TechSpot

Slow internet connection

By Montel2
Dec 8, 2014
  1. Hi,

    within a short time of "sharing" a social media website posting, I noticed my browser taking longer and longer to find web sites. A few days later I could no longer stream music from a radio station. what got my attention was when I my laptop off and closed, yet the power and disk drive LED lights indicated activity. I went to my event log, and while researching "blindDial" via google, I came across this web site. I tend to be a "do it yourself" person, but this is over my head and the more I read the posts here, the better I felt about asking for your help.
     
  2. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Here is my malwarebytes log.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/8/2014
    Scan Time: 3:36:49 PM
    Logfile: Mbam-log_201408_1626.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2014.12.08.08
    Rootkit Database: v2014.12.08.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Linford

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 510813
    Time Elapsed: 48 min, 48 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 2
    PUP.Optional.AZLyrics.A, C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage, , [5c0c69f77507af87735daa9ff1121ee2],
    PUP.Optional.AZLyrics.A, C:\Users\Geoff\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal, , [1751a0c00d6fa096a52b4207867dbb45],

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  3. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    DDS Text Log:


    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2011 5:38:59 PM
    System Uptime: 12/8/2014 1:34:54 PM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3627
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 1600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 32.046 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.943 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP Photosmart D110
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: HP Photosmart D110
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP654: 11/10/2014 7:25:18 PM - Windows Update
    RP655: 11/11/2014 10:41:54 PM - Windows Update
    RP656: 11/15/2014 5:16:51 PM - Windows Update
    RP657: 11/16/2014 9:09:37 AM - Scheduled Checkpoint
    RP658: 11/18/2014 7:20:49 PM - Removed SUPERAntiSpyware Free Edition
    RP659: 11/18/2014 7:22:29 PM - Windows Update
    RP660: 11/18/2014 7:39:08 PM - Windows Update
    RP661: 11/18/2014 8:02:44 PM - Device Driver Package Install: BITDEFENDER S.R.L. System devices
    RP662: 11/22/2014 10:09:20 PM - Windows Update
    RP663: 11/26/2014 2:14:37 PM - Windows Update
    RP664: 11/30/2014 12:39:38 PM - Windows Update
    RP665: 12/1/2014 12:31:26 PM - Scheduled Checkpoint
    RP666: 12/2/2014 10:26:29 AM - Scheduled Checkpoint
    RP667: 12/3/2014 1:00:05 AM - Scheduled Checkpoint
    RP668: 12/3/2014 6:52:14 PM - Scheduled Checkpoint
    RP669: 12/5/2014 1:57:14 AM - Windows Update
    RP670: 12/6/2014 1:00:40 AM - Scheduled Checkpoint
    RP671: 12/6/2014 9:45:20 PM - Scheduled Checkpoint
    RP672: 12/7/2014 5:03:00 PM - Installed HP Support Solutions Framework
    RP673: 12/7/2014 8:12:27 PM - 07_Dec_14_2012Hrs
    RP674: 12/8/2014 10:16:38 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    ActivClient CAC 6.1 x64
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader X (10.1.12)
    Amazing Slow Downer (remove only)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bitdefender Antivirus Free Edition
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    CameraHelperMsi
    CCleaner
    Citrix Online Launcher
    Citrix XenApp Web Plugin
    ConvertHelper 2.2
    D110
    D3DX10
    Destinations
    DeviceDiscovery
    erLT
    ESET Online Scanner v3
    Free M4a to MP3 Converter 7.2
    GIMP 2.6.11
    Google Chrome
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.0.0
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP MediaSmart Music/Photo/Video
    HP MediaSmart Webcam
    HP Photo Creations
    HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
    HP Product Detection
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Support Assistant
    HP Support Solutions Framework
    HP Update
    HP Wireless Assistant
    HPAppStudio
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 8 Update 25
    Java Auto Updater
    LightScribe System Software
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 2.0.4.1028
    MarketResearch
    Metro7 version 1.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Fix it Center
    Microsoft Lync Web App Plug-in
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    MotoCast
    MotoHelper MergeModules
    Motorola Device Manager
    Motorola Device Software Update
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 6.3.0
    Mozilla Firefox 33.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Network64
    PdaNet+ for Android 4.12
    ProtectSmart Hard Drive Protection
    PS_AIO_07_D110_SW_Min
    QuickTime 7
    QuickTransfer
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2899527) 32-Bit Edition
    Segoe UI
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 6.11
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Synaptics Pointing Device Driver
    TerraExplorer
    Toolbox
    TrayApp
    Tweaking.com - Simple System Tweaker
    Tweaking.com - Windows Repair (All in One)
    Universal Adb Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebReg
    Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/8/2014 9:39:18 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/8/2014 9:29:23 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    12/8/2014 9:29:23 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    12/8/2014 8:53:22 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/8/2014 4:27:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/8/2014 2:49:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    12/8/2014 2:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    12/8/2014 12:08:43 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 11:13:49 AM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.
    12/8/2014 10:45:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdftdif Beep DfsC gzflt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx trufos Wanarpv6 ws2ifsl
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:44:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/8/2014 10:44:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/8/2014 1:16:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/8/2014 1:13:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdftdif Beep gzflt spldr trufos Wanarpv6
    12/8/2014 1:13:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 1:13:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/8/2014 1:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/8/2014 1:13:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/8/2014 1:12:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    12/7/2014 8:06:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} to the user Linford-PC\Linford SID (S-1-5-21-76335557-1567907971-1813161301-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/7/2014 6:39:04 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    12/7/2014 5:17:58 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2014 8:21:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gzserv service.
    12/4/2014 8:12:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
    12/4/2014 8:12:25 PM, Error: Service Control Manager [7000] - The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/4/2014 8:10:55 PM, Error: EventLog [6008] - The previous system shutdown at 8:09:26 PM on 12/4/2014 was unexpected.
    12/4/2014 12:04:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    12/4/2014 12:04:49 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/3/2014 2:07:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdftdif Beep gzflt SASDIFSV SASKUTIL spldr trufos Wanarpv6
    12/3/2014 12:45:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdftdif Beep DfsC gzflt NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx trufos Wanarpv6 ws2ifsl
    12/3/2014 11:30:56 AM, Error: EventLog [6008] - The previous system shutdown at 11:28:38 AM on 12/3/2014 was unexpected.
    12/3/2014 11:28:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    12/2/2014 11:50:00 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/2/2014 11:18:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    12/2/2014 11:18:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Motorola Device Manager service.
    12/2/2014 11:15:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpsrv service.
    .
    ==== End Of File ===========================
     
  4. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    DDS Attach file:

