-26 09:41 . 2013-12-12 15:07 2764288 ----a-w- c:\windows\system32\iertutil.dll
    2013-11-26 09:29 . 2013-12-12 15:07 53760 ----a-w- c:\windows\system32\jsproxy.dll
    2013-11-26 09:27 . 2013-12-12 15:07 33792 ----a-w- c:\windows\system32\iernonce.dll
    2013-11-26 09:23 . 2013-12-12 15:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-11-26 09:21 . 2013-12-12 15:07 574976 ----a-w- c:\windows\system32\ieui.dll
    2013-11-26 09:18 . 2013-12-12 15:07 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-26 09:18 . 2013-12-12 15:07 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2013-11-26 09:16 . 2013-12-12 15:07 708608 ----a-w- c:\windows\system32\jscript9diag.dll
    2013-11-26 08:57 . 2013-12-12 15:07 218624 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-11-26 08:35 . 2013-12-12 15:07 5769216 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-26 08:28 . 2013-12-12 15:07 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2013-11-26 08:16 . 2013-12-12 15:07 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-11-26 08:02 . 2013-12-12 15:07 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-26 07:48 . 2013-12-12 15:07 12996608 ----a-w- c:\windows\system32\ieframe.dll
    2013-11-26 07:32 . 2013-12-12 15:07 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-11-26 07:07 . 2013-12-12 15:07 2334208 ----a-w- c:\windows\system32\wininet.dll
    2013-11-26 06:40 . 2013-12-12 15:07 1395200 ----a-w- c:\windows\system32\urlmon.dll
    2013-11-26 06:34 . 2013-12-12 15:07 817664 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-11-26 06:33 . 2013-12-12 15:07 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-11-23 18:26 . 2013-12-11 16:42 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47 . 2013-12-11 16:42 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-21 18:03 . 2013-11-21 18:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-21 18:03 . 2013-11-21 18:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-21 18:03 . 2013-11-21 18:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-21 18:03 . 2013-11-21 18:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
    2013-11-21 18:03 . 2013-11-21 18:03 235008 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-21 18:03 . 2013-11-21 18:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-21 18:03 . 2013-11-21 18:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-21 18:03 . 2013-11-21 18:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-21 18:03 . 2013-11-21 18:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2013-11-21 18:03 . 2013-11-21 18:03 337408 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-21 18:03 . 2013-11-21 18:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-21 18:03 . 2013-11-21 18:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-21 18:03 . 2013-11-21 18:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2013-11-21 18:03 . 2013-11-21 18:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2013-11-21 18:03 . 2013-11-21 18:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-21 18:03 . 2013-11-21 18:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-21 18:03 . 2013-11-21 18:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-21 18:03 . 2013-11-21 18:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-21 18:03 . 2013-11-21 18:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-21 18:03 . 2013-11-21 18:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-21 18:03 . 2013-11-21 18:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-21 18:03 . 2013-11-21 18:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-21 18:03 . 2013-11-21 18:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-21 18:03 . 2013-11-21 18:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-21 18:03 . 2013-11-21 18:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
    2013-11-21 18:03 . 2013-11-21 18:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-21 18:03 . 2013-11-21 18:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-21 18:03 . 2013-11-21 18:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-21 18:03 . 2013-11-21 18:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-21 18:03 . 2013-11-21 18:03 247808 ----a-w- c:\windows\system32\msls31.dll
    2013-11-21 18:03 . 2013-11-21 18:03 195584 ----a-w- c:\windows\system32\msrating.dll
    2013-11-21 18:03 . 2013-11-21 18:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-21 18:03 . 2013-11-21 18:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-21 18:03 . 2013-11-21 18:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-21 18:03 . 2013-11-21 18:03 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-21 18:03 . 2013-11-21 18:03 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-21 18:03 . 2013-11-21 18:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-21 18:03 . 2013-11-21 18:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-21 18:03 . 2013-11-21 18:03 413696 ----a-w- c:\windows\system32\html.iec
    2013-11-21 18:03 . 2013-11-21 18:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2013-11-21 18:03 . 2013-11-21 18:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-21 18:03 . 2013-11-21 18:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-21 18:03 . 2013-11-21 18:03 243200 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-21 18:03 . 2013-11-21 18:03 235520 ----a-w- c:\windows\system32\url.dll
    2013-11-21 18:03 . 2013-11-21 18:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-21 18:03 . 2013-11-21 18:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-21 18:03 . 2013-11-21 18:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-21 18:03 . 2013-11-21 18:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2013-11-21 18:03 . 2013-11-21 18:03 774144 ----a-w- c:\windows\system32\jscript.dll
    2013-11-21 18:03 . 2013-11-21 18:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-21 18:03 . 2013-11-21 18:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-21 18:03 . 2013-11-21 18:03 548352 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-21 18:03 . 2013-11-21 18:03 48128 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-21 18:03 . 2013-11-21 18:03 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-21 18:03 . 2013-11-21 18:03 147968 ----a-w- c:\windows\system32\occache.dll
