TechSpot

Slow laptop. IE/network is unreliable. (Win7Pro-64) 2nd machine.

By Rwolf01
Dec 20, 2014
  1. This is the second machine, a Dell laptop, they are both running Windows 7 Pro 64 bit.

    I ran the latest version of Avira Pro and it found no active viruses in memory or virus files on the hard disk.

    MalwareBytes did find 256 PUPs. I deleted them and saved the log files, but then restarted the 4-step process.

    The second attempt, Avira & MalwareBytes both came up clean. Then I ran DDS.

    The log files for the latest pass are attached below. (older logs are available on request)

    Right now Avira is active, but realtime protection from MWB is turned off. (I don't want them to clash)

    Also, I made a complete system image, so we can recover if things go wrong.

    Log files below:

    ============================= MWB Log ==============================


    Malwarebytes Anti-Malware
    www.malwarebytes.org
    Scan Date: 12/20/2014
    Scan Time: 5:24:44 AM
    Logfile: MWBlog4.txt
    Administrator: Yes
    Version: 2.00.4.1028
    Malware Database: v2014.12.20.01
    Rootkit Database: v2014.12.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled
    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: LHChow29
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 441993
    Time Elapsed: 10 min, 17 sec
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled
    Processes: 0
    (No malicious items detected)
    Modules: 0
    (No malicious items detected)
    Registry Keys: 0
    (No malicious items detected)
    Registry Values: 0
    (No malicious items detected)
    Registry Data: 0
    (No malicious items detected)
    Folders: 0
    (No malicious items detected)
    Files: 0
    (No malicious items detected)
    Physical Sectors: 0
    (No malicious items detected)

    (end)

    ================================DDS.txt =================================
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17496 BrowserJavaVersion: 11.25.2
    Run by LHChow29 at 5:38:51 on 2014-12-20
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8065.6231 [GMT -8:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\VPDAgent_x64.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\Common Files\SPBA\upeksvr.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    C:\Windows\system32\o2flash.exe
    C:\Windows\system32\vssvc.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\DellTPad\Apoint.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
    C:\Users\LHChow29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uProxyOverride = <-loopback>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
    BHO: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    TB: Avira SearchFree Toolbar plus Web Protection: {41564952-412D-5637-00A7-7A786E7484D7} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
    uRun: [Google Update] "C:\Users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [HP Officejet 4620 series (NET)] "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN249141VQ05RT:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
    uRun: [Slick Savings] "C:\Users\LHChow29\AppData\Roaming\Slick Savings\CouponsHelper.exe"
    uRun: [Spotify Web Helper] "C:\Users\LHChow29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    uRunOnce: [Adobe Speed Launcher] 1419081843
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
    mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\LHChow29\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BLITZM~1.LNK - C:\Program Files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODECP~1.LNK - C:\Windows\SysWOW64\C2MP\UpdateChecker.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: dell.com
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9} : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\2656C6B696E6E2462636 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\348627F6D6563616374773736353 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\348627F6D6563616374773736353 : DHCPNameServer = 192.168.255.249
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\358434F5055726C69636 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\358434F5055726C69636 : DHCPNameServer = 68.65.168.252 8.8.8.8 68.65.168.244 8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\84F4D454D293344423 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\84F4D454D293344423 : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\93630284F677162746 : NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\93630284F677162746 : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    x64-Run: [DFEPApplication] C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: Neat ADF Scanner 2008 - reg copy "HKLM\Software\Wow6432Node\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
    x64-mASetup: Send To Neat - reg copy "HKLM\Software\The Neat Company\Send To Neat" "HKCU\Software\The Neat Company\Send To Neat" /s /f
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-6-17 16152]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-12-4 32544]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-6-17 55856]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-6-17 22128]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-27 28600]
    R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2013-12-4 300320]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-11-8 196688]
    R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-1 169624]
    R2 Agent;VPDAgent;C:\Windows\VPDAgent_x64.exe [2013-10-3 148480]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2013-8-27 805112]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-27 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-27 431920]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe [2013-8-27 992560]
    R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-7-26 168400]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-27 119272]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2012-3-19 1043872]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2012-3-19 36768]
    R2 DFEPService;Dell Feature Enhancement Pack Service;C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2012-5-8 2279960]
    R2 EmbassyService;EmbassyService;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2012-1-17 218504]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-6-17 13592]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-6-17 161560]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-12-19 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-12-19 969016]
    R2 Neat Startup Service;Neat Startup Service;C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [2014-1-3 5632]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-11-8 338000]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-6-17 363800]
    R2 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2012-1-5 1679872]
    R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2013-6-17 134696]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2013-6-17 84480]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2013-6-17 182272]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2013-6-17 84992]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-6-17 172704]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2012-3-19 45672]
    R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-6-17 356120]
    R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-6-17 788760]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-2 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-12-19 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-12-19 63704]
    R3 O2SDJRDR;O2SDJRDR;C:\Windows\System32\drivers\o2sdjw7x64.sys [2013-6-17 84712]
    R3 ST_ACCEL;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_ACCEL.sys [2013-6-17 68208]
    S2 CLKMSVC10_9EC60124;CyberLink Product - 2013/06/17 20:05:25;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-8-11 248304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
    S2 svcGenericHost;Trend Micro Client/Server Security Agent;"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe" --> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [?]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-9 114688]
    S3 irstrtdv;Intel(R) Rapid Start Technology Driver;C:\Windows\System32\drivers\irstrtdv.sys [2013-6-17 26504]
    S3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-6-17 44992]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2013-6-17 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2013-6-17 181248]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\System32\drivers\nvstusb.sys [2013-6-17 399208]
    S3 O2MDFRDR;O2MDFRDR;C:\Windows\System32\drivers\o2mdfw7x64.sys [2013-6-17 72808]
    S3 O2MDRRDR;O2MDRRDR;C:\Windows\System32\drivers\O2MDRw7x64.sys [2013-6-17 74984]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-28 19456]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
    S3 ST7007;ST7007;C:\Windows\System32\drivers\ST7007.sys [2013-6-17 67696]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe" --> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe [?]
    S3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;"C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe" --> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-28 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-8-28 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-1 1255736]
    S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
    S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2012-1-16 198144]
    .
    =============== Created Last 30 ================
    .
    2014-12-20 10:17:08 -------- d-----w- C:\Program Files\CCleaner
    2014-12-19 12:42:00 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-12-19 12:41:51 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-12-19 12:41:51 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-12-19 12:41:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-17 23:41:27 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-12-17 23:41:27 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-12-10 11:25:40 -------- d-----w- C:\Windows\System32\appraiser
    2014-12-10 11:02:54 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
    2014-12-10 11:02:53 4121600 ----a-w- C:\Windows\System32\mf.dll
    2014-12-10 00:43:55 165888 ----a-w- C:\Windows\System32\charmap.exe
    2014-12-08 21:32:52 -------- d-----w- C:\Users\LHChow29\AppData\Local\Sonic_Solutions
    2014-12-08 21:32:45 -------- d-----w- C:\Users\LHChow29\AppData\Roaming\Macrovision
    2014-12-08 21:27:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-12-08 21:27:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-12-08 21:27:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-12-08 21:27:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-12-08 21:27:45 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
    2014-12-08 21:26:23 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-12-08 21:26:23 -------- d-----w- C:\Program Files\iTunes
    2014-12-08 21:26:23 -------- d-----w- C:\Program Files\iPod
    2014-12-08 21:26:23 -------- d-----w- C:\Program Files (x86)\iTunes
    2014-12-03 06:31:20 227048 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    ==================== Find3M ====================
    .
    2014-12-10 11:09:13 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 11:09:13 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-12-04 02:50:55 413184 ----a-w- C:\Windows\System32\generaltel.dll
    2014-12-04 02:50:45 741376 ----a-w- C:\Windows\System32\invagent.dll
    2014-12-04 02:50:40 396800 ----a-w- C:\Windows\System32\devinv.dll
    2014-12-04 02:50:38 830976 ----a-w- C:\Windows\System32\appraiser.dll
    2014-12-04 02:50:37 227328 ----a-w- C:\Windows\System32\aepdu.dll
    2014-12-04 02:50:37 192000 ----a-w- C:\Windows\System32\aepic.dll
    2014-12-04 02:44:48 1083392 ----a-w- C:\Windows\System32\aeinv.dll
    2014-12-01 23:28:44 1232040 ----a-w- C:\Windows\System32\aitstatic.exe
    2014-11-22 03:06:23 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-11-22 03:06:11 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-11-22 02:50:39 66560 ----a-w- C:\Windows\System32\iesetup.dll
    2014-11-22 02:50:10 580096 ----a-w- C:\Windows\System32\vbscript.dll
    2014-11-22 02:49:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-11-22 02:48:20 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-11-22 02:35:29 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-11-22 02:34:51 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-11-22 02:34:07 6039552 ----a-w- C:\Windows\System32\jscript9.dll
    2014-11-22 02:26:31 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-11-22 02:20:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-11-22 02:14:16 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-11-22 02:07:43 501248 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-11-22 02:07:17 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-11-22 02:06:32 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-11-22 02:05:02 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-11-22 01:54:30 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-11-22 01:47:10 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-11-22 01:46:58 2125312 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-11-22 01:40:04 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-11-22 01:29:26 4299264 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-11-22 01:28:21 2358272 ----a-w- C:\Windows\System32\wininet.dll
    2014-11-22 01:22:49 2052096 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-11-22 01:21:57 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-11-22 01:00:20 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-11-21 14:14:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-11-18 22:56:48 1202848 ----a-w- C:\Windows\SysWow64\FM20.DLL
    2014-11-17 06:56:57 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-11 03:09:06 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-11-11 03:08:52 241152 ----a-w- C:\Windows\System32\pku2u.dll
    2014-11-11 03:08:48 728064 ----a-w- C:\Windows\System32\kerberos.dll
    2014-11-11 02:44:45 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-11-11 02:44:32 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
    2014-11-11 02:44:25 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-11-11 01:46:26 119296 ----a-w- C:\Windows\System32\drivers\tdx.sys
    2014-11-08 03:16:08 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-11-08 02:45:09 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-10-30 01:45:43 155136 ----a-w- C:\Windows\SysWow64\charmap.exe
    2014-10-25 01:57:59 77824 ----a-w- C:\Windows\System32\packager.dll
    2014-10-25 01:32:37 67584 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-18 02:05:23 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2014-10-18 01:33:18 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2014-10-14 02:16:37 155064 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2014-10-14 02:13:06 683520 ----a-w- C:\Windows\System32\termsrv.dll
    2014-10-14 02:13:00 3241984 ----a-w- C:\Windows\System32\msi.dll
    2014-10-14 02:12:57 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
    2014-10-14 02:09:31 146432 ----a-w- C:\Windows\System32\msaudite.dll
    2014-10-14 02:07:31 681984 ----a-w- C:\Windows\System32\adtschema.dll
    2014-10-14 01:50:47 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2014-10-14 01:50:41 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-14 01:49:38 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2014-10-14 01:47:30 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
    2014-10-14 01:46:02 681984 ----a-w- C:\Windows\SysWow64\adtschema.dll
    2014-10-10 00:57:42 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-07 09:30:39 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-10-07 09:30:37 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-10-03 02:12:23 310272 ----a-w- C:\Windows\System32\WsmWmiPl.dll
    2014-10-03 02:12:23 2020352 ----a-w- C:\Windows\System32\WsmSvc.dll
    2014-10-03 02:12:22 346624 ----a-w- C:\Windows\System32\WSManMigrationPlugin.dll
    2014-10-03 02:12:22 181248 ----a-w- C:\Windows\System32\WsmAuto.dll
    2014-10-03 02:12:00 500224 ----a-w- C:\Windows\System32\AUDIOKSE.dll
    2014-10-03 02:11:54 284672 ----a-w- C:\Windows\System32\EncDump.dll
    2014-10-03 02:11:51 680960 ----a-w- C:\Windows\System32\audiosrv.dll
    2014-10-03 02:11:51 440832 ----a-w- C:\Windows\System32\AudioEng.dll
    2014-10-03 02:11:51 296448 ----a-w- C:\Windows\System32\AudioSes.dll
    2014-10-03 02:11:49 266240 ----a-w- C:\Windows\System32\WSManHTTPConfig.exe
    2014-10-03 01:45:03 248832 ----a-w- C:\Windows\SysWow64\WSManMigrationPlugin.dll
    2014-10-03 01:45:03 214016 ----a-w- C:\Windows\SysWow64\WsmWmiPl.dll
    2014-10-03 01:45:03 145920 ----a-w- C:\Windows\SysWow64\WsmAuto.dll
    2014-10-03 01:45:03 1177088 ----a-w- C:\Windows\SysWow64\WsmSvc.dll
    2014-10-03 01:44:42 442880 ----a-w- C:\Windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44:26 374784 ----a-w- C:\Windows\SysWow64\AudioEng.dll
    2014-10-03 01:44:26 195584 ----a-w- C:\Windows\SysWow64\AudioSes.dll
    2014-10-03 01:44:25 198656 ----a-w- C:\Windows\SysWow64\WSManHTTPConfig.exe
    2014-10-02 22:23:20 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2014-10-02 22:23:20 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    .
    ============= FINISH: 5:39:15.81 ===============
     