    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2011 5:38:59 PM
    System Uptime: 12/8/2014 1:34:54 PM (3 hours ago)
    .
    Motherboard: Hewlett-Packard | | 3627
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | CPU | 1600/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 32.046 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.943 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: HP Photosmart D110
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Hewlett-Packard
    Name: HP Photosmart D110
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP654: 11/10/2014 7:25:18 PM - Windows Update
    RP655: 11/11/2014 10:41:54 PM - Windows Update
    RP656: 11/15/2014 5:16:51 PM - Windows Update
    RP657: 11/16/2014 9:09:37 AM - Scheduled Checkpoint
    RP658: 11/18/2014 7:20:49 PM - Removed SUPERAntiSpyware Free Edition
    RP659: 11/18/2014 7:22:29 PM - Windows Update
    RP660: 11/18/2014 7:39:08 PM - Windows Update
    RP661: 11/18/2014 8:02:44 PM - Device Driver Package Install: BITDEFENDER S.R.L. System devices
    RP662: 11/22/2014 10:09:20 PM - Windows Update
    RP663: 11/26/2014 2:14:37 PM - Windows Update
    RP664: 11/30/2014 12:39:38 PM - Windows Update
    RP665: 12/1/2014 12:31:26 PM - Scheduled Checkpoint
    RP666: 12/2/2014 10:26:29 AM - Scheduled Checkpoint
    RP667: 12/3/2014 1:00:05 AM - Scheduled Checkpoint
    RP668: 12/3/2014 6:52:14 PM - Scheduled Checkpoint
    RP669: 12/5/2014 1:57:14 AM - Windows Update
    RP670: 12/6/2014 1:00:40 AM - Scheduled Checkpoint
    RP671: 12/6/2014 9:45:20 PM - Scheduled Checkpoint
    RP672: 12/7/2014 5:03:00 PM - Installed HP Support Solutions Framework
    RP673: 12/7/2014 8:12:27 PM - 07_Dec_14_2012Hrs
    RP674: 12/8/2014 10:16:38 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    64 Bit HP CIO Components Installer
    ActivClient CAC 6.1 x64
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader X (10.1.12)
    Amazing Slow Downer (remove only)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bitdefender Antivirus Free Edition
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    BufferChm
    CameraHelperMsi
    CCleaner
    Citrix Online Launcher
    Citrix XenApp Web Plugin
    ConvertHelper 2.2
    D110
    D3DX10
    Destinations
    DeviceDiscovery
    erLT
    ESET Online Scanner v3
    Free M4a to MP3 Converter 7.2
    GIMP 2.6.11
    Google Chrome
    GPBaseService2
    Hewlett-Packard ACLM.NET v1.1.0.0
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP MediaSmart Music/Photo/Video
    HP MediaSmart Webcam
    HP Photo Creations
    HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
    HP Product Detection
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Support Assistant
    HP Support Solutions Framework
    HP Update
    HP Wireless Assistant
    HPAppStudio
    HPDiagnosticAlert
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    iTunes
    Java 8 Update 25
    Java Auto Updater
    LightScribe System Software
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 2.0.4.1028
    MarketResearch
    Metro7 version 1.0
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Easy Assist v2
    Microsoft Fix it Center
    Microsoft Lync Web App Plug-in
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    MotoCast
    MotoHelper MergeModules
    Motorola Device Manager
    Motorola Device Software Update
    MOTOROLA MEDIA LINK
    Motorola Mobile Drivers Installation 6.3.0
    Mozilla Firefox 33.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Network64
    PdaNet+ for Android 4.12
    ProtectSmart Hard Drive Protection
    PS_AIO_07_D110_SW_Min
    QuickTime 7
    QuickTransfer
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista
    Realtek 8169 8168 8101E 8102E Ethernet Driver
    Realtek USB 2.0 Card Reader
    Safari
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2899526) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2899527) 32-Bit Edition
    Segoe UI
    Shop for HP Supplies
    Skype Click to Call
    Skype™ 6.11
    SmartWebPrinting
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Synaptics Pointing Device Driver
    TerraExplorer
    Toolbox
    TrayApp
    Tweaking.com - Simple System Tweaker
    Tweaking.com - Windows Repair (All in One)
    Universal Adb Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899525) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    WebReg
    Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/8/2014 9:39:18 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    12/8/2014 9:29:23 AM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).
    12/8/2014 9:29:23 AM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s).
    12/8/2014 8:53:22 AM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    12/8/2014 4:27:41 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/8/2014 2:49:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    12/8/2014 2:48:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
    12/8/2014 12:08:43 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 11:13:49 AM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.
    12/8/2014 10:45:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdftdif Beep DfsC gzflt NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx trufos Wanarpv6 ws2ifsl
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:45:18 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    12/8/2014 10:44:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/8/2014 10:44:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/8/2014 1:37:20 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/8/2014 1:16:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    12/8/2014 1:13:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdftdif Beep gzflt spldr trufos Wanarpv6
    12/8/2014 1:13:43 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/8/2014 1:13:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/8/2014 1:13:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/8/2014 1:13:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/8/2014 1:12:53 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21
    12/7/2014 8:06:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} to the user Linford-PC\Linford SID (S-1-5-21-76335557-1567907971-1813161301-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    12/7/2014 6:39:04 PM, Error: Service Control Manager [7034] - The UMVPFSrv service terminated unexpectedly. It has done this 1 time(s).
    12/7/2014 5:17:58 PM, Error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    12/4/2014 8:21:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the gzserv service.
    12/4/2014 8:12:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
    12/4/2014 8:12:25 PM, Error: Service Control Manager [7000] - The HP Support Solutions Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/4/2014 8:10:55 PM, Error: EventLog [6008] - The previous system shutdown at 8:09:26 PM on 12/4/2014 was unexpected.
    12/4/2014 12:04:49 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    12/4/2014 12:04:49 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/3/2014 2:07:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avc3 bdftdif Beep gzflt SASDIFSV SASKUTIL spldr trufos Wanarpv6
    12/3/2014 12:45:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avc3 bdftdif Beep DfsC gzflt NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx trufos Wanarpv6 ws2ifsl
    12/3/2014 11:30:56 AM, Error: EventLog [6008] - The previous system shutdown at 11:28:38 AM on 12/3/2014 was unexpected.
    12/3/2014 11:28:38 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
    12/2/2014 11:50:00 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    12/2/2014 11:18:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
    12/2/2014 11:18:00 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Motorola Device Manager service.
    12/2/2014 11:15:44 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hpsrv service.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Welcome aboard [​IMG]


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    You posted Attach.txt from DDS twice.
    I still need DDS.txt log.
     
  6. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Sorry about that, thank you for being willing to assist me, the proper DDS.txt log is below:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16592 BrowserJavaVersion: 11.25.2
    Run by Linford at 16:28:38 on 2014-12-08
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.1427 [GMT -5:00]
    .
    AV: Bitdefender Antivirus Free Edition *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Bitdefender Antivirus Free Edition *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\STacSV64.exe
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Users\Linford\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Linford\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Linford\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    mWinlogon: Userinit = userinit.exe,
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
    EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - <orphaned>
    uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    uPolicies-Explorer: NoDrives = dword:0
    uPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - <no file>
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{A6B3DB85-6F58-4ADB-8943-5C07A3FC4D3E} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{EE474FD0-7ED4-43E2-B61D-665786517434} : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - <no file>
    Notify: SDWinLogon - SDWinLogon.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = about:blank
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
    x64-Run: [SysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe
    x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoDrives = dword:0
    x64-mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
    x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    x64-mPolicies-System: ConsentPromptBehaviorUser = dword:3
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.rr.com/
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Linford\AppData\Local\Citrix\Plugins\104\npappdetector.dll
    FF - plugin: C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: C:\Users\Linford\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll
    FF - ExtSQL: !HIDDEN! 2011-12-17 15:51; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extentions.y2layers.installId - dac332c4-2917-4d5d-bd56-04fb8d5a019e
    FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,BestVideoDownloader,BestVideoDownloader,
    FF - user.js: security.csp.enable - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2014-11-18 718840]
    R1 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2014-11-18 148696]
    R2 accoca;ActivClient Middleware Service;C:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-6-25 241456]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_c7d6edb7\AESTSr64.exe [2013-7-26 89600]
    R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 gzserv;Bitdefender Antivirus Free Edition;C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [2014-11-18 69368]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-13 30520]
    R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2014-9-15 89352]
    R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
    R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-6-15 65657]
    R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-12-5 1738168]
    R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-12-5 2088408]
    R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-12-5 171928]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
    R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2014-11-18 593144]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-9-4 64000]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2008-9-21 126464]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-7 129752]
    R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2013-11-17 15360]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2013-3-20 6144]
    S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-6-20 57024]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-8-13 90776]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;QuickCam Pro for Notebooks(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2011-6-13 343856]
    S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\System32\drivers\motoandroid.sys [2013-3-26 32768]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2013-3-19 23552]
    S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2013-3-19 27648]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    .
    =============== File Associations ===============
    .
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2014-12-08 20:36:45 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-08 19:46:49 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
    2014-12-08 19:34:24 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-12-08 18:49:24 320936 ----a-w- C:\Windows\System32\javaws.exe
    2014-12-08 18:49:24 191400 ----a-w- C:\Windows\System32\javaw.exe
    2014-12-08 18:49:24 190888 ----a-w- C:\Windows\System32\java.exe
    2014-12-05 01:41:30 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
    2014-11-26 20:03:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-11-26 20:03:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-11-21 11:14:18 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-11-21 11:14:12 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-11-21 11:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-12 03:43:28 103374192 ----a-w- C:\Windows\System32\mrt.exe
    2014-11-04 19:30:58 275080 ------w- C:\Windows\System32\MpSigStub.exe
    2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
    2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
    2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
    2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
    2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
    2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
    2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
    2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
    2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
    2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
    2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
    2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
    2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
    2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
    2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
    2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
    2014-10-18 01:08:10 564224 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-18 00:46:22 847360 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-12 23:52:40 2782208 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-10 01:10:24 548352 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-10 01:09:30 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-10 01:09:23 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-10 01:01:46 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-10 01:00:34 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-09 23:53:20 619520 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-09 23:22:16 619520 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-03 01:18:20 274432 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:17:16 396800 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:17:16 115712 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-10-03 01:03:12 313344 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 01:02:20 201728 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 01:01:59 474624 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 01:01:59 446976 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-02 23:49:01 88576 ----a-w- C:\Windows\SysWow64\audiodg.exe
    2014-10-02 18:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2014-10-02 18:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2014-09-19 00:50:45 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
    2014-09-19 00:45:00 347136 ----a-w- C:\Windows\System32\schannel.dll
    .
    ============= FINISH: 16:29:31.77 ===============
     
  7. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  8. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Will do.
     
  9. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    I downloaded RogueKiller and immediately upon opening the program I got a warning that said "this application has failed to start because wbemcomn.dll was not found. Re-installing the application may fix this problem. I noticed the browser was open, so I closed it and did a second run with the same results. Both logs are posted below:

    Scan#1:
    RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Linford [Administrator]
    Mode : Scan -- Date : 12/08/2014 22:13:24