    2013-11-21 18:03 . 2013-11-21 18:03 143872 ----a-w- c:\windows\system32\wextract.exe
    2013-11-21 18:03 . 2013-11-21 18:03 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-21 18:03 . 2013-11-21 18:03 135680 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-21 18:03 . 2013-11-21 18:03 101376 ----a-w- c:\windows\system32\inseng.dll
    2013-11-12 02:23 . 2013-12-11 16:42 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-11-12 02:07 . 2013-12-11 16:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
    "ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-01-20 43848]
    "ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568]
    "Rkiwrtk"="c:\program files (x86)\PFU\Rack2\RKiwrtK.exe" [2011-03-22 66952]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2014-01-16 3774776]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-01-21 152392]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    CardMinder Viewer.lnk - c:\program files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe [2012-3-14 77824]
    Conversion to PDF with ScanSnap Organizer.lnk - c:\program files (x86)\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2012-3-14 15360]
    Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-15 6282040]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-1-16 1182536]
    QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2013\QBW32.EXE -silent [2014-1-16 1185096]
    ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2012-3-14 1097728]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314_64.sys;c:\windows\SYSNATIVE\DRIVERS\drxvi314_64.sys [x]
    R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr_64.sys;c:\windows\SYSNATIVE\DRIVERS\BcmBusCtr_64.sys [x]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
    R3 DIFMBUS;Franklin EVDO USB Modem Composite Device Driver;c:\windows\system32\DRIVERS\DIFMBUS.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMBUS.sys [x]
    R3 DIFMCVsp;Franklin EVDO USB Modem CM Port;c:\windows\system32\DRIVERS\DIFMCVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMCVsp.sys [x]
    R3 DIFMMdm;Franklin EVDO USB Modem;c:\windows\system32\DRIVERS\DIFMMdm.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMMdm.sys [x]
    R3 DIFMNET;Franklin EVDO USB Modem Network Adapter;c:\windows\system32\DRIVERS\DIFMNET.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMNET.sys [x]
    R3 DIFMNVsp;Franklin EVDO USB Modem NMEA Port Serial Port;c:\windows\system32\DRIVERS\DIFMNVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMNVsp.sys [x]
    R3 DIFMVsp;Franklin EVDO USB Modem Diagnostics Port;c:\windows\system32\DRIVERS\DIFMVsp.sys;c:\windows\SYSNATIVE\DRIVERS\DIFMVsp.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
    R3 QuickBooksDB23;QuickBooksDB23;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe;c:\progra~2\Intuit\QUICKB~2\QBDBMgrN.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe;c:\windows\SYSNATIVE\BtwRSupportService.exe [x]
    S2 Bufssvr;Bufssvr;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe;c:\program files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe [x]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
    S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
    S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S3 bautpw64;BUFFALO eco manager for HD Filter;c:\windows\system32\drivers\bautpw64.sys;c:\windows\SYSNATIVE\drivers\bautpw64.sys [x]
    S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
    S3 btusb64h;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\btusb64h.sys;c:\windows\SYSNATIVE\drivers\btusb64h.sys [x]
    S3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x]
    S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    S3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys;c:\windows\SYSNATIVE\DRIVERS\NETwLv64.sys [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 05:48]
    .
    2014-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06 05:48]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 15960096]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 82464]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-16 963072]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-24 1266912]
    "NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:Tabs
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 75.75.75.75 192.168.1.1
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
    DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} - hxxp://www.co.jefferson.wa.us/imw32o40.cab
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\
    FF - ExtSQL: !HIDDEN! 1970-05-29 00:23; {8F9302F8-8A8C-7292-8375-186488E85FE4}; -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Applet - c:\windows\system32\javaws.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\/*f%]
    "Successes"=dword:00000000
    "Failures"=dword:0000000f
    "{61A2EFB2-1DD4-4FF2-929D-17FF40D0898D}"=hex:00,18,39,fa,88,a6
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-01-29 21:07:51
    ComboFix-quarantined-files.txt 2014-01-30 05:07
    .
    Pre-Run: 289,626,464,256 bytes free
    Post-Run: 289,690,238,976 bytes free
    .
    - - End Of File - - 62F84A09D13276D929EDA3AB9E03A88A
    A36C5E4F47E84449FF07ED3517B43A31
  19. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  20. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    CPU and memory performing well, but received blank page for Google and Yahoo. Other sites worked fine, including Bing. Hosts file blank, so replaced with default contents and they returned. More logs follow...
  21. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    # AdwCleaner v3.018 - Report created 29/01/2014 at 22:16:30
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : David - 8FMXTC1
    # Running from : C:\Users\David\Desktop\adwcleaner.exe
    # Option : Clean
    ***** [ Services ] *****