  2. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    =========================== Attach.txt ========================

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/1/2013 4:53:28 PM
    System Uptime: 12/20/2014 5:11:58 AM (0 hours ago)
    .
    Motherboard: Dell Inc. | |
    Processor: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz | SOCKET 0 | 2701/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 452 GiB total, 116.879 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Trend Micro PreFilter
    Device ID: ROOT\LEGACY_TMPREFILTER\0000
    Manufacturer:
    Name: Trend Micro PreFilter
    PNP Device ID: ROOT\LEGACY_TMPREFILTER\0000
    Service: TmPreFilter
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Trend Micro VSAPI NT
    Device ID: ROOT\LEGACY_VSAPINT\0000
    Manufacturer:
    Name: Trend Micro VSAPI NT
    PNP Device ID: ROOT\LEGACY_VSAPINT\0000
    Service: VSApiNt
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 15 ActiveX
    Adobe Photoshop Elements 10
    Adobe Photoshop Lightroom 4.4 64-bit
    Adobe Photoshop.com Inspiration Browser
    Adobe Premiere Elements 10
    Adobe Reader XI (11.0.10)
    Advanced Audio FX Engine
    Antivirus Pro
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Avira SearchFree Toolbar plus Web Protection
    BioAPI Framework
    Bonjour
    CCleaner
    ChromecastApp
    Custom
    CyberLink PowerDVD 9.6
    D3DX10
    Dell Backup and Recovery Manager
    Dell ControlVault Host Components Installer 64 bit
    Dell Data Protection | Access
    Dell Feature Enhancement Pack
    Dell System Detect
    Dell Touchpad
    Dell Webcam Central
    DellAccess
    DirectX 9 Runtime
    Elements 10 Organizer
    EMBASSY Client Core
    EPSON WorkForce 1100 Series Printer Uninstall
    Extended Asian Language font pack for Adobe Reader XI
    Gemalto
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HP FWUpdateEDO2
    HP Officejet 4620 series Basic Device Software
    HP Officejet 4620 series Help
    HP Officejet 4620 series Product Improvement Study
    HP Photo Creations
    HP Update
    HPDiagnosticCoreDll
    I.R.I.S. OCR
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 67
    Java 8 Update 25
    Java Auto Updater
    Junk Mail filter update
    Live! Cam Avatar Creator
    Malwarebytes Anti-Malware version 2.0.4.1028
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Camera Codec Pack
    Microsoft Office
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Neat
    Neat ADF Scanner 2008 Driver
    Neat ADF Scanner Driver
    Neat Core Files
    Neat Mobile Scanner (Silver) Driver
    Neat Mobile Scanner 2008 Driver
    Neat Mobile Scanner Driver
    NeatConnect Scanner Driver
    NTRU TCG Software Stack
    NVIDIA Control Panel 327.62
    NVIDIA Graphics Driver 327.62
    NVIDIA Install Application
    NVIDIA nView 140.75
    NVIDIA Optimus 1.14.17
    NVIDIA Update Components
    Paint Shop Pro 7 Anniversary Edition
    PC-CCID
    PhotoShowExpress
    PRE10STI64Installer
    Preboot Manager
    Private Information Manager
    PSE10 STI Installer
    QuickTime 7
    RBVirtualFolder64Inst
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Roxio File Backup
    Samsung_MonSetup
    SearchMe Toolbar v9.3
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596927) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2920790) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2920792) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2984942) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2817565) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2920793) 32-Bit Edition
    Send To Neat
    Shore Fishes of the Tropical Eastern Pacific
    Skype Click to Call
    Skype™ 6.20
    SmartSound Common Data
    SmartSound Premiere Elements 10 x64 Plugin
    SmartSound Sonicfire Pro 5
    Sonic CinePlayer Decoder Pack
    SPBA 5.9
    Spotify
    ST Microelectronics 3 Axis Digital Accelerometer Solution
    toolkit32for64bit
    Trusted Drive Manager
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition
    Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Upek Touchchip Fingerprint Reader
    Wave Crypto Runtime 2.0.7.0 x86
    Wave Infrastructure Installer
    Wave Support Software Installer
    WaveLoader Setup
    Windows 7 Codec Pack 4.1.0
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/20/2014 5:12:27 AM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent service failed to start due to the following error: The system cannot find the file specified.
    12/20/2014 5:12:27 AM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent Listener service failed to start due to the following error: The system cannot find the file specified.
    12/20/2014 5:12:25 AM, Error: Service Control Manager [7000] - The Trend Micro Client/Server Security Agent RealTime Scan service failed to start due to the following error: The system cannot find the file specified.
    12/20/2014 5:12:17 AM, Error: Service Control Manager [7001] - The NTRU TSS v1.2.1.37 TCS service depends on the TPM Base Services service which failed to start because of the following error: The operation completed successfully.
    12/20/2014 5:12:14 AM, Error: Service Control Manager [7001] - The Trend Micro Filter service depends on the Trend Micro PreFilter service which failed to start because of the following error: The system cannot find the file specified.
    12/20/2014 5:12:14 AM, Error: Service Control Manager [7000] - The Trend Micro VSAPI NT service failed to start due to the following error: The system cannot find the file specified.
    12/20/2014 5:12:14 AM, Error: Service Control Manager [7000] - The Trend Micro PreFilter service failed to start due to the following error: The system cannot find the file specified.
    12/20/2014 3:28:03 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    12/20/2014 3:28:03 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    12/19/2014 9:08:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell Feature Enhancement Pack Service service to connect.
    12/19/2014 9:08:40 AM, Error: Service Control Manager [7000] - The Dell Feature Enhancement Pack Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/19/2014 8:14:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TdmService with arguments "" in order to run the server: {2F723A84-FD6F-4C32-9477-391FA6EA0BB6}
    12/19/2014 8:14:02 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:14:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/19/2014 8:14:01 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/19/2014 8:14:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/19/2014 8:14:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/19/2014 8:13:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/19/2014 8:13:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avipbb avkmgr CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmlwf tmtdi vwififlt Wanarpv6 WfpLwf ws2ifsl
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Trend Micro Client/Server Security Agent Listener service depends on the Network Connections service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2014 8:13:39 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/19/2014 8:12:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.
    12/19/2014 8:12:04 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    12/19/2014 8:06:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    12/19/2014 8:05:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
    12/19/2014 8:05:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    12/19/2014 8:04:56 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
    12/19/2014 8:04:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    12/19/2014 8:03:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirSchedulerService service.
    12/19/2014 7:53:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    12/19/2014 7:52:50 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    12/19/2014 7:52:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    12/19/2014 7:51:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    12/19/2014 6:11:31 PM, Error: Ntfs [137] - The default transaction resource manager on volume E: encountered a non-retryable error and could not start. The data contains the error code.
    12/19/2014 6:11:30 PM, Error: Disk [15] - The device, \Device\Harddisk1\DR1, is not ready for access yet.
    12/18/2014 9:49:31 AM, Error: Schannel [36887] - The following fatal alert was received: 80.
    12/18/2014 1:36:18 AM, Error: Schannel [36887] - The following fatal alert was received: 20.
    12/16/2014 9:33:17 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.
    12/15/2014 11:11:50 AM, Error: Schannel [36888] - The following fatal alert was generated: 50. The internal error state is 959.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  4. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Ran RogueKiller, created a restore point and ran MBAR as admin.