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-76335557-1567907971-1813161301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-76335557-1567907971-1813161301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 44 (Driver: Not loaded [0xc000036b]) ¤¤¤
    [IAT:Inl] (firefox.exe) ntdll.dll - NtOpenFile : Unknown @ 0x7514079f (jmp 0xfffffffffe039809|jmp 0xffffffffffffd57a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtSetValueKey : Unknown @ 0x7514079f (jmp 0xfffffffffe039cb9|jmp 0xffffffffffffcc92|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtSetSystemInformation : Unknown @ 0x7514079f (jmp 0xfffffffffe037675|jmp 0xffffffffffffda3a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtOpenProcess : Unknown @ 0x7514079f (jmp 0xfffffffffe038641|jmp 0xffffffffffffe87a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtCreateSection : Unknown @ 0x7514079f (jmp 0xfffffffffe039d99|jmp 0xffffffffffffcdc2|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtSetInformationProcess : Unknown @ 0x7514079f (jmp 0xfffffffffe039441|jmp 0xffffffffffffdb6a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtOpenSection : Unknown @ 0x7514079f (jmp 0xfffffffffe039ec9|jmp 0xffffffffffffce5a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtMapViewOfSection : Unknown @ 0x7514079f (jmp 0xfffffffffe037ef1|jmp 0xffffffffffffef9a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtUnmapViewOfSection : Unknown @ 0x7514079f (jmp 0xfffffffffe037f59|jmp 0xffffffffffffef02|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtDuplicateObject : Unknown @ 0x7514079f (jmp 0xfffffffffe038561|jmp 0xffffffffffffe74a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - RtlCreateProcessParametersEx : Unknown @ 0x7514079f (jmp 0xfffffffffe03b7cd|jmp 0xffffffffffffddca|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtWriteVirtualMemory : Unknown @ 0x7514079f (jmp 0xfffffffffe038331|jmp 0xffffffffffffe9aa|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtTerminateProcess : Unknown @ 0x7514079f (jmp 0xfffffffffe039229|jmp 0xffffffffffffdc02|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtCreateMutant : Unknown @ 0x7514079f (jmp 0xfffffffffe039489|jmp 0xffffffffffffcef2|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtSetContextThread : Unknown @ 0x7514079f (jmp 0xfffffffffe036a25|jmp 0xffffffffffffe912|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtSuspendThread : Unknown @ 0x7514079f (jmp 0xfffffffffe036945|jmp 0xffffffffffffe61a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtQueueApcThread : Unknown @ 0x7514079f (jmp 0xfffffffffe0383f1|jmp 0xffffffffffffe7e2|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtCreateThreadEx : Unknown @ 0x7514079f (jmp 0xfffffffffe0375e9|jmp 0xffffffffffffeca2|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtProtectVirtualMemory : Unknown @ 0x7514079f (jmp 0xfffffffffe039979|jmp 0xffffffffffffd152|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - CreateToolhelp32Snapshot : Unknown @ 0x7514079f (jmp 0xfffffffffeb60e0e|jmp 0xffffffffffffe6b2|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - CreateThread : Unknown @ 0x7514079f (jmp 0xfffffffffebd9ddf|jmp 0xffffffffffffe452|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - VirtualProtectEx : Unknown @ 0x7514079f (jmp 0xfffffffffebda6e3|jmp 0xffffffffffffd1ea|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - VirtualProtect : Unknown @ 0x7514079f (jmp 0xfffffffffebe252d|jmp 0xffffffffffffd282|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - HeapCreate : Unknown @ 0x7514079f (jmp 0xfffffffffebdfdfe|jmp 0xffffffffffffd31a|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - WriteProcessMemory : Unknown @ 0x7514079f (jmp 0xfffffffffebe14f5|jmp 0xffffffffffffe3ba|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtVdmControl : Unknown @ 0x7514079f (jmp 0xfffffffffe03750d|jmp 0xffffffffffffd90a|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - CreateProcessInternalW : Unknown @ 0x7514079f (jmp 0xfffffffffebc49ca|jmp 0xffffffffffffea42|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - GetMessageA : Unknown @ 0x7514079f (jmp 0xfffffffffec9d178|jmp 0xffffffffffffd7da|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - PostMessageW : Unknown @ 0x7514079f (jmp 0xfffffffffeca92e1|jmp 0xffffffffffffd612|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - PostMessageA : Unknown @ 0x7514079f (jmp 0xfffffffffeca2911|jmp 0xffffffffffffd6aa|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - CloseServiceHandle : Unknown @ 0x7514079f (jmp 0xffffffffffeca47c|jmp 0xffffffffffffde62|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - OpenServiceW : Unknown @ 0x7514079f (jmp 0xffffffffffec9fa5|jmp 0xffffffffffffe28a|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - SetWindowsHookExW : Unknown @ 0x7514079f (jmp 0xfffffffffeca13df|jmp 0xffffffffffffedd2|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - GetMessageW : Unknown @ 0x7514079f (jmp 0xfffffffffec9d00a|jmp 0xffffffffffffd742|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - CreateServiceA : Unknown @ 0x7514079f (jmp 0xffffffffffe6b5b0|jmp 0xffffffffffffdd32|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - ChangeServiceConfigA : Unknown @ 0x7514079f (jmp 0xffffffffffe6b818|jmp 0xffffffffffffdf92|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - OpenServiceA : Unknown @ 0x7514079f (jmp 0xffffffffffecf3a4|jmp 0xffffffffffffe322|call 0x1f7)
    [IAT:Inl] (firefox.exe) ntdll.dll - NtLoadDriver : Unknown @ 0x7514079f (jmp 0xfffffffffe0382e1|jmp 0xffffffffffffdad2|call 0x1f7)
    [IAT:Inl] (firefox.exe) KERNEL32.dll - CreateRemoteThread : Unknown @ 0x7514079f (jmp 0xfffffffffebd94d0|jmp 0xffffffffffffed3a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - ChangeServiceConfigW : Unknown @ 0x7514079f (jmp 0xffffffffffe6b708|jmp 0xffffffffffffdefa|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - ControlService : Unknown @ 0x7514079f (jmp 0xffffffffffea8509|jmp 0xffffffffffffe0c2|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - CreateServiceW : Unknown @ 0x7514079f (jmp 0xffffffffffea8a35|jmp 0xffffffffffffdc9a|call 0x1f7)
    [IAT:Inl] (firefox.exe) ADVAPI32.dll - DeleteService : Unknown @ 0x7514079f (jmp 0xffffffffffea84db|jmp 0xffffffffffffe02a|call 0x1f7)
    [IAT:Inl] (firefox.exe) USER32.dll - SetWinEventHook : Unknown @ 0x7514079f (jmp 0xfffffffffec8bb5b|jmp 0xffffffffffffe4ea|call 0x1f7)

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] acrt07sy.default : user_pref("browser.startup.homepage", "http://www.twcc.com/"); -> Found

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] fbcad29b7c7a0d27a94065438390ee47
    [BSP] ec1b0a4346ca50fced1d504bb503f2ee : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 292472 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598984704 | Size: 12769 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_06192014_165611.log - RKreport_DEL_06192014_170357.log - RKreport_DEL_06202014_221704.log - RKreport_DEL_12082014_151708.log
    RKreport_SCN_06192014_165519.log - RKreport_SCN_06192014_170137.log - RKreport_SCN_06202014_220713.log - RKreport_SCN_12082014_145547.log
    RKreport_SCN_12082014_152103.log

    Scan#2:
    RogueKiller V10.0.9.0 [Dec 8 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Linford [Administrator]
    Mode : Delete -- Date : 12/08/2014 22:24:42

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 2 ¤¤¤
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-76335557-1567907971-1813161301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-76335557-1567907971-1813161301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : localhost:8080 -> ERROR [2]

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] acrt07sy.default : user_pref("browser.startup.homepage", "http://www.twcc.com/"); -> Replaced (about:home)

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] fbcad29b7c7a0d27a94065438390ee47
    [BSP] ec1b0a4346ca50fced1d504bb503f2ee : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 292472 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 598984704 | Size: 12769 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_06192014_165611.log - RKreport_DEL_06192014_170357.log - RKreport_DEL_06202014_221704.log - RKreport_DEL_12082014_151708.log
    RKreport_SCN_06192014_165519.log - RKreport_SCN_06192014_170137.log - RKreport_SCN_06202014_220713.log - RKreport_SCN_12082014_145547.log
    RKreport_SCN_12082014_152103.log - RKreport_SCN_12082014_221324.log - RKreport_SCN_12082014_221729.log - RKreport_SCN_12082014_222408.log
     
  10. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    I am unable to create a system restore point. When I checked the box for the drive of the system restore point I got a warning pop up- "Unable to create restore point due to catastrophic failure" (0x8000FFFF)". successive attempts results in the window hanging up.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Skip restore point.
     
  12. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    I skipped the restore point, ran Malwarebytes Anti-Rootkit and it said congratulations, nothing detected.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  14. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Hi,
    Combo fix has been running for almost twelve hours, (I fell asleep). The screen says "deleting files:" and it has only deleted one file- "c:\windows\wininit.INI"

    Let it run, or close it?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,899   +344

  16. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    I tried, the computer will not allow it to create restore points in safe mode and it stalls out in normal mode regardless of using Rkill beforehand. Unable to create restore points under any circumstances.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  18. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Here are the logs for ADW and JRT:

    # AdwCleaner v4.105 - Report created 10/12/2014 at 13:16:19
    # Updated 08/12/2014 by Xplode
    # Database : 2014-12-08.2 [Local]
    # Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # Username : Linford - LINFORD-PC
    # Running from : C:\Users\Linford\Desktop\adwcleaner_4.105.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\Uniblue
    [!] Folder Deleted : C:\ProgramData\Uniblue\DriverScanner
    [!] Folder Deleted : C:\Users\Geoff\AppData\LocalLow\SimplyTech
    [!] Folder Deleted : C:\Users\Linford\AppData\Local\eSupport.com
    [!] Folder Deleted : C:\Users\Linford\AppData\Local\PackageAware
    [!] Folder Deleted : C:\Users\Linford\AppData\LocalLow\HPAppData
    [!] Folder Deleted : C:\Users\Linford\AppData\Roaming\0D0S1L2Z1P1B
    [!] Folder Deleted : C:\Users\Linford\AppData\Roaming\DigitalSites
    [!] Folder Deleted : C:\Users\Linford\AppData\Roaming\HPAppData
    File Deleted : C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default\searchplugins\bingp.xml
    File Deleted : C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\w2z074w4.default-1393627998171\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Extractor Packages

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16599


    -\\ Mozilla Firefox v33.1 (x86 en-US)

    [acrt07sy.default\prefs.js] - Line Deleted : user_pref("0E9A6913-3CC7-4511-BE2D-424E9F8A8EF0.license", "M2iNThT%2BaaB52q%2BoEpowgBSI8o6deoaCi7NfHKJfGjY6CrmCCbRlBemnUeXCf31OjbsMl3mSSBIi9A2h%2FcXDeBX%2FtJiZ0q4TuL7aFNKD37iDJ%2BgQZUdbOkKfRZi4QyH1mxS[...]