    ***** [ Files / Folders ] *****
    Folder Deleted : C:\Users\David\AppData\Local\PackageAware
    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.16428

    -\\ Mozilla Firefox v8.0 (en-US)
    [ File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\prefs.js ]

    *************************
    AdwCleaner[R0].txt - [1867 octets] - [29/01/2014 22:03:46]
    AdwCleaner[S0].txt - [1814 octets] - [29/01/2014 22:16:30]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1874 octets] ##########
  22. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.0 (01.07.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by David on Wed 01/29/2014 at 22:25:13.80
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 01/29/2014 at 22:43:47.28
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  23. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    OTL logfile created on: 1/29/2014 10:54:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 54.44% Memory free
    6.50 Gb Paging File | 4.48 Gb Available in Paging File | 69.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 269.60 Gb Free Space | 57.90% Space Free | Partition Type: NTFS
    Drive E: | 197.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 930.91 Gb Total Space | 478.46 Gb Free Space | 51.40% Space Free | Partition Type: NTFS

    Computer Name: 8FMXTC1 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/01/29 21:48:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    PRC - [2014/01/16 10:05:16 | 001,182,536 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2014/01/16 10:03:56 | 001,185,096 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE
    PRC - [2014/01/16 09:15:02 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2013/12/18 10:42:48 | 000,840,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\adobe\Acrobat 10.0\Acrobat\acrotray.exe
    PRC - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/12/09 18:22:32 | 002,279,712 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    PRC - [2013/12/09 18:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    PRC - [2013/01/10 08:45:12 | 001,097,728 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
    PRC - [2012/12/22 22:53:46 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
    PRC - [2012/12/22 22:52:02 | 000,679,936 | ---- | M] (Intuit, Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
    PRC - [2012/07/12 20:12:14 | 000,634,880 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\SSFolder\SSFolderTray.exe
    PRC - [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    PRC - [2011/11/11 13:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    PRC - [2011/11/11 13:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    PRC - [2011/08/12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    PRC - [2011/03/22 10:38:24 | 000,066,952 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe
    PRC - [2011/01/19 11:36:30 | 000,077,824 | ---- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardLauncher.exe
    PRC - [2009/09/30 09:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
    PRC - [2009/07/02 22:20:26 | 000,148,856 | -H-- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Inputps.exe
    PRC - [2009/06/17 01:20:26 | 000,095,536 | -H-- | M] (BUFFALO INC.) -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


    ========== Modules (No Company Name) ==========

    MOD - [2014/01/20 13:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2014/01/20 13:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2014/01/16 10:04:46 | 000,128,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.DLL
    MOD - [2014/01/16 10:04:44 | 000,141,640 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll
    MOD - [2014/01/16 10:04:40 | 000,021,832 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.DLL
    MOD - [2014/01/16 10:04:28 | 000,042,824 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll
    MOD - [2014/01/16 10:04:18 | 000,570,696 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.DLL
    MOD - [2014/01/16 10:04:18 | 000,415,560 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll
    MOD - [2014/01/16 10:04:06 | 000,176,968 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll
    MOD - [2014/01/16 10:04:04 | 000,269,128 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll
    MOD - [2014/01/16 10:04:02 | 000,529,224 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll
    MOD - [2013/12/05 18:51:20 | 002,997,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5fe10bae336585d4703262f1f2d110ee\System.IdentityModel.ni.dll
    MOD - [2013/12/05 18:51:13 | 019,693,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\5bca89765ee92dd6018c3782247dba9b\System.ServiceModel.ni.dll
    MOD - [2013/12/05 18:31:43 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a2eb039301af47660eebc7566ce02b9c\PresentationFramework.ni.dll
    MOD - [2013/12/05 18:31:20 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\5c250132c9d7fb45ec9b331ec2e4ef2e\SMDiagnostics.ni.dll
    MOD - [2013/12/05 18:31:19 | 000,806,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\3b483737ce19c597d351cdb1f4eb3da0\System.ServiceModel.Internals.ni.dll
    MOD - [2013/12/05 18:31:18 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\66ce786a0b16af8c3f5c480cd6e84376\System.Runtime.Serialization.ni.dll
    MOD - [2013/12/05 18:30:40 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d91f3556f8011a5d48e1448e3fa8df9e\System.Xml.ni.dll
    MOD - [2013/12/05 18:30:38 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b9fe579783a35b57dd7e69375f35e239\PresentationCore.ni.dll
    MOD - [2013/12/05 18:30:28 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1f56d5786274992934de0c900431c447\System.Configuration.ni.dll
    MOD - [2013/12/05 18:30:18 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ef90aeb894485d14b249d102309b6df3\WindowsBase.ni.dll