    RK popped-up a web page about PUP removal (different than other machine)
    I told it to remove all flagged registry entries, but kept the google toolbar.
    System restore was disabled on this machine too. Strange. Got it started and made the restore point.

    MBAR flagged the same registry entry but again I kept it and the rest of the scan completed with no problems found. Logfiles attached.

    BTW, We're starting holiday travel tomorrow, but I'm taking the laptops with us and will stay on this until you say we are done. I just mention it because we'll be offline most of tomorrow and connecting through a different ISP starting tomorrow evening. (my in-laws have a cable modem or FIOS)

    ============================ RK log =============================

    RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com
    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : LHChow29 [Administrator]
    Mode : Delete -- Date : 12/20/2014 19:10:50
    ¤¤¤ Processes : 2 ¤¤¤
    [Suspicious.Path] VPDAgent_x64.exe -- C:\Windows\VPDAgent_x64.exe[-] -> Killed [TermProc]
    [PUP] (SVC) APNMCP -- "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"[7] -> Stopped
    ¤¤¤ Registry : 32 ¤¤¤
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7} -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [7] -> Deleted
    [PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | SearchSettings : "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [x] -> Deleted
    [PUP] (X64) HKEY_USERS\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Windows\CurrentVersion\Run | Slick Savings : "C:\Users\LHChow29\AppData\Roaming\Slick Savings\CouponsHelper.exe" [x] -> Deleted
    [PUP] (X86) HKEY_USERS\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Windows\CurrentVersion\Run | Slick Savings : "C:\Users\LHChow29\AppData\Roaming\Slick Savings\CouponsHelper.exe" -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Agent -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\APNMCP -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\APNMCP -> Deleted
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Agent -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\APNMCP -> Deleted
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Replaced (0)
    [PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57463;https=127.0.0.1:57463 -> Deleted
    [PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57463;https=127.0.0.1:57463 -> ERROR [2]
    [PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57463;https=127.0.0.1:57463 -> ERROR [2]
    [PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:57463;https=127.0.0.1:57463 -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
    [PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Replaced (0)
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Replaced (0)
    ¤¤¤ Tasks : 0 ¤¤¤
    ¤¤¤ Files : 0 ¤¤¤
    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost
    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
    ¤¤¤ Web browsers : 0 ¤¤¤
    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: HGST HTS725050A7E630 +++++
    --- User ---
    [MBR] 48119a5ee082ca640115bfbb930805ac
    [BSP] e0cc1034e4c8c189b05a04b057f59918 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 462937 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 948097024 | Size: 14001 MB
    User = LL1 ... OK
    User = LL2 ... OK

    ============================================
    RKreport_SCN_12202014_190704.log - RKreport_DEL_12202014_190947.log

    ====================== MBAR log ======================


    Malwarebytes Anti-Rootkit BETA 1.08.2.1001

    www.malwarebytes.org
    Database version: v2014.12.21.01
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17501
    LHChow29 :: LHC6430 [administrator]
    12/20/2014 7:18:44 PM
    mbar-log-2014-12-20 (19-18-44).txt
    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 440997
    Time elapsed: 9 minute(s), 23 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    Physical Sectors Detected: 0
    (No malicious items detected)
    (end)


    Thanks again for your kind assistance! We are definitely making progress. I've noticed a difference already in how quickly these machines boot and IE loads pages.

    You clearly know your stuff.... I'm impressed. (again :)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Combofix ran fine on the first try (with Avira properly disabled) The log file is attached.

    Note: On both machines, after running combofix Avira has started flagging virus activity when visiting reputable websites (such as amazon.com, techspot, etc) I'm generally following it's advice to delte/quatrantine etc and start scans when it offers to do that.

    Unless otherwise instructed, I'll turn Aviria fully off before doing what I'm told here and then return it to fully enabled before posting results or websurfing...

    Here is the combofix log for this machine:

    ComboFix 14-12-14.01 - LHChow29 12/20/2014 20:39:16.2.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8065.5271 [GMT -8:00]
    Running from: c:\users\LHChow29\Desktop\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\END
    c:\programdata\ntuser.pol
    c:\users\LHChow29\AppData\Local\Slick Savings
    c:\users\LHChow29\AppData\Local\Slick Savings\coupons.crx
    c:\users\LHChow29\AppData\Roaming\Slick Savings
    c:\users\LHChow29\AppData\Roaming\Slick Savings\coupons.xpi
    c:\users\LHChow29\AppData\Roaming\Slick Savings\coupons_2.4.crx
    c:\users\LHChow29\AppData\Roaming\Slick Savings\coupons_2.9.xpi
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-11-21 to 2014-12-21 )))))))))))))))))))))))))))))))
    .
    .
    2014-12-21 04:44 . 2014-12-21 04:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2014-12-21 04:44 . 2014-12-21 04:44 -------- d-----w- c:\users\Rwolf\AppData\Local\temp
    2014-12-21 04:44 . 2014-12-21 04:44 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-12-21 04:44 . 2014-12-21 04:44 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-12-21 02:43 . 2014-12-21 02:43 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-12-21 02:43 . 2014-12-21 02:43 -------- d-----w- c:\programdata\RogueKiller
    2014-12-20 10:17 . 2014-12-20 10:17 -------- d-----w- c:\program files\CCleaner
    2014-12-19 16:40 . 2014-12-19 16:40 -------- d-sh--w- c:\users\Rwolf\AppData\Local\EmieBrowserModeList
    2014-12-19 12:42 . 2014-12-21 03:18 135384 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-12-19 12:41 . 2014-12-21 03:17 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-12-19 12:41 . 2014-12-19 12:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-12-19 12:41 . 2014-11-21 14:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-12-17 23:41 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-12-17 23:41 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-12-10 11:25 . 2014-12-10 11:25 -------- d-----w- c:\windows\system32\appraiser
    2014-12-10 11:02 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\SysWow64\mf.dll
    2014-12-10 11:02 . 2014-10-18 02:05 4121600 ----a-w- c:\windows\system32\mf.dll
    2014-12-10 00:43 . 2014-10-30 02:03 165888 ----a-w- c:\windows\system32\charmap.exe
    2014-12-08 21:32 . 2014-12-08 21:32 -------- d-----w- c:\users\LHChow29\AppData\Local\Sonic_Solutions
    2014-12-08 21:32 . 2014-12-08 21:32 -------- d-----w- c:\users\LHChow29\AppData\Roaming\Macrovision
    2014-12-08 21:27 . 2014-12-08 21:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-12-08 21:27 . 2014-12-08 21:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-12-08 21:27 . 2014-12-08 21:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-12-08 21:27 . 2014-12-08 21:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-12-08 21:27 . 2014-12-08 21:27 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2014-12-08 21:27 . 2014-12-08 21:27 -------- d-----w- c:\program files (x86)\QuickTime
    2014-12-08 21:26 . 2014-12-08 21:26 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-12-08 21:26 . 2014-12-08 21:26 -------- d-----w- c:\program files\iTunes
    2014-12-08 21:26 . 2014-12-08 21:26 -------- d-----w- c:\program files (x86)\iTunes
    2014-12-08 21:26 . 2014-12-08 21:26 -------- d-----w- c:\program files\iPod
    2014-12-03 06:31 . 2014-12-03 06:31 227048 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-10 11:09 . 2013-07-02 07:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-10 11:09 . 2013-07-02 07:11 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-12-10 11:04 . 2013-07-01 23:38 112710672 ----a-w- c:\windows\system32\MRT.exe
    2014-11-21 14:14 . 2013-09-03 04:32 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-18 22:56 . 2014-11-18 22:56 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL
    2014-11-17 06:56 . 2014-08-06 03:33 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-11-11 03:08 . 2014-11-18 21:14 241152 ----a-w- c:\windows\system32\pku2u.dll
    2014-11-11 03:08 . 2014-11-18 21:14 728064 ----a-w- c:\windows\system32\kerberos.dll
    2014-11-11 02:44 . 2014-11-18 21:14 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
    2014-11-11 02:44 . 2014-11-18 21:14 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
    2014-10-25 01:57 . 2014-11-17 03:50 77824 ----a-w- c:\windows\system32\packager.dll
    2014-10-25 01:32 . 2014-11-17 03:50 67584 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-18 02:05 . 2014-11-17 03:50 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2014-10-18 01:33 . 2014-11-17 03:50 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2014-10-14 02:16 . 2014-11-17 03:52 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2014-10-14 02:13 . 2014-11-17 03:52 683520 ----a-w- c:\windows\system32\termsrv.dll
    2014-10-14 02:13 . 2014-11-17 03:50 3241984 ----a-w- c:\windows\system32\msi.dll
    2014-10-14 02:12 . 2014-11-17 03:52 1460736 ----a-w- c:\windows\system32\lsasrv.dll
    2014-10-14 02:09 . 2014-11-17 03:52 146432 ----a-w- c:\windows\system32\msaudite.dll
    2014-10-14 02:07 . 2014-11-17 03:52 681984 ----a-w- c:\windows\system32\adtschema.dll
    2014-10-14 01:50 . 2014-11-17 03:52 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2014-10-14 01:50 . 2014-11-17 03:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-14 01:49 . 2014-11-17 03:52 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2014-10-14 01:47 . 2014-11-17 03:52 146432 ----a-w- c:\windows\SysWow64\msaudite.dll
    2014-10-14 01:46 . 2014-11-17 03:52 681984 ----a-w- c:\windows\SysWow64\adtschema.dll
    2014-10-10 00:57 . 2014-11-17 03:50 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-07 09:30 . 2013-08-28 05:48 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-10-07 09:30 . 2013-08-28 05:47 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-10-07 09:30 . 2013-08-28 05:47 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-10-03 02:12 . 2014-11-17 03:50 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll
    2014-10-03 02:11 . 2014-11-17 03:50 284672 ----a-w- c:\windows\system32\EncDump.dll
    2014-10-03 02:11 . 2014-11-17 03:50 680960 ----a-w- c:\windows\system32\audiosrv.dll
    2014-10-03 02:11 . 2014-11-17 03:50 440832 ----a-w- c:\windows\system32\AudioEng.dll
    2014-10-03 02:11 . 2014-11-17 03:50 296448 ----a-w- c:\windows\system32\AudioSes.dll
    2014-10-03 01:44 . 2014-11-17 03:50 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll
    2014-10-03 01:44 . 2014-11-17 03:50 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll
    2014-10-03 01:44 . 2014-11-17 03:50 195584 ----a-w- c:\windows\SysWow64\AudioSes.dll
    2014-10-02 22:23 . 2014-10-02 22:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2014-10-02 22:23 . 2014-10-02 22:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2014-09-25 02:08 . 2014-10-01 09:13 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-09-25 01:40 . 2014-10-01 09:13 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
    .
    [HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2011-09-01 835224]
    "HP Officejet 4620 series (NET)"="c:\program files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 2573416]
    "Spotify Web Helper"="c:\users\LHChow29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-09-25 1245752]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-08-11 75048]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2012-02-29 133400]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-09 702768]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
    .
    c:\users\Rwolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    CodecPackUpdateChecker.lnk - c:\windows\SysWOW64\C2MP\UpdateChecker.exe [2014-8-13 48680]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Smart Settings.lnk - c:\program files\Dell\Feature Enhancement Pack\SmartSettings.exe [2012-5-8 506904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer8"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - CLKMDRV10_9EC60124
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    start [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-12-12 04:41 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-02 11:09]
    .
    2014-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 05:44]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 05:44]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006Core.job
    - c:\users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 20:20]
    .
    2014-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006UA.job
    - c:\users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30 20:20]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
    @="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
    [HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
    2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
    @="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
    [HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
    2011-12-08 15:45 139128 ----a-w- c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2012-01-26 626552]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-04-25 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-04-25 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-04-25 439064]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-02-14 1425408]
    "TdmNotify"="c:\program files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe" [2011-12-08 381296]
    "DFEPApplication"="c:\program files\Dell\Feature Enhancement Pack\DFEPApplication.exe" [2012-05-08 7078424]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
    "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2013-12-04 2747680]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <-loopback>;*.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
    Trusted Zone: dell.com
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\348627F6D6563616374773736353: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\358434F5055726C69636: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\84F4D454D293344423: NameServer = 8.8.8.8,8.8.4.4
    TCP: Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}\93630284F677162746: NameServer = 8.8.8.8,8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    c:\users\LHChow29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BlitzMediaPlayer.lnk - c:\program files (x86)\BlitzMediaPlayer\BlitzMediaPlayerApp.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_246_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_246.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-20 20:45:32
    ComboFix-quarantined-files.txt 2014-12-21 04:45
    ComboFix2.txt 2013-09-04 05:33
    .
    Pre-Run: 122,660,216,832 bytes free
    Post-Run: 122,557,071,360 bytes free
    .
    - - End Of File - - 8D05A8D4F0F31F57F45223DD2E661995
     
  7. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Scans completed. Log files below. But there is a small issue. I ran these 3 tools with Aviria fully disabled. After the last scan I rebooted and tried to re-enable Avira. Everything seems to work, but the "Enable Mail Protection" option doesn't seem to work anymore. (I have the distribution and license key for Avira available so I could reinstall it if you agree...)

    Anyway, here are the logs:

    ========================== AdwCleaner ============================

    # AdwCleaner v4.106 - Report created 21/12/2014 at 12:30:28
    # Updated 21/12/2014 by Xplode
    # Database : 2014-12-21.4 [Local]
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : LHChow29 - LHC6430
    # Running from : C:\Users\LHChow29\Desktop\adwcleaner_4.106.exe
    # Option : Clean
    ***** [ Services ] *****
    Service Deleted : YahooAUService
    ***** [ Files / Folders ] *****
    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\ProgramData\AskPartnerNetwork
    Folder Deleted : C:\ProgramData\Yahoo! Companion
    Folder Deleted : C:\ProgramData\Fighters
    Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Users\LHChow29\AppData\Local\BlitzMediaPlayer
    Folder Deleted : C:\Users\LHChow29\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\LHChow29\AppData\LocalLow\SearchMe
    Folder Deleted : C:\Users\LHChow29\AppData\LocalLow\Yahoo! Companion
    Folder Deleted : C:\Users\LHChow29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlitzMediaPlayer
    Folder Deleted : C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
    ***** [ Scheduled Tasks ] *****

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522312270}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-00A7-7A786E7484D7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{41564952-412D-5637-00A7-7A786E7484D7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
    Key Deleted : HKCU\Software\AskPartnerNetwork
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
    ***** [ Browsers ] *****
    -\\ Internet Explorer v11.0.9600.17496

    -\\ Mozilla Firefox v

    -\\ Google Chrome v39.0.2171.95
    [C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3317823&octid=EB_ORIGINAL_CTID&ISID=ME37924D0-BFE8-48D5-BEAC-2EFDDB7B6A54&SearchSource=58&CUI=&UM=5&UP=SPE5A45550-6567-40CB-A8D3-161290A0B24F&q={searchTerms}&SSPV=
    [C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3317823&octid=EB_ORIGINAL_CTID&ISID=ME37924D0-BFE8-48D5-BEAC-2EFDDB7B6A54&SearchSource=58&CUI=&UM=5&UP=SPE5A45550-6567-40CB-A8D3-161290A0B24F&q={searchTerms}&SSPV=
    *************************
    AdwCleaner[R0].txt - [8288 octets] - [21/12/2014 12:28:44]
    AdwCleaner[S0].txt - [8037 octets] - [21/12/2014 12:30:28]
    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8097 octets] ##########

    ======================= JRT.TXT ============================

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Professional x64
    Ran by LHChow29 on Sun 12/21/2014 at 12:35:01.21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services
    ~~~ Registry Values
    ~~~ Registry Keys
    ~~~ Files
    ~~~ Folders
    Successfully deleted: [Empty Folder] C:\Users\LHChow29\appdata\local\{00C6BF92-D858-45C5-9F5A-0618A944F7D3}
    Successfully deleted: [Empty Folder] C:\Users\LHChow29\appdata\local\{8DDEDD30-353B-4E8F-9066-563BF487965A}
    Successfully deleted: [Empty Folder] C:\Users\LHChow29\appdata\local\{D0DA37FF-C4E6-44AF-93AE-A1DBABD3AEC4}
    ~~~ Event Viewer Logs were cleared
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 12/21/2014 at 12:37:30.88
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    ===================== FRST.TXT ============================

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-12-2014 01
    Ran by LHChow29 (administrator) on LHC6430 on 21-12-2014 12:38:17
    Running from C:\Users\LHChow29\Desktop
    Loaded Profiles: LHChow29 & UpdatusUser (Available profiles: Rwolf & LHChow29 & UpdatusUser)
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    ==================== Processes (Whitelisted) =================
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    (Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
    (UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
    (O2Micro International) C:\Windows\System32\o2flash.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
    (Dell Inc.) C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe
    (Spotify Ltd) C:\Users\LHChow29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
    (Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 4620 series\Bin\HPNetworkCommunicator.exe