    -\\ Google Chrome v


    *************************

    AdwCleaner[R0].txt - [4191 octets] - [10/12/2014 11:29:30]
    AdwCleaner[R1].txt - [3027 octets] - [10/12/2014 13:10:27]
    AdwCleaner[S0].txt - [2893 octets] - [10/12/2014 13:16:19]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2953 octets] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows (TM) Vista Home Premium x64
    Ran by Linford on Wed 12/10/2014 at 13:23:04.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Failed to delete: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Failed to delete: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Linford\AppData\Roaming\mozilla\firefox\profiles\acrt07sy.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 12/10/2014 at 13:32:12.50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  19. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Farbar log Part one:


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-12-2014
    Ran by Linford (administrator) on LINFORD-PC on 10-12-2014 13:40:50
    Running from C:\Users\Linford\Desktop
    Loaded Profile: Linford (Available profiles: Linford & Geoff & Khari & Kemba & Trini)
    Platform: Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
    (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
    (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
    (Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
    (Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    () C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    (Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    (ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    (Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
    HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [370992 2007-06-25] (ActivIdentity)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [WirelessAssistant] => C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemRoot%\Fonts\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemDrive%\$Recycle.Bin\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Skype\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Package Cache\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Microsoft\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Adobe\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Windows\Start Menu\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemDrive%\Users\Public\Desktop\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\Sun\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\Downloads\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Windows\Recent\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\temp\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\* <====== ATTENTION
    HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
    HKU\S-1-5-21-76335557-1567907971-1813161301-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    HKU\S-1-5-21-76335557-1567907971-1813161301-1000\...\Policies\Explorer: [NoInstrumentation] 1
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
    ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\Windows\System32\WPDShServiceObj.dll (Microsoft Corporation)
    SSODL-x32: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\Windows\SysWOW64\WPDShServiceObj.dll (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-76335557-1567907971-1813161301-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-21-76335557-1567907971-1813161301-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-76335557-1567907971-1813161301-1000 -> DefaultScope {AB64C8D8-16F0-46EE-B658-1EEDB17B7E48} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-76335557-1567907971-1813161301-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-76335557-1567907971-1813161301-1000 -> {7E19B4F4-8D4F-471E-9791-AA9C1FA23630} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    SearchScopes: HKU\S-1-5-21-76335557-1567907971-1813161301-1000 -> {AB64C8D8-16F0-46EE-B658-1EEDB17B7E48} URL = http://www.bing.com/search?FORM=U270DF&PC=U270&q={searchTerms}&src=IE-SearchBox
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
    BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    Handler-x32: skyline - {3a4f9195-65a8-11d5-85c1-0001023952c1} - c:\Users\Geoff\AppData\Roaming\Skyline\TerraExplorer\TerraExplorerX.dll (Skyline Software Systems Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default
    FF SearchEngineOrder.3: Bing
    FF Homepage: hxxp://www.msn.com/en-us/?pc=U270&ocid=U270DHP
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U270DF&PC=U270&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-76335557-1567907971-1813161301-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Linford\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKU\S-1-5-21-76335557-1567907971-1813161301-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\confmgr.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\npicaN.dll ()
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\Linford\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
    FF Extension: WOT - C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-12-09]
    FF Extension: Bitdefender QuickScan - C:\Users\Linford\AppData\Roaming\Mozilla\Firefox\Profiles\acrt07sy.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-11-18]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-11-12]
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-12-12]
    FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-17]
    FF HKU\S-1-5-21-76335557-1567907971-1813161301-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]

    Chrome:
    =======
    CHR Profile: C:\Users\Linford\AppData\Local\Google\Chrome\User Data\Default
    CHR StartMenuInternet: Google Chrome - C:\Users\Geoff\AppData\Local\Google\Chrome\Application\chrome.exe

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 accoca; C:\Program Files\ActivIdentity\ActivClient\accoca.exe [241456 2007-06-25] (ActivIdentity)
    R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
    R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
    R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
    S3 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-06-17] (Hewlett-Packard Company) [File not signed]
    R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [41984 2008-01-20] (Microsoft Corporation)
    S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-20] (Microsoft Corporation)
    S4 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
    S2 SDRSVC; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    S2 SDRSVC; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
    S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
    R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-06-19] (Emsisoft GmbH)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
    R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
    U5 avchv; C:\Windows\System32\Drivers\avchv.sys [0 2014-11-18] () [File not signed]
    R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
    R1 bdftdif; C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys [138920 2013-04-17] (Bitdefender SRL)
    S1 Beep; No ImagePath
    S3 cleanhlp; C:\EEK\RUN\cleanhlp64.sys [57024 2014-06-19] (Emsisoft GmbH)
    S3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192512 2008-01-20] (Intel Corporation)
    R3 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-09] ()
    R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
    S3 USBCCID; C:\Windows\System32\DRIVERS\usbccid.sys [38400 2009-04-11] (Microsoft Corporation)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 NTPASp50a64; System32\Drivers\NTPASp50a64.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  20. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Farbar Log Part Two:

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-10 13:40 - 2014-12-10 13:41 - 00021091 _____ () C:\Users\Linford\Desktop\FRST.txt
    2014-12-10 13:32 - 2014-12-10 13:32 - 00001361 _____ () C:\Users\Linford\Desktop\JRT.txt
    2014-12-10 13:06 - 2014-12-10 13:06 - 00277744 _____ () C:\Windows\Minidump\Mini121014-01.dmp
    2014-12-10 13:05 - 2014-12-10 13:05 - 578422123 _____ () C:\Windows\MEMORY.DMP
    2014-12-10 12:52 - 2014-12-10 12:52 - 00000000 ____D () C:\Windows\pss
    2014-12-10 12:04 - 2014-12-10 12:22 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
    2014-12-10 12:04 - 2014-12-10 12:04 - 00001768 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
    2014-12-10 12:03 - 2014-12-10 12:03 - 05810688 _____ (Carifred) C:\Users\Linford\Desktop\UVKPortable.exe
    2014-12-10 11:37 - 2014-11-06 20:33 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-10 11:37 - 2014-11-06 20:28 - 01209856 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-10 11:37 - 2014-11-03 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-10 11:37 - 2014-11-03 19:19 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-10 11:35 - 2014-12-02 21:06 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-12-10 11:35 - 2014-12-02 20:51 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-12-10 11:34 - 2014-11-24 17:12 - 17874432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-10 11:34 - 2014-11-24 16:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-12-10 11:34 - 2014-11-24 16:54 - 10921984 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-10 11:34 - 2014-11-24 16:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-10 11:34 - 2014-11-24 16:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-10 11:34 - 2014-11-24 16:47 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-10 11:34 - 2014-11-24 16:45 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-10 11:34 - 2014-11-24 16:45 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-12-10 11:34 - 2014-11-24 16:45 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-10 11:34 - 2014-11-24 16:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-12-10 11:34 - 2014-11-24 16:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-12-10 11:34 - 2014-11-24 16:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-10 11:34 - 2014-11-24 16:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-10 11:34 - 2014-11-24 16:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-12-10 11:34 - 2014-11-24 16:42 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-10 11:34 - 2014-11-24 15:44 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-12-10 11:34 - 2014-11-24 15:41 - 12369920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-10 11:34 - 2014-11-24 15:40 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-10 11:34 - 2014-11-24 15:37 - 09740800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-10 11:34 - 2014-11-24 15:35 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-10 11:34 - 2014-11-24 15:35 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-10 11:34 - 2014-11-24 15:34 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-10 11:34 - 2014-11-24 15:34 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-10 11:34 - 2014-11-24 15:33 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-10 11:34 - 2014-11-24 15:33 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-12-10 11:34 - 2014-11-24 15:32 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-10 11:34 - 2014-11-24 15:32 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-10 11:34 - 2014-11-24 15:32 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-10 11:34 - 2014-11-24 15:32 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-10 11:34 - 2014-11-24 15:32 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-10 11:34 - 2014-11-24 15:32 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-12-10 11:34 - 2014-11-24 15:32 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-12-10 11:29 - 2014-12-10 13:16 - 00000000 ____D () C:\AdwCleaner
    2014-12-09 23:30 - 2014-12-09 23:30 - 00000000 ____D () C:\Users\Linford\AppData\Roaming\SUPERAntiSpyware.com
    2014-12-09 23:30 - 2014-12-09 23:30 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
    2014-12-09 23:30 - 2014-12-09 23:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2014-12-09 23:29 - 2014-12-09 23:29 - 05073240 _____ (Microsoft Corporation) C:\Users\Linford\Downloads\vcredist_x86.exe
    2014-12-09 23:29 - 2014-12-09 23:29 - 02238600 _____ (Microsoft Corporation) C:\Users\Linford\Downloads\DefaultPack.EXE
    2014-12-09 22:24 - 2014-12-09 22:29 - 00000000 ____D () C:\ProgramData\UVK
    2014-12-09 22:01 - 2014-12-09 22:10 - 308385792 _____ () C:\Users\Linford\Desktop\kav_rescue_10.iso
    2014-12-09 21:52 - 2014-12-10 11:52 - 00035279 _____ () C:\Windows\iis7.log
    2014-12-09 21:52 - 2014-12-09 21:52 - 00000000 ____D () C:\inetpub
    2014-12-09 21:12 - 2014-12-09 21:13 - 36904648 _____ (Microsoft Corporation) C:\Users\Linford\Downloads\Windows-KB890830-x64-V5.19.exe
    2014-12-09 21:06 - 2014-12-09 21:06 - 00907264 _____ () C:\Users\Linford\Desktop\NtBackupRestore_Win64.msi
    2014-12-09 20:42 - 2014-12-09 20:42 - 02238600 _____ (Microsoft Corporation) C:\Users\Linford\Desktop\DefaultPack.EXE
    2014-12-09 20:35 - 2014-12-09 20:35 - 00000000 ____D () C:\ProgramData\Emsisoft
    2014-12-09 20:08 - 2014-12-09 20:15 - 03129816 _____ () C:\re-regdll.bat
    2014-12-09 20:06 - 2014-12-09 20:06 - 27475934 _____ () C:\Users\Linford\Documents\services.dmp
    2014-12-09 19:37 - 2014-12-09 19:37 - 00000000 ____D () C:\your_name14223y
    2014-12-09 19:36 - 2014-12-09 19:37 - 00000000 ___SD () C:\32788R22FWJFW
    2014-12-09 19:07 - 2014-12-09 19:08 - 16489198 _____ () C:\Users\Linford\Desktop\unhackme.zip
    2014-12-09 18:41 - 2014-12-10 13:40 - 00000000 ____D () C:\FRST
    2014-12-09 18:38 - 2014-12-09 18:38 - 02119680 _____ (Farbar) C:\Users\Linford\Desktop\FRST64.exe
    2014-12-09 18:25 - 2014-12-09 18:25 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-09 18:24 - 2014-12-09 18:24 - 01707646 _____ (Thisisu) C:\Users\Linford\Desktop\JRT.exe
    2014-12-09 18:16 - 2014-12-09 18:16 - 02166272 _____ () C:\Users\Linford\Desktop\adwcleaner_4.105.exe
    2014-12-09 18:06 - 2014-12-09 18:06 - 00000000 ____D () C:\_OTL
    2014-12-09 14:35 - 2014-12-09 14:35 - 00000000 ____D () C:\your_name3091y
    2014-12-09 14:34 - 2014-12-09 14:34 - 00000000 ____D () C:\your_name16443y
    2014-12-09 14:27 - 2014-12-09 14:27 - 00000000 ____D () C:\your_name32065y
    2014-12-09 14:15 - 2014-12-09 14:15 - 00000000 ____D () C:\your_name21837y
    2014-12-09 14:14 - 2014-12-09 14:14 - 00000000 ____D () C:\your_name
    2014-12-09 13:56 - 2014-12-09 13:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Linford\Desktop\iExplore.exe
    2014-12-09 13:48 - 2014-12-09 13:48 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Linford\Downloads\iExplore.exe
    2014-12-09 13:43 - 2014-12-09 13:43 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Linford\Desktop\rkill64.exe
    2014-12-08 23:20 - 2014-12-08 23:20 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Linford\Desktop\mbar-1.08.2.1001.exe
    2014-12-08 23:18 - 2014-12-09 22:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-08 23:18 - 2014-12-08 23:20 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-08 23:18 - 2014-12-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-08 23:18 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-08 23:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-12-08 22:05 - 2014-12-08 22:06 - 15201368 _____ () C:\Users\Linford\Desktop\RogueKiller.exe
    2014-12-08 21:07 - 2014-12-08 21:07 - 00017339 _____ () C:\Users\Public\Documents\Combofix_08_Dec_2014.txt
    2014-12-08 21:06 - 2014-12-08 21:06 - 00019080 _____ () C:\Users\Public\Documents\RKreport_SCN_12082014_145547.log
    2014-12-08 16:26 - 2014-12-10 13:40 - 00000000 ____D () C:\Users\Linford\Desktop\TechSpot Log Items
    2014-12-08 15:38 - 2014-12-08 15:38 - 00688992 ____R (Swearware) C:\Users\Linford\Desktop\dds.com
    2014-12-08 14:46 - 2014-12-09 14:29 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-08 14:46 - 2014-12-08 14:46 - 18315864 _____ () C:\Users\Linford\Downloads\RogueKillerX64.exe
    2014-12-08 14:35 - 2014-12-08 14:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-12-08 14:32 - 2014-12-08 14:32 - 00638888 _____ (Oracle Corporation) C:\Users\Linford\Downloads\chromeinstall-8u25 (1).exe
    2014-12-08 13:57 - 2014-12-08 13:57 - 00000000 ____D () C:\ProgramData\Sun
    2014-12-08 13:50 - 2014-12-08 13:50 - 00638888 _____ (Oracle Corporation) C:\Users\Linford\Downloads\chromeinstall-8u25.exe
    2014-12-08 13:17 - 2014-12-08 13:17 - 00002117 _____ () C:\Users\Linford\Desktop\Tweaking.com - Simple System Tweaker.lnk
    2014-12-08 12:16 - 2014-12-08 12:16 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-LINFORD-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
    2014-12-08 12:16 - 2014-12-08 12:16 - 00000000 ____D () C:\RegBackup
    2014-12-08 10:40 - 2014-12-08 13:17 - 00000000 ____D () C:\Users\Linford\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-12-08 10:40 - 2014-12-08 13:17 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-12-08 10:40 - 2014-12-08 10:40 - 00001994 _____ () C:\Users\Linford\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2014-12-08 06:53 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-12-08 06:53 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-12-08 06:53 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-12-08 06:53 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-12-08 06:53 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-12-08 06:53 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-12-08 06:53 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-12-08 06:53 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-12-07 21:36 - 2014-12-07 21:36 - 00000000 ____D () C:\Users\Linford\Documents\ProcAlyzer Dumps
    2014-12-07 20:14 - 2014-12-09 00:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-07 20:04 - 2014-12-07 20:04 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Linford\Downloads\mbar-1.08.2.1001.exe
    2014-12-07 18:22 - 2014-12-07 18:23 - 09817304 _____ () C:\Users\Linford\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2014-12-07 18:21 - 2014-12-07 18:21 - 00050688 _____ (Atribune.org) C:\Users\Linford\Downloads\ATF-Cleaner.exe
    2014-12-07 18:15 - 2014-12-07 18:15 - 00415232 _____ (Farbar) C:\Users\Linford\Downloads\FSS.exe
    2014-12-07 18:05 - 2014-12-07 18:05 - 05198336 _____ (AVAST Software) C:\Users\Linford\Downloads\aswMBR.exe
    2014-12-07 17:58 - 2014-12-07 18:00 - 04163057 _____ () C:\Users\Linford\Downloads\tdsskiller.zip
    2014-12-07 17:16 - 2014-12-07 17:17 - 00000000 ____D () C:\Program Files\IDT
    2014-12-07 17:02 - 2014-12-07 17:02 - 05152768 _____ () C:\Users\Linford\Downloads\HPSupportSolutionsFramework-11.51.0027.msi
    2014-12-06 21:41 - 2014-11-18 20:02 - 00000000 _____ () C:\Windows\system32\Drivers\avchv.sys
    2014-12-05 19:58 - 2014-12-05 19:58 - 00014469 _____ () C:\Users\Geoff\Downloads\O St Set List Holiday Mkt Dec 2014 KEYS.xlsx
    2014-12-05 16:21 - 2014-12-05 16:29 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Linford\Downloads\spybot-2.4.exe
    2014-12-05 16:19 - 2014-12-05 16:19 - 00000916 ____R () C:\Windows\system32\Drivers\etc\hosts.20141205-161930.backup
    2014-12-05 14:01 - 2014-12-05 14:01 - 00047616 _____ () C:\Users\Geoff\Downloads\SP005000 Maintenance and Database Support (UNCLASSIFIED).msg
    2014-12-04 11:15 - 2014-12-04 11:15 - 00001843 _____ () C:\Users\Geoff\Desktop\TerraExplorer.lnk
    2014-12-04 11:14 - 2014-12-04 11:15 - 00000000 ____D () C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Skyline TerraExplorer
    2014-12-04 11:14 - 2014-12-04 11:14 - 00000000 ____D () C:\Users\Geoff\AppData\Roaming\Skyline
    2014-12-04 11:14 - 2014-12-04 11:14 - 00000000 ____D () C:\Users\Geoff\AppData\Roaming\InstallShield Installation Information
    2014-12-04 11:08 - 2014-12-04 11:09 - 28363176 _____ (Skyline Software Systems Inc.) C:\Users\Geoff\Downloads\SkylineGlobeSetup.exe
    2014-12-03 17:00 - 2014-12-03 17:00 - 00000000 ____D () C:\Users\Trini\AppData\Roaming\Motorola Mobility
    2014-12-02 17:25 - 2014-12-02 17:25 - 00119808 _____ (Atribune.org) C:\Users\Linford\Downloads\vundofix.exe
    2014-12-02 14:02 - 2014-12-02 14:02 - 00002333 _____ () C:\Malwarebites_Dec_2014.txt
    2014-12-02 12:33 - 2014-12-02 12:34 - 00010258 _____ () C:\Users\Linford\Documents\cc_20141202_123353.reg