    MOD - [2013/12/05 18:30:16 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4e69f1e7d86d79012db2d7e0dadc8880\System.Core.ni.dll
    MOD - [2013/12/05 18:30:03 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\639f444db9491d25b5d158531e1f7d9b\System.Xaml.ni.dll
    MOD - [2013/12/05 18:29:57 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\79f6324a598a7c4446a4a1168be7c4b1\System.ni.dll
    MOD - [2013/12/05 18:29:31 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\045c9588954c3662d542b53f4462268b\mscorlib.ni.dll
    MOD - [2012/12/22 22:53:04 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll
    MOD - [2012/01/18 15:35:18 | 000,385,024 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsConfig.dll
    MOD - [2011/12/14 20:49:20 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsExtention.dll
    MOD - [2011/11/11 13:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    MOD - [2011/11/11 13:07:54 | 000,265,240 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    MOD - [2011/08/12 11:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
    MOD - [2011/03/01 22:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
    MOD - [2011/03/01 22:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
    MOD - [2011/03/01 22:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
    MOD - [2011/03/01 22:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
    MOD - [2011/03/01 22:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
    MOD - [2010/08/24 15:56:50 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
    MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
    MOD - [2008/11/12 14:32:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\CardMinder\CardPath.dll
    MOD - [2003/03/26 17:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/12/09 18:20:28 | 015,129,376 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
    SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:64bit: - [2013/10/28 18:02:18 | 002,255,064 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
    SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2014/01/16 09:15:02 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2013/12/18 10:42:34 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/12/09 18:21:14 | 001,494,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/22 22:53:46 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
    SRV - [2012/12/22 22:53:14 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2012/12/22 22:52:02 | 000,679,936 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe -- (QuickBooksDB23)
    SRV - [2012/01/17 22:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
    SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
    SRV - [2010/11/20 04:19:22 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
    SRV - [2010/11/20 04:18:04 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
    SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
    SRV - [2009/06/17 01:20:26 | 000,095,536 | -H-- | M] (BUFFALO INC.) [Auto | Running] -- C:\Program Files (x86)\BUFFALO\SLManagerEasy\Bufssvr.exe -- (Bufssvr)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/12/05 00:42:30 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
    DRV:64bit: - [2013/10/28 18:02:18 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2013/10/28 18:02:16 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
    DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2013/02/11 20:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
    DRV:64bit: - [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
    DRV:64bit: - [2012/01/17 22:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
    DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/07 03:11:52 | 007,533,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwLv64.sys -- (NETwLv64)
    DRV:64bit: - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
    DRV:64bit: - [2010/05/04 11:50:38 | 000,123,976 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMNET.sys -- (DIFMNET)
    DRV:64bit: - [2010/04/28 12:03:06 | 000,181,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMVsp.sys -- (DIFMVsp)
    DRV:64bit: - [2010/04/28 12:03:04 | 000,181,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMNVsp.sys -- (DIFMNVsp)
    DRV:64bit: - [2010/04/28 12:03:04 | 000,181,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMMdm.sys -- (DIFMMdm)
    DRV:64bit: - [2010/04/28 12:03:04 | 000,181,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMCVsp.sys -- (DIFMCVsp)
    DRV:64bit: - [2010/04/28 12:03:04 | 000,069,960 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DIFMBUS.sys -- (DIFMBUS)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/26 20:08:34 | 000,359,040 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
    DRV:64bit: - [2010/03/26 20:04:34 | 000,062,976 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
    DRV:64bit: - [2009/09/09 17:19:38 | 000,085,280 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\oz776x64.sys -- (guardian2)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/07/10 19:12:32 | 000,016,000 | -H-- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bautpw64.sys -- (bautpw64)
    DRV:64bit: - [2009/06/24 11:31:36 | 000,028,728 | -H-- | M] (BUFFALO INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusb64h.sys -- (btusb64h)
    DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
    DRV:64bit: - [2007/07/27 19:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2007/07/26 20:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2007/03/19 12:09:36 | 000,055,808 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2006/11/15 18:07:00 | 000,294,200 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 E1 31 DE AB CF CB 01 [binary data]
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\..\SearchScopes\{388B8743-CE4B-4AFF-A0D6-507F9F684D9F}: "URL" = https://www.google.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