    ==================== Registry (Whitelisted) ==================
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [626552 2012-01-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-02-13] (IDT, Inc.)
    HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [381296 2011-12-08] (Wave Systems Corp.)
    HKLM\...\Run: [DFEPApplication] => C:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7078424 2012-05-08] (Dell Inc.)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
    HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2747680 2013-12-04] ()
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2011-08-11] (cyberlink)
    HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
    HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
    HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-09] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-01] (Adobe Systems Incorporated)
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\Run: [Spotify Web Helper] => C:\Users\LHChow29\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-09-24] (Spotify Ltd)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
    AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [184048 2013-12-04] (NVIDIA Corporation)
    AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156256 2013-12-04] (NVIDIA Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
    ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\Rwolf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk
    ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Dell Inc.)
    ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
    ==================== Internet (Whitelisted) ====================
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:57463;https=127.0.0.1:57463
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2077474691-1694639755-651673768-1006 -> DefaultScope {85BBC8D0-2BAD-4E65-AEA9-54A4AA4CD2AD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2077474691-1694639755-651673768-1006 -> {74B2AA8A-4B2D-4668-BA45-278BC9E57C82} URL = http://search.yahoo.com/search?p={s...e=W3i_DS,136,0_0,Search,20140519,20028,0,31,0
    SearchScopes: HKU\S-1-5-21-2077474691-1694639755-651673768-1006 -> {85BBC8D0-2BAD-4E65-AEA9-54A4AA4CD2AD} URL = https://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=888596&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2077474691-1694639755-651673768-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.10.1 64.134.255.2 64.134.255.10
    Tcpip\..\Interfaces\{3CEC9C18-DBC8-47B9-B89E-6709A41EE3F9}: [NameServer] 8.8.8.8,8.8.4.4
    FireFox:
    ========
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF Plugin HKU\S-1-5-21-2077474691-1694639755-651673768-1006: @tools.google.com/Google Update;version=3 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKU\S-1-5-21-2077474691-1694639755-651673768-1006: @tools.google.com/Google Update;version=9 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013-06-17]
    Chrome:
    =======
    CHR HomePage: Default -> https://search.yahoo.com/?type=888596&fr=spigot-yhp-ch
    CHR StartupUrls: Default -> "https://search.yahoo.com/?type=888596&fr=spigot-yhp-ch", "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: Default -> yahoo.com search
    CHR DefaultSearchURL: Default -> https://search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=888596&p={searchTerms}
    CHR DefaultSuggestURL: Default -> https://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
    CHR Profile: C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
    CHR Extension: (Google Drive) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
    CHR Extension: (YouTube) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
    CHR Extension: (Google Cast) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-30]
    CHR Extension: (Google Search) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
    CHR Extension: (Google Wallet) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
    CHR Extension: (Gmail) - C:\Users\LHChow29\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
    CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - No Path
    ==================== Services (Whitelisted) =================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
    S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [805112 2014-12-09] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-09] (Avira Operations GmbH & Co. KG)
    R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-09] (Avira Operations GmbH & Co. KG)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-08-11] (CyberLink)
    R2 DFEPService; C:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279960 2012-05-08] (Dell Inc.)
    R2 EmbassyService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [218504 2012-01-17] ()
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
    R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [5632 2014-01-03] (The Neat Company) [File not signed]
    R2 O2FLASH; C:\Windows\system32\o2flash.exe [244328 2011-11-16] (O2Micro International)
    S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1637888 2011-10-08] () [File not signed]
    R2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1679872 2012-01-05] (Wave Systems Corp.) [File not signed]
    S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [198144 2012-01-16] (Wave Systems Corp.) [File not signed]
    S2 ntrtscan; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe" [X]
    S2 svcGenericHost; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe" [X]
    S2 tmlisten; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe" [X]
    S3 TmPfw; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe" [X]
    S3 TmProxy; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe" [X]
    ==================== Drivers (Whitelisted) ====================
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-07] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-07] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-14] (Avira Operations GmbH & Co. KG)
    R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-08] (Broadcom Corporation.)
    S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2012-01-25] (Dell Inc.)
    S3 irstrtdv; C:\Windows\system32\drivers\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
    S3 ISCT; C:\Windows\system32\drivers\ISCTD64.sys [44992 2012-02-09] ()
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
    S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-21] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
    R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-04] (NVIDIA Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
    S3 ST7007; C:\Windows\system32\drivers\ST7007.sys [67696 2011-06-20] (STMicroelectronics)
    R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [68208 2011-11-04] (STMicroelectronics)
    R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
    R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-20] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 TmFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [X]
    S2 TmPreFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [X]
    S2 VSApiNt; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [X]
    ==================== NetSvcs (Whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  9. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ==================== One Month Created Files and Folders ========
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2099-02-06 00:28 - 2106-02-06 00:28 - 01238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjt4jlt.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 01050896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00525352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgrid32.ocx
    2099-02-06 00:28 - 2106-02-06 00:28 - 00415504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrepl35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBAR332.DLL
    2099-02-06 00:28 - 2106-02-06 00:28 - 00344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexch35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00294912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxbse35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd2x35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00252688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00250128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspdox35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00209608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tabctl32.ocx
    2099-02-06 00:28 - 2106-02-06 00:28 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
    2099-02-06 00:28 - 2106-02-06 00:28 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\THREED32.OCX
    2099-02-06 00:28 - 2106-02-06 00:28 - 00200496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dblist32.ocx
    2099-02-06 00:28 - 2106-02-06 00:28 - 00170865 _____ () C:\Windows\SysWOW64\Odbcjet.hlp
    2099-02-06 00:28 - 2106-02-06 00:28 - 00168720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00166672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstext35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmapi32.ocx
    2099-02-06 00:28 - 2106-02-06 00:28 - 00133904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Mfcans32.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00089360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB5DB.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00069632 _____ () C:\Windows\SysWOW64\system.mdw
    2099-02-06 00:28 - 2106-02-06 00:28 - 00047104 _____ () C:\Windows\SysWOW64\Wrkgadm.exe
    2099-02-06 00:28 - 2106-02-06 00:28 - 00044304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrpfs35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JETCOMP.exe
    2099-02-06 00:28 - 2106-02-06 00:28 - 00024848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjter35.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00020080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Winsspi.dll
    2099-02-06 00:28 - 2106-02-06 00:28 - 00006902 _____ () C:\Windows\SysWOW64\Odbcjet.cnt
    2099-02-06 00:28 - 2106-02-06 00:28 - 00006144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\W95fiber.dll
    2014-12-21 12:38 - 2014-12-21 12:38 - 00025975 _____ () C:\Users\LHChow29\Desktop\FRST.txt
    2014-12-21 12:38 - 2014-12-21 12:38 - 00000000 ____D () C:\FRST
    2014-12-21 12:37 - 2014-12-21 12:37 - 00000965 _____ () C:\Users\LHChow29\Desktop\JRT.txt
    2014-12-21 12:34 - 2014-12-21 12:34 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-21 12:28 - 2014-12-21 12:30 - 00000000 ____D () C:\AdwCleaner
    2014-12-21 12:22 - 2014-12-21 12:22 - 02122240 _____ (Farbar) C:\Users\LHChow29\Desktop\FRST64.exe
    2014-12-21 12:21 - 2014-12-21 12:21 - 02173952 _____ () C:\Users\LHChow29\Desktop\adwcleaner_4.106.exe
    2014-12-21 12:21 - 2014-12-21 12:21 - 01707646 _____ (Thisisu) C:\Users\LHChow29\Desktop\JRT.exe
    2014-12-20 20:45 - 2014-12-20 20:45 - 00021085 _____ () C:\ComboFix.txt
    2014-12-20 20:35 - 2014-12-20 20:35 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\LHChow29\Downloads\rkill.exe
    2014-12-20 18:43 - 2014-12-20 18:43 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-12-20 18:43 - 2014-12-20 18:43 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-12-20 04:22 - 2014-12-21 12:31 - 00067574 _____ () C:\Windows\PFRO.log
    2014-12-20 03:27 - 2014-12-21 12:31 - 00000336 _____ () C:\Windows\setupact.log
    2014-12-20 03:27 - 2014-12-20 03:27 - 00000000 _____ () C:\Windows\setuperr.log
    2014-12-20 02:17 - 2014-12-20 02:17 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-12-20 02:17 - 2014-12-20 02:17 - 00000000 ____D () C:\Program Files\CCleaner