    2014-12-02 12:29 - 2014-12-02 12:30 - 05162080 _____ (Piriform Ltd) C:\Users\Linford\Downloads\ccsetup500.exe
    2014-12-02 12:17 - 2014-12-02 12:20 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-12-02 12:14 - 2014-12-02 12:14 - 00003092 _____ () C:\Windows\System32\Tasks\{879748DC-0F4E-4E2B-BE16-67A83126E6E2}
    2014-12-02 12:10 - 2014-12-02 12:10 - 02347384 _____ (ESET) C:\Users\Linford\Downloads\esetsmartinstaller_enu (4).exe
    2014-12-02 12:09 - 2014-12-02 12:09 - 02347384 _____ (ESET) C:\Users\Linford\Downloads\esetsmartinstaller_enu (3).exe
    2014-12-02 11:57 - 2014-12-03 17:17 - 00000000 ____D () C:\SUPERDelete
    2014-11-18 20:04 - 2014-11-18 20:04 - 00002007 _____ () C:\Users\Public\Desktop\Bitdefender Antivirus Free Edition.lnk
    2014-11-18 20:04 - 2014-11-18 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
    2014-11-18 20:02 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
    2014-11-18 20:02 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
    2014-11-18 20:00 - 2014-11-18 20:04 - 00000000 ____D () C:\Program Files\Bitdefender
    2014-11-18 19:59 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
    2014-11-18 19:59 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
    2014-11-18 19:39 - 2014-10-23 20:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-11-18 19:39 - 2014-10-23 19:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-11-18 19:29 - 2014-11-18 20:57 - 00000000 ____D () C:\Users\Linford\AppData\Roaming\QuickScan
    2014-11-18 19:28 - 2014-11-18 19:29 - 10447328 _____ () C:\Users\Linford\Downloads\Antivirus_Free_Edition_x64.exe
    2014-11-18 19:25 - 2014-11-18 19:27 - 00162208 _____ () C:\Users\Linford\Downloads\Antivirus_Free_Edition.exe
    2014-11-18 14:56 - 2014-11-18 14:56 - 01202848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
    2014-11-12 18:24 - 2014-11-12 18:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-12 17:33 - 2014-11-12 17:33 - 00000000 ____D () C:\Users\Geoff\Documents\INSURANCE
    2014-11-11 23:01 - 2014-10-12 18:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-11-11 22:55 - 2014-08-11 21:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
    2014-11-11 22:55 - 2014-08-11 21:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
    2014-11-11 22:53 - 2014-10-17 20:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
    2014-11-11 22:53 - 2014-10-17 19:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
    2014-11-11 22:53 - 2014-10-09 20:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-11-11 22:53 - 2014-10-09 20:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-11-11 22:53 - 2014-10-09 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2014-11-11 22:53 - 2014-10-09 20:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-11-11 22:53 - 2014-10-09 20:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
    2014-11-11 22:53 - 2014-10-09 18:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2014-11-11 22:53 - 2014-10-09 18:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
    2014-11-11 22:53 - 2014-10-02 20:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-11-11 22:53 - 2014-10-02 20:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-11-11 22:53 - 2014-10-02 20:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-11-11 22:53 - 2014-10-02 20:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-11-11 22:53 - 2014-10-02 20:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-11-11 22:53 - 2014-10-02 20:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-11-11 22:53 - 2014-10-02 20:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-11-11 22:53 - 2014-10-02 18:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
    2014-11-11 22:42 - 2014-10-23 20:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-11-11 22:42 - 2014-10-23 19:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-11-11 22:42 - 2014-08-26 19:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-11-11 22:42 - 2014-08-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-11-11 22:42 - 2014-08-26 19:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-11-11 22:42 - 2014-08-26 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-11-11 21:07 - 2014-11-11 21:07 - 00093571 _____ () C:\Users\Geoff\Downloads\WinZip Compressed Attachments (1).zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-12-10 13:26 - 2011-12-12 22:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000UA.job
    2014-12-10 13:23 - 2006-11-02 07:46 - 00861698 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-10 13:22 - 2008-01-20 20:53 - 01940377 _____ () C:\Windows\WindowsUpdate.log
    2014-12-10 13:21 - 2012-02-13 18:44 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
    2014-12-10 13:18 - 2012-04-11 17:43 - 00000000 ____D () C:\Temp
    2014-12-10 13:18 - 2006-11-02 10:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-12-10 13:17 - 2012-03-27 18:48 - 00159144 _____ () C:\Windows\PFRO.log
    2014-12-10 13:17 - 2006-11-02 10:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-10 13:17 - 2006-11-02 10:22 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-10 13:17 - 2006-11-02 10:22 - 00005184 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-10 13:07 - 2006-11-02 10:21 - 00388888 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-10 13:06 - 2012-04-11 17:37 - 00000000 ____D () C:\Windows\Minidump
    2014-12-10 13:03 - 2012-03-30 09:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-10 12:22 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 12:21 - 2011-12-11 17:47 - 00102744 _____ () C:\Users\Linford\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-10 11:49 - 2011-12-11 17:56 - 00000012 _____ () C:\Windows\bthservsdp.dat
    2014-12-10 11:49 - 2006-11-02 10:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-12-10 11:49 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
    2014-12-10 11:49 - 2006-11-02 08:34 - 00000000 ____D () C:\Windows\system32\inetsrv
    2014-12-10 11:48 - 2011-12-11 16:00 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 11:45 - 2013-08-13 21:28 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 11:38 - 2006-11-02 07:35 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
    2014-12-10 01:03 - 2012-03-30 09:14 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-10 01:03 - 2012-03-30 09:14 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-10 01:03 - 2011-12-11 16:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-09 22:28 - 2014-06-19 16:14 - 00000000 ____D () C:\Users\Linford\AppData\Local\CrashDumps
    2014-12-09 21:53 - 2011-12-11 18:47 - 00799096 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-12-09 21:52 - 2006-11-02 10:15 - 00000000 ____D () C:\Windows\system32\0409
    2014-12-09 21:25 - 2014-05-22 17:27 - 00000000 ____D () C:\Users\Linford\Desktop\Spyware cleaners
    2014-12-09 20:43 - 2011-12-12 22:41 - 00000000 ____D () C:\Users\Linford\AppData\Roaming\Apple Computer
    2014-12-09 19:37 - 2013-07-01 15:47 - 00000000 ____D () C:\Windows\erdnt
    2014-12-09 19:26 - 2011-12-12 22:05 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000Core.job
    2014-12-09 19:20 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-09 17:23 - 2011-12-14 00:00 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001Core.job
    2014-12-09 15:41 - 2014-06-20 14:52 - 00000000 ____D () C:\EEK
    2014-12-09 14:35 - 2011-12-11 17:46 - 00000732 _____ () C:\Users\Linford\AppData\Local\d3d9caps64.dat
    2014-12-08 21:03 - 2012-04-11 17:56 - 00000000 ____D () C:\Users\Geoff\AppData\Roaming\MotoCast
    2014-12-08 18:06 - 2012-04-11 17:56 - 00000000 ____D () C:\Users\Geoff\.gstreamer-0.10
    2014-12-08 17:09 - 2011-12-12 20:18 - 00102744 _____ () C:\Users\Geoff\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-08 17:08 - 2014-08-25 16:25 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-12-08 17:06 - 2013-04-04 01:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-12-08 14:33 - 2012-04-11 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-12-08 14:32 - 2013-11-05 18:11 - 00000000 ____D () C:\ProgramData\Oracle
    2014-12-08 13:57 - 2011-12-11 16:21 - 00000000 ____D () C:\Program Files\Java
    2014-12-08 13:49 - 2014-05-14 17:17 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-12-08 13:49 - 2014-05-14 17:16 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-12-08 13:49 - 2014-05-14 17:16 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-12-08 13:17 - 2011-12-12 22:07 - 00000000 ____D () C:\Users\Linford\Downloads\Spyware cleaners
    2014-12-08 13:02 - 2006-11-02 07:34 - 00000290 _____ () C:\Windows\win.ini
    2014-12-08 09:29 - 2014-06-20 13:52 - 00000000 ____D () C:\Qoobox
    2014-12-08 09:08 - 2006-11-02 07:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-08 09:08 - 2006-11-02 07:34 - 00000027 _____ () C:\Windows\system32\Drivers\etc\hosts_bak_23
    2014-12-07 21:43 - 2006-11-02 07:34 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20141208-074146.backup
    2014-12-07 21:26 - 2006-11-02 07:34 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20141207-214355.backup
    2014-12-07 17:37 - 2006-11-02 08:33 - 00000000 ____D () C:\Windows\registration
    2014-12-07 17:12 - 2011-12-23 11:54 - 00000000 ____D () C:\Users\Linford\AppData\Local\Hewlett-Packard
    2014-12-07 16:29 - 2011-12-21 13:57 - 00000000 ____D () C:\Users\Geoff\AppData\Local\Hewlett-Packard
    2014-12-05 21:09 - 2012-02-14 01:48 - 00047577 _____ () C:\Windows\setupact.log
    2014-12-05 16:19 - 2013-04-04 01:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
    2014-12-05 16:19 - 2006-11-02 07:34 - 00000916 ____R () C:\Windows\system32\Drivers\etc\hosts.20141205-165952.backup
    2014-12-04 16:05 - 2009-05-12 17:39 - 00000000 ____D () C:\Users\Geoff\Documents\bLUES STUFF
    2014-12-03 17:01 - 2011-12-12 22:50 - 00008224 _____ () C:\Users\Trini\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-03 17:00 - 2011-12-12 22:50 - 00000979 _____ () C:\Users\Trini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-12-03 17:00 - 2011-12-12 22:50 - 00000949 _____ () C:\Users\Trini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    2014-12-03 17:00 - 2011-12-12 22:50 - 00000000 ____D () C:\Users\Trini\AppData\Local\VirtualStore
    2014-12-02 13:02 - 2009-12-11 03:49 - 00000000 ____D () C:\MGtools
    2014-12-02 12:20 - 2012-02-13 19:15 - 00000000 ____D () C:\Users\Linford\AppData\Roaming\Malwarebytes
    2014-12-02 11:57 - 2011-12-17 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
    2014-12-02 11:28 - 2006-11-02 07:34 - 00000741 ____R () C:\Windows\system32\Drivers\etc\hosts.20141205-161910.backup
    2014-11-26 21:47 - 2013-06-25 16:48 - 00000000 ____D () C:\Users\Geoff\AppData\Local\CrashDumps
    2014-11-26 15:04 - 2013-09-07 12:37 - 00000000 ____D () C:\Users\Geoff\Documents\2-Mortgage Hunt Info
    2014-11-26 14:33 - 2011-12-14 00:01 - 00002042 _____ () C:\Users\Geoff\Desktop\Google Chrome.lnk
    2014-11-19 21:49 - 2012-01-19 19:57 - 00002517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
    2014-11-19 21:49 - 2012-01-19 19:57 - 00002505 _____ () C:\Users\Public\Desktop\Safari.lnk
    2014-11-19 21:49 - 2011-12-15 15:50 - 00000000 ____D () C:\Users\Geoff\AppData\Local\Apple Computer
    2014-11-19 21:49 - 2011-12-12 22:58 - 00000000 ____D () C:\Users\Geoff\AppData\Roaming\Apple Computer
    2014-11-19 20:56 - 2011-12-18 22:06 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-11-18 20:04 - 2011-12-11 17:46 - 00000000 ____D () C:\Users\Linford
    2014-11-18 19:38 - 2011-12-11 18:48 - 00001945 _____ () C:\Windows\epplauncher.mif
    2014-11-18 19:34 - 2006-11-02 08:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
    2014-11-18 19:23 - 2014-06-19 16:40 - 00000000 ____D () C:\Program Files (x86)\SUPERAntiSpyware
    2014-11-18 19:21 - 2011-12-12 22:05 - 00003804 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000UA
    2014-11-18 19:21 - 2011-12-12 22:05 - 00003408 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000Core
    2014-11-15 17:12 - 2012-04-27 17:59 - 00000000 ____D () C:\Users\Geoff\AppData\Local\Akamai
    2014-11-15 17:08 - 2012-06-19 21:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-12 17:19 - 2011-12-14 00:00 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001UA
    2014-11-12 17:19 - 2011-12-14 00:00 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001Core
    2014-11-12 17:19 - 2011-12-14 00:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001UA.job
    2014-11-10 19:39 - 2012-06-04 20:02 - 00000000 ____D () C:\Users\Geoff\Documents\PFCU