    IE - HKU\S-1-5-21-1877471262-2881997727-3604617974-1012\..\SearchScopes,DefaultScope =

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
    FF - prefs.js..extensions.enabledAddons: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:4.0.4
    FF - prefs.js..extensions.enabledAddons: web2pdfextension@web2pdf.adobedotcom:1.2
    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files (x86)\Photosynth\npPhotosynthMozilla.dll ()
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/01/16 10:01:19 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\mozilla firefox\components [2013/06/20 00:04:45 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\mozilla firefox\plugins [2014/01/16 10:01:25 | 000,000,000 | ---D | M]

    [2011/02/18 20:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
    [2014/01/24 11:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\extensions
    [2013/04/25 19:26:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2014/01/24 11:56:51 | 000,000,000 | ---D | M] (CFindNetPrinters Class) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\afczr20e.default\extensions\{8F9302F8-8A8C-7292-8375-186488E85FE4}
    [2013/02/13 22:44:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2012/04/23 13:33:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/06/13 14:48:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2012/08/31 14:44:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
    [2012/11/21 00:18:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    [2013/02/13 22:44:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    [2014/01/16 10:01:19 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
    [2011/11/13 09:31:05 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/13 09:31:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/13 09:31:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2014/01/29 22:10:23 | 000,000,833 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
    O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Rkiwrtk] C:\Program Files (x86)\PFU\Rack2\RKiwrtK.exe (PFU LIMITED)
    O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
    O4 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1012..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1012..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  24. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1012\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1877471262-2881997727-3604617974-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
    O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} http://www.co.jefferson.wa.us/imw32o40.cab (Pegasus ImagN' 32-bit (Windowed) ActiveX Control v4.00)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab (SysInfo Class)
    O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{167EE71F-6CC7-46B7-A0E2-31B20AE5FB6D}: DhcpNameServer = 66.1.0.133 66.1.0.132
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AB878B5-3DDE-4223-8E67-BE3399BD5D58}: DhcpNameServer = 66.1.0.132 66.1.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{522F03CF-5BDC-4FF4-804F-E3D71693E953}: DhcpNameServer = 66.1.0.132 66.1.0.133
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61A2EFB2-1DD4-4FF2-929D-17FF40D0898D}: DhcpNameServer = 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6976EE93-CFE0-454A-81B7-32A744813C6E}: DhcpNameServer = 75.75.75.75 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BB2F35C-50D7-48EA-9195-1A0DA72F0D7E}: DhcpNameServer = 66.1.0.132 66.1.0.133
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/02/20 04:13:38 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2009/05/16 11:25:54 | 000,000,091 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/01/29 22:25:07 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/01/29 22:03:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/01/29 21:48:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2014/01/29 21:48:43 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
    [2014/01/29 21:46:14 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/01/29 21:46:14 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/01/29 21:08:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/01/29 21:07:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/01/29 20:36:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/01/29 20:36:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/01/29 20:36:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/01/29 20:35:58 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/01/29 20:35:35 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/01/29 20:29:28 | 005,177,551 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2014/01/29 16:02:45 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\CrashDumps
    [2014/01/29 12:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/01/29 12:27:33 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/29 12:24:50 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/29 12:24:37 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\mbar
    [2014/01/29 10:54:50 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
    [2014/01/29 10:53:42 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\David\Desktop\mbar-1.07.0.1009.exe
    [2014/01/28 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Administrative Tools
    [2014/01/28 11:47:53 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Desktop
    [2014/01/27 15:56:53 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/01/27 15:56:30 | 002,079,232 | ---- | C] (Farbar) -- C:\Users\David\Desktop\FRST64.exe
    [2014/01/26 15:19:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2014/01/26 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2014/01/26 15:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2014/01/26 12:18:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/01/26 12:18:38 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2014/01/26 12:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/01/26 12:18:09 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
    [2014/01/25 16:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2014/01/25 16:31:24 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
    [2014/01/25 16:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2014/01/25 16:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2014/01/25 16:26:58 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2014/01/25 16:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2014/01/25 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2014/01/25 16:24:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2014/01/24 11:56:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\YflPack
    [2014/01/16 10:23:48 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
    [2014/01/16 10:23:48 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
    [2014/01/16 10:23:47 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
    [2014/01/16 10:23:47 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
    [2014/01/16 10:23:46 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
    [2014/01/16 10:23:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
    [2014/01/16 10:22:47 | 001,100,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvspcap64.dll
    [2014/01/16 10:22:47 | 000,982,232 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvspcap.dll
    [2014/01/16 10:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
    [2014/01/16 10:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    [2014/01/16 10:21:57 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\NVIDIA
    [2014/01/16 10:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
    [2014/01/16 10:21:00 | 000,039,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvvad64v.sys
    [2014/01/16 10:21:00 | 000,035,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvaudcap64v.dll
    [2014/01/16 10:21:00 | 000,032,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvaudcap32v.dll
    [2014/01/16 10:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
    [2014/01/15 14:32:55 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
    [2014/01/15 14:32:54 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
    [2014/01/15 14:32:51 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys

    ========== Files - Modified Within 30 Days ==========

    [2014/01/29 22:37:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/01/29 22:26:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/01/29 22:26:29 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/01/29 22:22:53 | 003,906,810 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/01/29 22:22:53 | 000,901,970 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2014/01/29 22:22:53 | 000,875,452 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
    [2014/01/29 22:22:53 | 000,811,844 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/01/29 22:22:53 | 000,552,914 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
    [2014/01/29 22:22:53 | 000,216,712 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2014/01/29 22:22:53 | 000,208,642 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
    [2014/01/29 22:22:53 | 000,176,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/01/29 22:22:53 | 000,176,088 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
    [2014/01/29 22:20:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/01/29 22:18:34 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2014/01/29 22:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/01/29 22:18:17 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
    [2014/01/29 22:10:23 | 000,000,833 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2014/01/29 21:48:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
    [2014/01/29 21:48:43 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\David\Desktop\JRT.exe
    [2014/01/29 21:48:29 | 001,166,132 | ---- | M] () -- C:\Users\David\Desktop\adwcleaner.exe
    [2014/01/29 21:46:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2014/01/29 21:46:14 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2014/01/29 20:29:30 | 005,177,551 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2014/01/29 15:51:19 | 000,637,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/01/29 14:48:58 | 004,382,720 | ---- | M] () -- C:\Users\David\Desktop\RogueKillerX64.exe
    [2014/01/29 14:28:15 | 000,000,468 | ---- | M] () -- C:\Windows\BRWMARK.INI
    [2014/01/29 12:27:33 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/01/29 12:25:34 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2014/01/29 12:14:25 | 000,007,606 | ---- | M] () -- C:\Users\David\AppData\Local\resmon.resmoncfg
    [2014/01/29 10:53:06 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\David\Desktop\mbar-1.07.0.1009.exe
    [2014/01/27 15:53:50 | 002,079,232 | ---- | M] (Farbar) -- C:\Users\David\Desktop\FRST64.exe
    [2014/01/23 15:41:13 | 000,001,152 | ---- | M] () -- C:\Windows\Brpfx04a.ini
    [2014/01/21 14:22:12 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
    [2014/01/17 14:06:02 | 000,002,294 | -H-- | M] () -- C:\Users\David\Documents\Default.rdp
    [2014/01/16 09:58:06 | 003,878,642 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