    2014-12-19 08:46 - 2014-12-19 08:46 - 00000776 _____ () C:\Users\Rwolf\Desktop\SystemLog.lnk
    2014-12-19 08:40 - 2014-12-19 08:40 - 00000000 __SHD () C:\Users\Rwolf\AppData\Local\EmieBrowserModeList
    2014-12-19 08:09 - 2014-12-19 08:09 - 00000000 _____ () C:\Users\LHChow29\AppData\Local\{A5C4BC3E-B2EB-4201-B6F8-9EFECBBDEBBD}
    2014-12-19 04:42 - 2014-12-21 10:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-12-19 04:41 - 2014-12-20 19:17 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-12-19 04:41 - 2014-12-19 04:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-12-19 04:41 - 2014-12-19 04:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-12-19 04:41 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-12-17 15:41 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-12-17 15:41 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-12-16 21:19 - 2014-12-16 21:19 - 00000000 ____D () C:\Users\LHChow29\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromecast
    2014-12-16 21:18 - 2014-12-16 21:18 - 00880784 _____ (Google Inc.) C:\Users\LHChow29\Downloads\chromecastinstaller (3).exe
    2014-12-10 03:25 - 2014-12-10 03:25 - 00000000 ____D () C:\Windows\system32\appraiser
    2014-12-10 03:02 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-12-10 03:02 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-12-09 16:44 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2014-12-09 16:44 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-12-09 16:44 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2014-12-09 16:44 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-12-09 16:44 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-12-09 16:44 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-12-09 16:44 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-12-09 16:44 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-12-09 16:44 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-12-09 16:44 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-12-09 16:44 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-12-09 16:44 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-12-09 16:44 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-12-09 16:44 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-12-09 16:44 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-12-09 16:44 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-12-09 16:44 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-12-09 16:44 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-12-09 16:44 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-12-09 16:44 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-12-09 16:44 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-12-09 16:44 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-12-09 16:44 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-12-09 16:44 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-12-09 16:44 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-12-09 16:44 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-12-09 16:44 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-12-09 16:44 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-12-09 16:44 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-12-09 16:44 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-12-09 16:44 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-12-09 16:44 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-12-09 16:44 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-12-09 16:44 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-12-09 16:44 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-12-09 16:44 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-12-09 16:44 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-12-09 16:44 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-12-09 16:44 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-12-09 16:44 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-12-09 16:44 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-12-09 16:44 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-12-09 16:44 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-12-09 16:44 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-12-09 16:44 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-12-09 16:44 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-12-09 16:44 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-12-09 16:44 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-12-09 16:44 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-12-09 16:44 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-12-09 16:44 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-12-09 16:44 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-12-09 16:44 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-12-09 16:44 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-12-09 16:44 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-12-09 16:44 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-12-09 16:44 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-12-09 16:44 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-12-09 16:44 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-12-09 16:44 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
    2014-12-09 16:43 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-12-09 16:43 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-12-09 16:43 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
    2014-12-09 16:43 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
    2014-12-09 16:43 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
    2014-12-09 16:43 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
    2014-12-09 16:43 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
    2014-12-09 16:43 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
    2014-12-09 16:43 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
    2014-12-09 16:43 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
    2014-12-09 16:43 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
    2014-12-09 16:43 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
    2014-12-09 16:43 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
    2014-12-09 16:43 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
    2014-12-08 13:32 - 2014-12-08 13:32 - 00000000 ____D () C:\Users\LHChow29\AppData\Roaming\Macrovision
    2014-12-08 13:32 - 2014-12-08 13:32 - 00000000 ____D () C:\Users\LHChow29\AppData\Local\Sonic_Solutions
    2014-12-08 13:27 - 2014-12-08 13:27 - 00001852 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-12-08 13:27 - 2014-12-08 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-12-08 13:27 - 2014-12-08 13:27 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-12-08 13:26 - 2014-12-08 13:26 - 00001790 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-12-08 13:26 - 2014-12-08 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-12-08 13:26 - 2014-12-08 13:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-12-08 13:26 - 2014-12-08 13:26 - 00000000 ____D () C:\Program Files\iTunes
    2014-12-08 13:26 - 2014-12-08 13:26 - 00000000 ____D () C:\Program Files\iPod
    2014-12-08 13:26 - 2014-12-08 13:26 - 00000000 ____D () C:\Program Files (x86)\iTunes
    ==================== One Month Modified Files and Folders =======
    (If an entry is included in the fixlist, the file\folder will be moved.)
    2014-12-21 12:38 - 2009-07-13 21:13 - 00797354 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-21 12:36 - 2011-09-24 18:20 - 00000000 ____D () C:\Users\LHChow29\Documents\email
    2014-12-21 12:35 - 2013-06-17 16:54 - 01194440 _____ () C:\Windows\WindowsUpdate.log
    2014-12-21 12:32 - 2013-06-17 17:08 - 00000000 ____D () C:\ProgramData\Sonic
    2014-12-21 12:31 - 2013-10-20 21:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-21 12:31 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-21 12:09 - 2013-08-27 18:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-12-21 12:01 - 2014-04-30 12:20 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006UA.job
    2014-12-21 11:44 - 2013-10-20 21:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-21 10:43 - 2009-07-13 20:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 10:43 - 2009-07-13 20:45 - 00030896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-21 02:03 - 2011-10-16 17:19 - 00000000 ____D () C:\Users\LHChow29\Documents\Larry
    2014-12-21 02:00 - 2014-08-23 01:00 - 00000000 ____D () C:\Users\LHChow29\AppData\Local\Adobe
    2014-12-20 20:45 - 2013-09-03 20:09 - 00000000 ____D () C:\Qoobox
    2014-12-20 20:44 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
    2014-12-20 20:12 - 2014-04-30 12:20 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006Core.job
    2014-12-20 19:50 - 2013-09-03 17:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-12-20 05:10 - 2013-09-15 15:12 - 00000000 ____D () C:\Windows\SysWOW64\C2MP
    2014-12-20 04:22 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
    2014-12-20 02:57 - 2013-09-01 12:02 - 00000000 ____D () C:\Windows\Minidump
    2014-12-20 02:57 - 2012-02-28 14:51 - 00000000 ____D () C:\Windows\Panther
    2014-12-19 08:07 - 2013-07-01 18:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-12-19 04:41 - 2013-09-02 20:32 - 00000000 ____D () C:\Users\LHChow29\AppData\Roaming\Malwarebytes
    2014-12-19 04:41 - 2013-09-02 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-12-19 04:41 - 2013-09-02 20:32 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-12-16 21:19 - 2014-04-30 12:20 - 00001222 _____ () C:\Users\LHChow29\Desktop\Chromecast.lnk
    2014-12-16 21:19 - 2013-10-20 21:44 - 00000000 ____D () C:\Users\LHChow29\AppData\Local\Google
    2014-12-16 10:44 - 2013-10-03 15:17 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-12-14 22:36 - 2011-09-24 22:20 - 00000000 ____D () C:\Users\LHChow29\Documents\Invoices
    2014-12-14 03:00 - 2013-07-01 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-12-14 03:00 - 2013-07-01 18:00 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-12-13 10:55 - 2013-08-18 17:21 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-12-11 20:41 - 2013-10-20 21:45 - 00002190 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-12-10 04:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
    2014-12-10 03:25 - 2014-04-30 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-12-10 03:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-12-10 03:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
    2014-12-10 03:10 - 2013-07-01 17:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-12-10 03:09 - 2013-08-27 18:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-12-10 03:09 - 2013-07-01 23:11 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-12-10 03:09 - 2013-07-01 23:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-12-10 03:07 - 2013-07-19 01:31 - 00000000 ____D () C:\Windows\system32\MRT
    2014-12-10 03:04 - 2013-07-01 15:38 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-12-08 13:45 - 2013-06-17 17:08 - 00000000 ____D () C:\ProgramData\Roxio
    2014-12-08 13:26 - 2014-06-10 14:08 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-12-08 13:26 - 2014-06-10 14:08 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-12-03 11:04 - 2009-07-13 21:08 - 00032552 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-11-28 19:23 - 2013-07-02 05:18 - 00010240 ___SH () C:\Users\LHChow29\Thumbs.db
    2014-11-21 06:14 - 2013-09-02 20:32 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    Some content of TEMP:
    ====================
    C:\Users\LHChow29\AppData\Local\Temp\avgnt.exe
    C:\Users\LHChow29\AppData\Local\Temp\Quarantine.exe
    C:\Users\LHChow29\AppData\Local\Temp\sqlite3.dll