    Some content of TEMP:
    ====================
    C:\Users\Linford\AppData\Local\temp\Quarantine.exe
    C:\Users\Linford\AppData\Local\temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-12-10 13:33

    ==================== End Of Log ============================
     
  21. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    I still need Addition.txt log.
     
  22. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-12-2014
    Ran by Linford at 2014-12-10 13:42:13
    Running from C:\Users\Linford\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    ActivClient CAC 6.1 x64 (HKLM\...\{AC194855-F7AC-4D04-B4C9-07BA46FCB697}) (Version: 6.11.00039 - ActivIdentity)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    Amazing Slow Downer (remove only) (HKLM-x32\...\Amazing Slow Downer) (Version: - )
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.30.20.0 - Broadcom Corporation)
    BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Citrix Online Launcher (HKLM-x32\...\{3E7E6F1E-7376-475A-8BC9-E3126B20CF5F}) (Version: 1.0.198 - Citrix)
    Citrix XenApp Web Plugin (HKLM-x32\...\{C0B165DC-F037-483F-B1C9-D89D91529CEB}) (Version: 11.0.150.5357 - Citrix Systems, Inc.)
    ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version: - DownloadHelper)
    D110 (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    Free M4a to MP3 Converter 7.2 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
    GIMP 2.6.11 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
    Google Chrome (HKU\S-1-5-21-76335557-1567907971-1813161301-1000\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Hewlett-Packard ACLM.NET v1.1.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP MediaSmart Music/Photo/Video (HKLM-x32\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.2.2829 - Hewlett-Packard)
    HP MediaSmart Webcam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.2.1621 - Hewlett-Packard)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP Photo Creations Powered by RocketLife)
    HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
    HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
    HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Support Assistant (HKLM-x32\...\{E92D47A1-D27D-430A-8368-0BAFD956507D}) (Version: 5.2.9.2 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{44157EB3-D8D0-4BB1-B0F5-AD2C38814ED1}) (Version: 11.51.0027 - Hewlett-Packard Company)
    HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
    HP Wireless Assistant (HKLM-x32\...\{1061DF04-CF33-40B0-8360-D07C9BBEB122}) (Version: 3.50.10.1 - Hewlett-Packard)
    HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6159.0 - IDT)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    LightScribe System Software (HKLM-x32\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
    Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
    LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Metro7 version 1.0 (HKLM-x32\...\{6B994472-9239-4E07-8008-1206252E9E51}_is1) (Version: 1.0 - Metro7.org)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
    Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
    Microsoft Lync Web App Plug-in (HKLM-x32\...\{877EC1C3-6D58-4DE0-BD83-5B29BED8B995}) (Version: 15.8.8308.315 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
    MotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) Hidden
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
    MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
    Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
    Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
    PdaNet+ for Android 4.12 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
    ProtectSmart Hard Drive Protection (HKLM\...\{2F97CE84-9C33-4631-821B-85EA371EA254}) (Version: 3.10.1.7 - Hewlett-Packard)
    PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    Realtek 8139 and 8139C+ Ethernet Network Card Driver for Windows Vista (HKLM-x32\...\{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}) (Version: 1.00.0000 - Realtek)
    Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)
    Realtek USB 2.0 Card Reader (HKLM-x32\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
    Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
    Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
    Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
    SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
    SolutionCenter (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
    Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
    TerraExplorer (x32 Version: 6.1.01033 - Skyline Software Systems Inc.) Hidden
    Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Tweaking.com - Simple System Tweaker (HKLM-x32\...\Tweaking.com - Simple System Tweaker) (Version: 2.1.0 - Tweaking.com)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
    Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 6.8.5.0 - Carifred)
    WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
    Windows Driver Package - ENE (enecir) HIDClass (09/04/2008 2.6.0.0) (HKLM\...\07B260955637F1FF7587ED2AA87459040DD09BF7) (Version: 09/04/2008 2.6.0.0 - ENE)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{047466F1-82AE-455A-AFC4-D3AC463FBF6B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{238F6F83-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Linford\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{238F6F85-B8B4-11CF-8771-00A024541EE3}\InprocServer32 -> C:\Users\Linford\AppData\Local\Citrix\ICA Client\Wfica.ocx (Citrix Systems, Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Chrome\Application\39.0.2171.71\delegate_execute.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Linford\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)

    ==================== Restore Points =========================

    12-11-2014 03:41:54 Windows Update
    15-11-2014 22:16:51 Windows Update
    16-11-2014 14:09:37 Scheduled Checkpoint
    19-11-2014 00:20:49 Removed SUPERAntiSpyware Free Edition
    19-11-2014 00:22:29 Windows Update
    19-11-2014 00:39:08 Windows Update
    19-11-2014 01:02:44 Device Driver Package Install: BITDEFENDER S.R.L. System devices
    23-11-2014 03:09:20 Windows Update
    26-11-2014 19:14:37 Windows Update
    30-11-2014 17:39:38 Windows Update
    01-12-2014 17:31:26 Scheduled Checkpoint
    02-12-2014 15:26:29 Scheduled Checkpoint
    03-12-2014 06:00:05 Scheduled Checkpoint
    03-12-2014 23:52:14 Scheduled Checkpoint
    05-12-2014 06:57:14 Windows Update
    06-12-2014 06:00:40 Scheduled Checkpoint
    07-12-2014 02:45:20 Scheduled Checkpoint
    07-12-2014 22:03:00 Installed HP Support Solutions Framework
    08-12-2014 01:12:27 07_Dec_14_2012Hrs
    08-12-2014 15:16:38 Scheduled Checkpoint

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 07:34 - 2014-12-09 18:07 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ::1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {16D4304C-9EE8-42BC-AAE1-1F6F2CF66F4B} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {22D3397D-20FE-4C5A-B2A8-7F2F2C6DC199} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001Core => C:\Users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {2406FE98-F2B4-4CF2-B791-675CFF53C75C} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
    Task: {36D59D73-5BDF-4976-8DC6-F944E22F9884} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
    Task: {49AD996E-DB1C-409B-8867-11EF662B22CB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000UA => C:\Users\Linford\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
    Task: {58F65BE6-FF0F-47B9-89E8-CF7958F30EE1} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
    Task: {7E23D888-1EBB-45E3-BCE0-A7B2E6CDBAD8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001UA => C:\Users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
    Task: {7F590172-BA79-4F23-A59A-E9A3D30CA841} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
    Task: {807E239F-BE4B-49B4-A2D7-022CAA317D44} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Ghost Resign Task => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe [2014-08-19] (Microsoft)
    Task: {98700978-770C-40F8-9850-49E651B2D564} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-02-23] (Hewlett-Packard Company)
    Task: {C0EF6C8C-DBD2-4235-A0E2-79C030669501} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-08-19] (Microsoft)
    Task: {CEEE92BC-989A-4EA5-9554-EFC5F385C327} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {D1B876D0-F12A-47C5-A897-E78069BFF5DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000Core => C:\Users\Linford\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-18] (Google Inc.)
    Task: {D442702E-6BBA-48F4-B3E9-1C5B4E9B89DB} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2012-03-27] ()
    Task: {D9900B77-23DB-43F7-80E6-B131F851643F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {DF159A32-7C17-4992-8C72-03BA708B17B7} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
    Task: {E5396A0E-57FA-46BB-A6E5-83E29111A2B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {E65C6B99-3642-4CB6-9FB6-27C3C71B8F90} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000Core.job => C:\Users\Linford\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1000UA.job => C:\Users\Linford\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001Core.job => C:\Users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76335557-1567907971-1813161301-1001UA.job => C:\Users\Geoff\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-11-18 20:02 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
    2014-11-18 20:02 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
    2009-07-01 14:44 - 2009-07-01 14:44 - 00632888 _____ () C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
    2012-09-07 20:35 - 2012-09-07 20:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
    2012-09-07 20:37 - 2012-09-07 20:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
    2012-09-07 20:36 - 2012-09-07 20:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
    2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    AlternateDataStreams: C:\Users\Geoff\Downloads\Alexxyss and lolipop.mpg:TOC.WMV
    AlternateDataStreams: C:\Users\Linford\Desktop\adwcleaner_4.105.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\dds.com:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\DefaultPack.EXE:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\iExplore.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\JRT.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\mbar-1.08.2.1001.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\RogueKiller.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\UVKPortable.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\aswMBR.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\ATF-Cleaner.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\ccsetup500.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\chromeinstall-8u25.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\DefaultPack.EXE:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\esetsmartinstaller_enu (3).exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\esetsmartinstaller_enu (4).exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\FSS.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\mbar-1.08.2.1001.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\RogueKillerX64.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\spybot-2.4.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\vcredist_x86.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\Windows-KB890830-x64-V5.19.exe:BDU
     