    ========== Files Created - No Company Name ==========

    [2014/01/29 21:48:29 | 001,166,132 | ---- | C] () -- C:\Users\David\Desktop\adwcleaner.exe
    [2014/01/29 20:36:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/01/29 20:36:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/01/29 20:36:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/01/29 20:36:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/01/29 20:36:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/01/29 10:52:04 | 004,382,720 | ---- | C] () -- C:\Users\David\Desktop\RogueKillerX64.exe
    [2014/01/25 16:25:15 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    [2013/12/05 11:19:41 | 000,011,960 | -H-- | C] () -- C:\Windows\UN080616.INI
    [2013/12/05 11:06:05 | 000,009,506 | -H-- | C] () -- C:\Windows\UN070618.INI
    [2013/12/05 10:57:43 | 000,009,305 | -H-- | C] () -- C:\Windows\UN090430.INI
    [2012/12/22 22:45:10 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx12_ic.ini
    [2012/12/22 22:45:08 | 000,667,280 | ---- | C] () -- C:\Windows\SysWow64\tx12.dll
    [2012/12/22 22:45:08 | 000,000,186 | ---- | C] () -- C:\Windows\SysWow64\Gsw32.exe.config
    [2012/03/14 10:49:34 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
    [2011/09/26 16:25:14 | 000,020,179 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
    [2011/02/19 16:54:04 | 000,007,606 | ---- | C] () -- C:\Users\David\AppData\Local\resmon.resmoncfg
    [2011/02/18 15:44:16 | 000,000,418 | RHS- | C] () -- C:\ProgramData\ntuser.pol

    ========== ZeroAccess Check ==========

    [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/02/20 04:29:49 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Autodesk
    [2011/02/24 22:44:38 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Bitcricket
    [2011/09/26 09:24:58 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\File Property Edit
    [2012/03/14 11:54:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Fujitsu
    [2013/04/23 20:14:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GardenGnomeSoftware
    [2011/02/22 14:48:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
    [2013/11/12 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Indigo Renderer
    [2011/02/19 16:40:47 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\iolo
    [2011/09/26 09:27:36 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IrfanView
    [2012/03/14 12:01:22 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\KnowledgeLake
    [2011/08/01 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Leadertech
    [2011/02/25 11:50:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Opera
    [2012/12/02 18:53:09 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Overlook
    [2011/04/13 11:43:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PC-FAX TX
    [2012/05/09 09:45:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PFU
    [2013/03/10 19:56:19 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Wireshark

    ========== Purity Check ==========

    < End of report >
  25. DDTech

    DDTech Newcomer, in training Topic Starter Posts: 31

    OTL Extras logfile created on: 1/29/2014 10:54:01 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Desktop
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.16428)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 54.44% Memory free
    6.50 Gb Paging File | 4.48 Gb Available in Paging File | 69.03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 269.60 Gb Free Space | 57.90% Space Free | Partition Type: NTFS
    Drive E: | 197.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive F: | 930.91 Gb Total Space | 478.46 Gb Free Space | 51.40% Space Free | Partition Type: NTFS