    ==================== Bamital & volsnap Check =================
    (There is no automatic fix for files that do not pass verification.)
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2014-12-15 00:11
    ==================== End Of Log ============================
     
  10. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ========================= Addition.txt =================================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2014 01
    Ran by LHChow29 at 2014-12-21 12:38:50
    Running from C:\Users\LHChow29\Desktop
    Boot Mode: Normal
    ==========================================================

    ==================== Security Center ========================
    (If an entry is included in the fixlist, it will be removed.)
    AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    ==================== Installed Programs ======================
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
    Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
    Adobe Photoshop.com Inspiration Browser (HKLM-x32\...\PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1) (Version: 3.07 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
    Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
    Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
    Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
    Antivirus Pro (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
    Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    Avira SearchFree Toolbar plus Web Protection (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0202}) (Version: 12.2.2.663 - Ask Partner Network)
    BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
    ChromecastApp (HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1383.0 - Google Inc.)
    Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
    CyberLink PowerDVD 9.6 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.6.1.4418 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery Manager (HKLM\...\{50B4B603-A4C6-4739-AE96-6C76A0F8A388}) (Version: 1.3.1 - Dell Inc.)
    Dell ControlVault Host Components Installer 64 bit (Version: 2.2.123.393 - Broadcom Corporation) Hidden
    Dell Data Protection | Access (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 2.2.00003.009 - Dell Inc.)
    Dell Feature Enhancement Pack (HKLM\...\{992D1CE7-A20F-4AB0-9D9D-AFC3418844DA}) (Version: 2.2.000 - Dell)
    Dell System Detect (HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\9204f5692a8faf3b) (Version: 5.1.0.41 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1211.101.114 - ALPS ELECTRIC CO., LTD.)
    Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
    DellAccess (Version: 01.01.00.104 - Wave Systems Corp.) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    EMBASSY Client Core (Version: 01.01.00.036 - Wave Systems Corp.) Hidden
    EPSON WorkForce 1100 Series Printer Uninstall (HKLM\...\EPSON WorkForce 1100 Series) (Version: - SEIKO EPSON Corporation)
    Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000049}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Gemalto (Version: 01.64.01.0010 - Wave Systems Corp) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
    HP Officejet 4620 series Basic Device Software (HKLM\...\{B411AD10-1BC9-4939-8848-BC5E66F662B7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Officejet 4620 series Help (HKLM-x32\...\{606C37AB-EB04-4270-A592-201A03C2DB36}) (Version: 6.0.0 - Hewlett Packard)
    HP Officejet 4620 series Product Improvement Study (HKLM\...\{83F51BBA-48BE-4BB6-B96A-F4AAE4C462F9}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
    I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6388.0 - IDT)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
    Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
    iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Camera Codec Pack (HKLM\...\{0CEAE836-900A-491F-8BCF-5E3B94C29489}) (Version: 16.4.1899.0416 - Microsoft Corporation)
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Neat (HKLM-x32\...\Neat) (Version: 5.4.1.273 - The Neat Company)
    Neat ADF Scanner 2008 Driver (HKLM\...\{8A2BC7D4-A7D3-45D5-B3D2-394718C53C41}) (Version: 2.0.1.5 - The Neat Company)
    Neat ADF Scanner Driver (HKLM\...\{A55F1206-BFA7-4027-92B8-CE4EFDBC3CF2}) (Version: 2.0.2.1 - The Neat Company)
    Neat Core Files (x32 Version: 5.4.1.273 - The Neat Company) Hidden
    Neat Mobile Scanner (Silver) Driver (HKLM\...\{D1108D4B-72F8-419F-88C5-ABB8DC09B3C7}) (Version: 2.0.1.5 - The Neat Company)
    Neat Mobile Scanner 2008 Driver (HKLM\...\{DDE25FC9-892D-4D24-9325-3BAA5C15ACA9}) (Version: 2.0.1.4 - The Neat Company)
    Neat Mobile Scanner Driver (HKLM\...\{7EA2D88A-C8B7-4102-8644-0A437B6FC143}) (Version: 2.0.1.2 - The Neat Company)
    NeatConnect Scanner Driver (HKLM\...\{6895EF47-6BD8-468E-BA09-B33636C65B7C}) (Version: 2.0.2.26 - The Neat Company)
    NTRU TCG Software Stack (Version: 2.1.37 - Security Innovation, Inc.) Hidden
    NVIDIA Graphics Driver 327.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.62 - NVIDIA Corporation)
    NVIDIA nView 140.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.75 - NVIDIA Corporation)
    Paint Shop Pro 7 Anniversary Edition (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
    PC-CCID (Version: 2.0.0 - Gemalto) Hidden
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
    Preboot Manager (Version: 03.03.00.090 - Wave Systems Corp.) Hidden
    Private Information Manager (Version: 07.01.00.030 - Wave Systems Corp.) Hidden
    PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
    SearchMe Toolbar v9.3 (HKLM-x32\...\{2711C4F6-0B26-4C38-A615-664331CAD807}) (Version: 9.3 - Spigot, Inc.) <==== ATTENTION
    Send To Neat (HKLM\...\{237E305C-B625-466A-88CE-1E121BF4FDB1}) (Version: 1.1.0.0 - The Neat Company)
    Shore Fishes of the Tropical Eastern Pacific (HKLM-x32\...\{B734B07C-2477-11D6-8A51-0000E8850408}) (Version: 01.00.0000 - Vagabond Odyssey)
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
    Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
    SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    SPBA 5.9 (Version: 5.9.4.6901 - UPEK Inc.) Hidden
    Spotify (HKU\S-1-5-21-2077474691-1694639755-651673768-1006\...\Spotify) (Version: 0.9.13.24.g5dbb3103 - Spotify AB)
    ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0016 - ST Microelectronics)
    toolkit32for64bit (x32 Version: 7.67.47.0000 - Wave Systems Corp) Hidden
    Trusted Drive Manager (Version: 4.5.0.136 - Wave Systems Corp.) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
    Wave Crypto Runtime 2.0.7.0 x86 (x32 Version: 02.00.07.0000 - Wave Systems Corp) Hidden
    Wave Infrastructure Installer (Version: 07.67.60.0020 - Wave Systems Corp) Hidden
    Wave Support Software Installer (Version: 05.13.00.051 - Wave Systems Corp) Hidden
    WaveLoader Setup (HKLM-x32\...\WaveLoader Setup) (Version: - )
    Windows 7 Codec Pack 4.1.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.1.0 - Windows 7 Codec Pack)
    Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
    ==================== Custom CLSID (selected items): ==========================
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    ==================== Restore Points =========================
    20-12-2014 19:16:21 Save before running MBAR (under TechSpot guidance)
    ==================== Hosts content: ==========================
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    2009-07-13 18:34 - 2014-12-20 20:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost
    ==================== Scheduled Tasks (whitelisted) =============
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    Task: {35FEDC36-14EE-458F-A99F-33B4D0EAB585} - System32\Tasks\{73D8FE75-4C99-42C9-9ECA-F5DCB2FB7DF9} => C:\Program Files\Windows Media Components\Tools\WMAL2PCM\wmal2pcm.exe
    Task: {4F574299-C7B7-4560-920F-6995C105B466} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
    Task: {8B05F2BE-C8E0-4865-AB37-FD05BE5D0F12} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
    Task: {ADC4F14D-C5EB-4530-812F-041A58164338} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006Core => C:\Users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
    Task: {BE959265-7FDC-4D76-B266-4DEA46E719DE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006UA => C:\Users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe [2014-04-30] (Google Inc.)
    Task: {C616C354-B637-4133-9B18-8EB80C7F53DB} - System32\Tasks\AdobeAAMUpdater-1.0-LHC6430-LHChow29 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
    Task: {CB890F4F-6F51-4304-85D7-B7B6D7352C88} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
    Task: {E4FABDE7-8E04-4FCB-B239-27E71C64DA1B} - System32\Tasks\{68AD91EF-2120-4704-9E6C-7D05C80D6B16} => pcalua.exe -a C:\Users\LHChow29\Downloads\wmal2pcm_setup.exe -d C:\Users\LHChow29\Downloads
    Task: {F836F007-7D58-4D9C-80E4-BF551E0E5EFE} - System32\Tasks\HPCustParticipation HP Officejet 4620 series => C:\Program Files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {FD5096FA-7A85-49CB-B00E-B76355F4A1A7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-20] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006Core.job => C:\Users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2077474691-1694639755-651673768-1006UA.job => C:\Users\LHChow29\AppData\Local\Google\Update\GoogleUpdate.exe
    ==================== Loaded Modules (whitelisted) =============
    2013-10-03 15:07 - 2013-06-25 08:08 - 00054784 _____ () C:\Windows\System32\sdtnpm.dll
    2013-06-17 18:51 - 2013-10-28 15:38 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2012-01-17 04:45 - 2012-01-17 04:45 - 00218504 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
    2012-01-17 04:45 - 2012-01-17 04:45 - 00038792 _____ () C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\DeviceStatus.dll
    2011-10-08 19:56 - 2011-10-08 19:56 - 00003072 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
    2011-11-07 04:55 - 2011-11-07 04:55 - 00094720 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
    2006-12-08 12:42 - 2013-06-17 17:35 - 00155136 _____ () C:\Windows\system32\BioAPI100.dll
    2006-12-08 12:41 - 2013-06-17 17:35 - 00239104 _____ () C:\Windows\system32\BIOAPI_MDS300.dll
    2013-06-17 19:39 - 2012-03-26 14:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-11-17 07:35 - 2010-11-17 07:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2013-10-03 15:07 - 2013-06-25 08:08 - 00018944 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sdtnui.dll
    2014-04-23 15:05 - 2014-04-23 15:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2010-11-24 19:44 - 2010-11-24 19:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2014-10-16 02:52 - 2014-10-16 02:52 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
    2013-06-17 17:31 - 2011-11-29 17:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
    2013-06-17 17:50 - 2012-02-21 11:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    ==================== Alternate Data Streams (whitelisted) =========
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    ==================== Safe Mode (whitelisted) ===================
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    ==================== EXE Association (whitelisted) =============
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

    ==================== MSCONFIG/TASK MANAGER disabled items =========
    (Currently there is no automatic fix for this section.)

    ========================= Accounts: ==========================
    Administrator (S-1-5-21-2077474691-1694639755-651673768-500 - Administrator - Disabled)
    Guest (S-1-5-21-2077474691-1694639755-651673768-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2077474691-1694639755-651673768-1004 - Limited - Enabled)
    LHChow29 (S-1-5-21-2077474691-1694639755-651673768-1006 - Administrator - Enabled) => C:\Users\LHChow29
    Rwolf (S-1-5-21-2077474691-1694639755-651673768-1005 - Administrator - Enabled) => C:\Users\Rwolf
    UpdatusUser (S-1-5-21-2077474691-1694639755-651673768-1007 - Limited - Enabled) => C:\Users\UpdatusUser
    ==================== Faulty Device Manager Devices =============
    Name: Trend Micro VSAPI NT
    Description: Trend Micro VSAPI NT
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: VSApiNt
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    Name: Trend Micro PreFilter
    Description: Trend Micro PreFilter
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: TmPreFilter
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.