  23. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0001 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0002 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0003 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0004 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0005 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0006 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0007 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0008 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0009 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0010 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0011 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0012 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0013 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0014 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0015 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0016 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0017 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0018 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0019 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0020 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0021 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0022 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0023 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0024 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0025 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0026 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0027 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0028 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0029 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0030 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0031 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0032 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0033 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0034 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0035 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0036 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0037 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0038 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0039 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0040 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0041 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0042 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0043 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0044 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0045 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0046 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0047 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0048 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0049 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0050 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0051 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0052 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0053 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0054 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0055 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0056 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0057 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0058 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0059 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0060 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0061 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0062 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0063 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0064 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0065 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0066 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0067 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0068 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0069 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0070 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0071 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0072 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0073 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0074 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0075 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0076 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0077 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0078 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0079 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0080 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0081 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0082 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0083 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0084 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0085 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0086 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0087 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0088 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0089 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0090 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0091 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0092 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0093 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0094 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0095 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0096 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0097 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0098 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0099 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsSystem0100 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0001 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0002 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0003 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0004 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0005 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0006 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0007 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0008 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0009 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0010 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0011 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0012 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0013 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0014 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0015 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0016 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0017 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0018 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0019 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRunAsTrustedInstaller0020 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0001 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0002 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0003 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0004 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0005 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0006 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0007 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0008 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0009 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0010 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0011 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0012 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0013 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0014 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0015 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0016 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0017 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0018 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0019 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0020 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0021 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0022 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0023 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0024 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0025 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0026 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0027 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0028 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0029 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0030 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0031 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0032 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0033 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0034 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0035 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0036 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0037 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0038 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0039 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0040 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0041 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0042 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0043 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0044 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0045 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0046 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0047 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0048 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0049 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0050 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0051 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0052 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0053 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0054 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0055 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0056 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0057 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0058 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0059 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0060 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0061 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0062 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0063 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0064 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0065 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0066 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0067 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0068 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0069 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0070 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0071 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0072 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0073 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0074 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0075 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0076 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0077 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0078 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0079 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0080 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0081 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0082 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0083 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0084 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0085 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0086 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0087 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0088 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0089 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0090 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0091 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0092 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0093 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0094 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0095 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0096 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0097 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0098 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0099 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsSystem0100 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0001 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0002 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0003 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0004 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0005 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0006 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0007 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0008 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0009 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0010 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0011 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0012 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0013 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0014 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0015 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0016 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0017 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0018 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0019 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRunAsTrustedInstaller0020 => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-76335557-1567907971-1813161301-500 - Administrator - Disabled)
    Geoff (S-1-5-21-76335557-1567907971-1813161301-1001 - Limited - Enabled) => C:\Users\Geoff
    Guest (S-1-5-21-76335557-1567907971-1813161301-501 - Limited - Disabled)
    Kemba (S-1-5-21-76335557-1567907971-1813161301-1003 - Limited - Enabled) => C:\Users\Kemba
    Khari (S-1-5-21-76335557-1567907971-1813161301-1002 - Limited - Enabled) => C:\Users\Khari
    Linford (S-1-5-21-76335557-1567907971-1813161301-1000 - Administrator - Enabled) => C:\Users\Linford
    Trini (S-1-5-21-76335557-1567907971-1813161301-1004 - Limited - Enabled) => C:\Users\Trini

    ==================== Faulty Device Manager Devices =============

    Name: HP Photosmart D110
    Description: HP Photosmart D110
    Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Manufacturer: Hewlett-Packard
    Service: StillCam
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

    Name: Photosmart D110 series
    Description: Photosmart D110 series
    Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
    Manufacturer: HP
    Service:
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (12/10/2014 01:39:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)


    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-10 13:41:59.458
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:59.208
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:58.974
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:58.724
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:58.303
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:58.069
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:57.835
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:41:57.570
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:09:30.970
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

    Date: 2014-12-10 13:09:30.768
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz
    Percentage of memory in use: 39%
    Total physical RAM: 3998.24 MB
    Available physical RAM: 2430.41 MB
    Total Pagefile: 8211.74 MB
    Available Pagefile: 6290.65 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:285.62 GB) (Free:30.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (RECOVERY) (Fixed) (Total:12.47 GB) (Free:1.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: CF9BC167)
    Partition 1: (Active) - (Size=285.6 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=12.5 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 52,899   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  25. Montel2

    Montel2 TS Rookie Topic Starter Posts: 33

    I saved the fixlist.txt to my desktop and ran FRST64 as instructed, the Fixlog.txt is below:
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-12-2014
    Ran by Linford at 2014-12-12 17:42:45 Run:1
    Running from C:\Users\Linford\Desktop
    Loaded Profile: Linford (Available profiles: Linford & Geoff & Khari & Kemba & Trini)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemRoot%\Fonts\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemDrive%\$Recycle.Bin\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Skype\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Package Cache\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Internet Explorer\Quick Launch\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Microsoft\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Adobe\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Windows\Start Menu\* <====== ATTENTION
    HKLM Group Policy restriction on software: %ALLUSERSPROFILE%\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %SystemDrive%\Users\Public\Desktop\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\Oracle\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\Microsoft\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\LocalLow\Sun\Java\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\Downloads\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\Windows\Recent\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\Desktop\* <====== ATTENTION
    HKLM Group Policy restriction on software: %USERPROFILE%\AppData\Local\temp\* <====== ATTENTION
    HKLM Group Policy restriction on software: %APPDATA%\Microsoft\* <====== ATTENTION
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-76335557-1567907971-1813161301-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page =
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page =
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-76335557-1567907971-1813161301-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> No File
    BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
    FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
    S1 Beep; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
    S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
    S3 NTPASp50a64; System32\Drivers\NTPASp50a64.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\Linford\AppData\Local\temp\Quarantine.exe
    C:\Users\Linford\AppData\Local\temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> No File Path
    CustomCLSID: HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> No File Path
    AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
    AlternateDataStreams: C:\Users\Geoff\Downloads\Alexxyss and lolipop.mpg:TOC.WMV
    AlternateDataStreams: C:\Users\Linford\Desktop\adwcleaner_4.105.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\dds.com:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\DefaultPack.EXE:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\FRST64.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\iExplore.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\JRT.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\mbar-1.08.2.1001.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\RogueKiller.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Desktop\UVKPortable.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\aswMBR.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\ATF-Cleaner.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\ccsetup500.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\chromeinstall-8u25.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\DefaultPack.EXE:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\esetsmartinstaller_enu (3).exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\esetsmartinstaller_enu (4).exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\FSS.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\mbar-1.08.2.1001.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\RogueKillerX64.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\spybot-2.4.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\tweaking.com_windows_repair_aio_setup.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\vcredist_x86.exe:BDU
    AlternateDataStreams: C:\Users\Linford\Downloads\Windows-KB890830-x64-V5.19.exe:BDU


    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
    "HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key deleted successfully.
    "HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}" => Key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
    FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found] not found.
    Beep => Service deleted successfully.
    catchme => Service deleted successfully.
    IpInIp => Service deleted successfully.
    motccgpfl => Service deleted successfully.
    motusbdevice => Service deleted successfully.
    NTPASp50a64 => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    C:\Users\Linford\AppData\Local\temp\Quarantine.exe => Moved successfully.
    C:\Users\Linford\AppData\Local\temp\sqlite3.dll => Moved successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}" => Key deleted successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}" => Key deleted successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}" => Key deleted successfully.
    "HKU\S-1-5-21-76335557-1567907971-1813161301-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}" => Key deleted successfully.
    C:\ProgramData\TEMP => ":D1B5B4F1" ADS removed successfully.
    C:\Users\Geoff\Downloads\Alexxyss and lolipop.mpg => ":TOC.WMV" ADS removed successfully.
    C:\Users\Linford\Desktop\adwcleaner_4.105.exe => ":BDU" ADS removed successfully.
    "C:\Users\Linford\Desktop\dds.com" => ":BDU" ADS not found.
    C:\Users\Linford\Desktop\DefaultPack.EXE => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\FRST64.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\iExplore.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\JRT.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\mbar-1.08.2.1001.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\RogueKiller.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Desktop\UVKPortable.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\aswMBR.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\ATF-Cleaner.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\ccsetup500.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\chromeinstall-8u25.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\DefaultPack.EXE => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\esetsmartinstaller_enu (3).exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\esetsmartinstaller_enu (4).exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\FSS.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\mbar-1.08.2.1001.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\RogueKillerX64.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\spybot-2.4.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\tweaking.com_windows_repair_aio_setup.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\vcredist_x86.exe => ":BDU" ADS removed successfully.
    C:\Users\Linford\Downloads\Windows-KB890830-x64-V5.19.exe => ":BDU" ADS removed successfully.

    ==== End of Fixlog ====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...