    Computer Name: 8FMXTC1 | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1877471262-2881997727-3604617974-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
    "C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02CC2366-7BD8-4A37-B218-B9604D1E27BE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{041D8B2E-6587-41A8-86EA-46667DF51D89}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{07EBEE3B-0DFC-4623-87A7-17C716493C4E}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{0E8419AE-6241-41FD-9C9C-5BFA25D44895}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{17B4E75D-30BA-4494-BDA1-9F79519BDD23}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1D9EF6C7-2B84-4F04-9C34-EC5C6EA9C50D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{23594645-478E-4C35-AABF-97C52E9E2D50}" = lport=138 | protocol=17 | dir=in | app=system |
    "{242A52D0-9264-4C85-BD91-EBA3576BCA6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{28275257-E269-4268-860A-090E64F51FD9}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2C93D51E-46D6-465D-9ACF-AC8F303135FD}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{38901344-F851-4C2C-8A4E-E356D983DDAA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3A3BBAC4-274D-45A0-A693-00139C32392F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{3D665698-99BD-4268-B07C-B378E7351E48}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3FBF92DF-FEE7-4A10-8ED3-3B802BD7B064}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{49F4FBAB-F0BF-4C22-8BA8-2E61206F6888}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{4CB0910B-3876-45D7-B410-E7ED9B42619C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{556D29D5-5C1C-4691-888E-0B8F0C00ED13}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
    "{5E05AA47-F831-4E67-8DB0-F70C4E0FDE31}" = rport=137 | protocol=17 | dir=out | app=system |
    "{665A91FF-F627-4C02-A86D-2EF849F6467A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{680DB4B2-3AF4-4BC9-B7AF-F4E629F3DC00}" = rport=138 | protocol=17 | dir=out | app=system |
    "{6DF9F365-5E30-4CBC-8423-4B6B669E196C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
    "{70A8FB62-175F-4160-9A58-68A7FCD31F87}" = rport=80 | protocol=6 | dir=out | name=qb share 2 |
    "{7D4E9D50-9E59-4B5F-837C-2AE0CDD1C28F}" = lport=139 | protocol=6 | dir=in | app=system |
    "{88D954C3-8B23-4AC0-8676-0FD3F6D5E625}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{8AA01CA0-1342-488F-A20E-F27376FF4169}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{9BBA05D9-62B8-4FBF-905C-EE3D7A4161B1}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9DE74398-3630-4C64-AE19-513807CC3394}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
    "{A21A45DE-E6C8-4F6C-AAF3-0B83899A0297}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{AC783F13-8AF0-4808-805D-BC03561BD954}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
    "{B0CF8C76-78E3-41CC-82C9-CF16D1020178}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{BA2A963F-51EA-44E3-A4F2-E6000FF48713}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BFCFFF24-6933-43EB-8432-E71E42A9E4A6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{C4EFA2CE-FA57-4E78-AFEB-C815F32D4FBF}" = lport=80 | protocol=6 | dir=in | name=qb share 1 |
    "{C72680A4-501F-4DFE-87DF-2D275C0CC132}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{CBC54841-3CD5-46FC-B8D4-D2B311B4377A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
    "{D103351C-BE16-4D9D-B44C-BC5E57D009A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{D159E45D-193C-4137-95B7-427039403B5F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{DA72FDAF-DF55-4E3E-A75A-92606D317449}" = lport=137 | protocol=17 | dir=in | app=system |
    "{DD3593A2-7232-48F5-B479-F7DF36FC4293}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
    "{E170E685-4822-412B-88BB-B4388F13C2DE}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{E5C65C38-AC16-4FE2-8CC6-57F9DEDE3C4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E98EA318-8502-4AFD-B674-877216C8EEEC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{F1ECB4F1-2E62-4183-BD14-7352F8BABFDF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{F69A5EE3-2B14-4ED2-88E5-33FE748C5B01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F8B197E2-F6CE-474F-836A-F5FF46F87F20}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FAE0C312-803E-4BD3-A484-7A8B224F6FD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FB1718C3-E492-4FDB-808D-4549C9317549}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FDAA623E-E438-46F7-8545-F97FABB65DE7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0E38BB76-1820-4DF5-A9B4-16FBC3F7118B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{13B21419-2C1E-4BEE-9831-F4764F260B5C}" = protocol=17 | dir=in | app=c:\program files\tftpd64\tftpd64.exe |
    "{16A78B0C-03AB-4EC5-91A0-FF1B67EA935D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{1CCD258C-16DC-4326-933E-DFE5F674B631}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{274CDD62-37D3-4BDB-8B97-3B02179573D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{277171C0-386B-4CCA-A534-34AA48420BB1}" = dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\filemanagement.exe |
    "{2CC21DAE-4A8B-4121-A48F-38059824283E}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
    "{2DDCEDC2-4447-48F2-88E1-7B6495A966F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{2E9A107C-4880-4379-93C6-0ED7DEAB6438}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{41297F81-43D5-4D37-A8B3-E82EA03FD787}" = dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe |
    "{46520493-BF8B-4AB5-B356-CEA7905AD3CE}" = dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe |
    "{4D15776A-36BF-46A1-AFE7-ACA2AC15856A}" = dir=in | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe |
    "{4FFA9FA4-209F-4854-9545-A2525406BB9C}" = dir=out | app=c:\program files (x86)\common files\intuit\quickbooks\qblaunch.exe |
    "{5C1F85BE-48C2-4D35-9969-5A1DE55FF0BB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{62561DB5-A543-411E-A241-83C69B39C469}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{67B27D4F-DDF6-46F7-AEF4-6BF0E5CDE00E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{6F2DAB46-5F72-4F40-97B8-B93C9AC729AB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{744B0A88-C602-42EA-BC72-5E2FD7DF80CD}" = protocol=6 | dir=in | app=c:\program files\tftpd64\tftpd64.exe |
    "{83171514-D867-48B3-AEED-530187518369}" = dir=out | app=c:\program files (x86)\common files\intuit\quickbooks\qbcfmonitorservice.exe |
    "{8B4A0126-CEF9-46F0-8B7C-238A6AE66983}" = dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\qbw32.exe |
    "{8D37D4F6-A526-4650-BDD2-427117740A3E}" = dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbdbmgrn.exe |
    "{8D388ED2-DAEC-401F-A111-57105102191E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{8E5DB05C-D5E6-41D5-89D5-F483CB26C123}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{936D2CC9-04CB-481B-8AB0-34A9666C0595}" = dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\dbmanagerexe.exe |