    ==================== Event log errors: =========================
    Application errors:
    ==================
    System errors:
    =============
    Microsoft Office Sessions:
    =========================
    Error: (08/05/2014 02:56:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 111067 seconds with 4440 seconds of active time. This session ended with a crash.

    CodeIntegrity Errors:
    ===================================
    Date: 2014-12-20 20:44:02.835
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
    Date: 2014-12-20 20:44:02.820
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================
    Processor: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
    Percentage of memory in use: 32%
    Total physical RAM: 8065.43 MB
    Available physical RAM: 5459.23 MB
    Total Pagefile: 16129.03 MB
    Available Pagefile: 13608.26 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    ==================== Drives ================================
    Drive c: (LHC6430) (Fixed) (Total:452.09 GB) (Free:113.63 GB) NTFS
    ==================== MBR & Partition Table ==================
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A474A827)
    Partition 1: (Not Active) - (Size=452.1 GB) - (Type=07 NTFS)
    Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    [​IMG] Uninstall SearchMe Toolbar.

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Problem: I try to uninstall the SearchMe toolbar and it complains that it can't find the original installation files. The exact error message is "The path 'C:\Users\LHChow29\AppData\Local\Temp\{4CA3FE02-4E36-9E58-4E3EE4087611}\searchmeToolbar.msi' cannot be found. Verify that you have access to this location and try again or try to find the installation package 'searchmeToolbar.msi' in a folder from which you can install the product SearchMe Toolbar v9.3"

    Any suggestion on how to force an uninstall? I'd hate to have to find and download this craplet just so I can delete it again....

    Should I go ahead with the fixlist.txt run or wait until this gets unistalled?

    Note: I have a plane to catch so I'll be offline for the next 6-8 hours...

    Thanks again for all your help!

    One way or another, I'll have a new set of scan result for you by the morning...

    Best regards, Ralph Wolf
     
  13. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    It look like just registry leftover.
    I just adjusted "fixlist.txt" accordingly.
    You can run it now.
     
  14. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Created restore point.
    Got the latest "fixslist.txt" (fixed a typo to remove the 's'. Then the program could find it)

    Unfortunately I get a run time error: "Line 9871 (File "C:\Users\LHChow29\Desktop\FRST64.exe"): Error: Error in expression.

    Can you have a look at that and see what went wrong? (I'd take a look and guess, but I'm not sure how dire the consequences are if I guess wrong)
     
  15. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    One other question: What should I do about the "Enable Mail Protection" option in Avira no longer working? (I tried 2 or 3 ways to turn it back on, including a full reboot & retry. It just hangs for 5 minutes or so when I try and then goes back to not being enabled but being otherwise apparently functional)

    Should I uninstall and reinstall the Virus SW? (I think I have everything I need to do that, but don't want to go rogue on you.... )
     
  16. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    I'm sorry for misspelling "fixlist".
    I corrected it.

    There was a bug in FRST, corrected by now.
    Delete your FRST file and download fresh one:
    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    As for Avira I suggest you reinstall it.
     
  17. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Hey cool that we found a bug... we made the worth a slightly better place. :) I'll check the new & improved FRST and fixlist and see how it goes. Will save the reinstall for after. Back in a bit....
     
  18. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Okay, after a fresh download it worked. (Avira & MWB off, etc)

    Here is the log file:



    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-12-2014 01
    Ran by LHChow29 at 2014-12-23 00:30:01 Run:3
    Running from C:\Users\LHChow29\Desktop
    Loaded Profiles: LHChow29 & UpdatusUser (Available profiles: Rwolf & LHChow29 & UpdatusUser)
    Boot Mode: Normal
    ==============================================
    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:57463;https=127.0.0.1:57463
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2077474691-1694639755-651673768-1007 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    CHR HKLM-x32\...\Chrome\Extension: [eihhgekonheiliaidomffpplfhecmkag] - No Path
    S2 ntrtscan; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\ntrtscan.exe" [X]
    S2 svcGenericHost; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe" [X]
    S2 tmlisten; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\tmlisten.exe" [X]
    S3 TmPfw; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPfw.exe" [X]
    S3 TmProxy; "C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmProxy.exe" [X]
    BHO: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    C:\Program Files (x86)\Trend Micro
    BHO-x32: TmIEPlugInBHO Class -> {1CA1377B-DC1D-4A52-9585-6E06050FAC53} -> C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
    Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll (Trend Micro Inc.)
    Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll (Trend Micro Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
    FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension [2013-06-17]
    R1 tmlwf; C:\Windows\System32\DRIVERS\tmlwf.sys [196688 2010-11-08] (Trend Micro Inc.)
    R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [108624 2010-11-08] (Trend Micro Inc.)
    R2 tmwfp; C:\Windows\System32\DRIVERS\tmwfp.sys [338000 2010-11-08] (Trend Micro Inc.)
    C:\Windows\System32\DRIVERS\tmlwf.sys
    C:\Windows\System32\DRIVERS\tmtdi.sys
    C:\Windows\System32\DRIVERS\tmwfp.sys
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 TmFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmXPFlt.sys [X]
    S2 TmPreFilter; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\TmPreFlt.sys [X]
    S2 VSApiNt; \??\C:\Program Files (x86)\Trend Micro\Client Server Security Agent\VSApiNt.sys [X]
    C:\Users\LHChow29\AppData\Local\Temp\avgnt.exe
    C:\Users\LHChow29\AppData\Local\Temp\Quarantine.exe
    C:\Users\LHChow29\AppData\Local\Temp\sqlite3.dll
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
    CustomCLSID: HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\LHChow29\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2711C4F6-0B26-4C38-A615-664331CAD807}"
    *****************
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006\SOFTWARE\Policies\Microsoft\Internet Explorer => Key not found.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1007\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eihhgekonheiliaidomffpplfhecmkag => Key not found.
    ntrtscan => Service not found.
    svcGenericHost => Service not found.
    tmlisten => Service not found.
    TmPfw => Service not found.
    TmProxy => Service not found.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key not found.
    HKCR\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key not found.
    "C:\Program Files (x86)\Trend Micro" => File/Directory not found.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key not found.
    HKCR\Wow6432Node\CLSID\{1CA1377B-DC1D-4A52-9585-6E06050FAC53} => Key not found.
    HKCR\PROTOCOLS\Handler\tmpx => Key not found.
    HKCR\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
    HKCR\Wow6432Node\PROTOCOLS\Handler\tmpx => Key not found.
    HKCR\Wow6432Node\CLSID\{0E526CB5-7446-41D1-A403-19BFE95E8C23} => Key not found.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} => Value not found.
    C:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension not found.
    tmlwf => Service not found.
    tmtdi => Service not found.
    tmwfp => Service not found.
    "C:\Windows\System32\DRIVERS\tmlwf.sys" => File/Directory not found.
    "C:\Windows\System32\DRIVERS\tmtdi.sys" => File/Directory not found.
    "C:\Windows\System32\DRIVERS\tmwfp.sys" => File/Directory not found.
    catchme => Service not found.
    TmFilter => Service not found.
    TmPreFilter => Service not found.
    VSApiNt => Service not found.
    C:\Users\LHChow29\AppData\Local\Temp\avgnt.exe => Moved successfully.
    "C:\Users\LHChow29\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\LHChow29\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => Key not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => Key not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => Key not found.
    HKU\S-1-5-21-2077474691-1694639755-651673768-1006_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => Key not found.
    ========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2711C4F6-0B26-4C38-A615-664331CAD807}" =========
    Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2711C4F6-0B26-4C38-A615-664331CAD807} (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

    ========= End of Reg: =========

    ==== End of Fixlog 00:30:01 ====
     
  19. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    I'll go see about that reinstall of Avira.

    Question: In normal operation, do Malware bytes & Avira play nice together with all their real-time protection features enabled? I guess I'm wondering if the combination is superior to, simply redundant with, or actually inferior to running Avira by itself?
     
  20. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Well that was entertaining... The uninstall of Avira went as expected and it asked for a reboot, so I did. It got as far as the Win7 sign in page, but there it got hung up. (cursor frozen, keyboard does nothing, fan going full blast...) I ended up crashing it with the power button and then running chkdsk and rebooting a few more times. That all went as expected.

    I went berserk and also uninstalled the "Dell Feature Enhancement Pack" because it kept trying to sell me a new battery.

    Anyway, Avira works well again.

    What's next?
     
  21. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    Just to be clear, the Avira reinstall itself was uneventful.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    MBAM works fine with any AV program.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  23. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    ==================== Checkup.txt =======================


    Results of screen317's Security Check version 0.99.93
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Avira Desktop
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java 7 Update 67
    Java 8 Update 25
    Java version 32-bit out of Date!
    Adobe Reader XI
    Google Chrome (39.0.2171.71)
    Google Chrome (39.0.2171.95)
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Avira Antivir avguard.exe
    Malwarebytes Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````


    ==================== FSS.txt ================================


    Farbar Service Scanner Version: 21-07-2014
    Ran by LHChow29 (administrator) on 24-12-2014 at 01:17:19
    Running from "C:\Users\LHChow29\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============

    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    Other Services:
    ==============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****
     
  24. Rwolf01

    Rwolf01 TS Enthusiast Topic Starter Posts: 127

    SVRT reports no threats found...

    Oh mama can this really be the end?
    To be stuck on Staten Island with the PC Blues again.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,884   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...