    "{9AF97F18-B1AB-4CFE-82DD-0D7F35E11224}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{9DE1F6D6-12F6-4298-B9AE-42101EFD4BDA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
    "{A4EE0A63-5087-4DF6-A92B-54B15A5C6B0A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{AEEFBF06-692C-4DD5-BB15-F66FD84DE3C2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B813F04D-4EC0-4711-BB07-D498349C2EFE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BE9C28BA-7B5F-4BAE-A158-072FA9C1EFA2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{C0A6BA25-93BF-43D3-8A67-A63076F25636}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl06d\faxrx.exe |
    "{C5F8A98D-DC4A-43C8-95A7-267014280F9F}" = protocol=6 | dir=out | app=system |
    "{C8BCB4D1-A226-4771-8556-91138A373F33}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{CC7F4110-A79B-48B5-8904-17408B721A04}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{D09E6341-EAB9-4A9F-83CE-9DDED9E7C646}" = dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\filemanagement.exe |
    "{D758ECC6-208A-4F4F-9BCD-10E7D975D6E5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{DADB22E7-CC9D-4378-878F-EEAD60CD9F75}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{DFE7DFD2-7A6F-48AC-BAA9-89ABD6EB28D4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E02A1B0A-2CFE-461B-81C8-06B775637795}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E34A0B5E-6E19-4CB9-A05C-9D5220A68E43}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E3AA7A16-5B84-41FD-BE56-5086BBE915E1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
    "{E40A14F8-2016-46E6-9EEC-A146A4227275}" = dir=in | app=c:\program files (x86)\intuit\quickbooks 2013\qbw32.exe |
    "{E7CDDF91-2B97-4FF6-91BA-92F157D564D6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{EE14FFDA-93E7-4337-93FA-E93CF8D4D194}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F34D123E-2986-4D4F-B1CA-9B3075338A79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F6F979AD-CE8B-4153-89D5-C6CA660B78D1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F9A7A4B6-4FB7-46F9-A43A-33A5F3D262D2}" = dir=out | app=c:\program files (x86)\intuit\quickbooks 2013\dbmanagerexe.exe |
    "TCP Query User{009E39DC-5184-4017-8607-39D3D5B25FB8}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
    "TCP Query User{0B1021B8-B003-4FBC-B9BA-D9265F258F21}C:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
    "TCP Query User{45AAEADA-57F5-4ADD-B5BD-66866762793C}C:\users\David\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\David\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{551D0863-A31A-4746-8E06-1FC764C572EF}C:\program files\nortel\business element manager\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\nortel\business element manager\jre\bin\javaw.exe |
    "TCP Query User{5B2D1D14-2CD5-43CF-8DBE-BD80C89081CE}C:\program files (x86)\nortel\ip softphone 2050\i2050.exe" = protocol=6 | dir=in | app=c:\program files (x86)\nortel\ip softphone 2050\i2050.exe |
    "TCP Query User{87B1DF6F-3723-4A31-A2FB-B4F4B6B81AF0}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
    "TCP Query User{B5C40055-64FC-47F0-8A20-58C2864BC8C9}C:\program files\winhttrack\winhttrack.exe" = protocol=6 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
    "TCP Query User{C52D8096-6BDE-4B10-9183-308E3DAD6089}C:\users\David\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\David\appdata\local\akamai\netsession_win.exe |
    "TCP Query User{DEDD3896-D53B-4FF7-B528-D5028DF206E2}C:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
    "TCP Query User{F12F7F39-F62A-4797-BDE3-9A5A2FF85D16}C:\program files\tftpd64\tftpd64.exe" = protocol=6 | dir=in | app=c:\program files\tftpd64\tftpd64.exe |
    "UDP Query User{118F17E8-3972-4836-BB33-A15D0C9A3652}C:\users\David\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\David\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{386B4415-BAFC-4A04-92D1-43BA0BD1497B}C:\program files (x86)\nortel\ip softphone 2050\i2050.exe" = protocol=17 | dir=in | app=c:\program files (x86)\nortel\ip softphone 2050\i2050.exe |
    "UDP Query User{417564E8-0C7A-470C-A57F-5C209A7FBD4D}C:\program files\winhttrack\winhttrack.exe" = protocol=17 | dir=in | app=c:\program files\winhttrack\winhttrack.exe |
    "UDP Query User{60D088A6-DA8E-4A2A-AEDE-20CDC2195B2B}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
    "UDP Query User{6872AF37-2DA6-4E20-BDF9-54F4CC959B13}C:\program files\nortel\business element manager\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\nortel\business element manager\jre\bin\javaw.exe |
    "UDP Query User{78734C51-CF0D-4435-990D-338FA96A54A2}C:\program files\tftpd64\tftpd64.exe" = protocol=17 | dir=in | app=c:\program files\tftpd64\tftpd64.exe |
    "UDP Query User{856F9C7F-A245-43D8-96D3-D89A29D08008}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
    "UDP Query User{B2D48571-A831-40A8-919E-535AC426C0F9}C:\users\David\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\David\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{C30093B5-BBC6-450A-ADF3-BC9AA1BBC2B0}C:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |
    "UDP Query User{FFB5E64E-2BE3-4B15-B81F-0A9DC128BAEC}C:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\plugins\su_podium_v2\programs\oopr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
    "{08C3441C-4FAF-48D3-A551-70DD6031734F}" = Microsoft Baseline Security Analyzer 2.2
    "{0D924CB2-2EA4-4044-BAF7-770202D6BD0D}" = iTunes
    "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP100_series" = Canon iP100 series
    "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
    "{1AAF6669-31B2-3840-9346-F0F653840FD1}" = Microsoft .NET Framework 4.5.1 (JPN)
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23F8B360-3E60-3B05-8330-19FD4F9F4525}" = Microsoft .NET Framework 4.5.1 (RUS)
    "{2738C4AA-420E-4E13-ADEF-B5AB250E3EF1}" = Microsoft SQL Server 2008 Native Client
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5783F2D7-9028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2011
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
    "{6292D514-17A4-403F-98F9-E150F10C043D}" = Microsoft SQL Server 2008 Setup Support Files
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041" = Microsoft .NET Framework 4.5.1 (日本語)
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049" = Microsoft .NET Framework 4.5.1 (Русский)
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082" = Microsoft .NET Framework 4.5.1 (español)
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.1
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 10.11.15
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.19
    "{B821CDAA-34DE-46FD-87C9-E6EE7158DB5D}" = Microsoft Image Composite Editor
    "{BA5C0CC3-421B-4AE5-9370-1650D1941F30}" = Adobe PDF iFilter 11 for 64-bit platforms
    "{BC79E558-E676-401F-A5BB-80FAE971A63B}" = Beceem_5.2.6.8_P3_SMSI_64Bit
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D6E5E5FE-83CF-3CFC-AF7A-11F05613705B}" = Microsoft .NET Framework 4.5.1 (ESN)
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}" = Apple Mobile Device Support


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.