Solved Trogen detection

S

soderquist1

Posts: 31   +0
I did the virus scan first like suggested and it detected TR/Crypt.XPACK.Gen3 + ADWARE/Dealply.gen
and the malware detected trojan.fakeMS.ED, and Trojan.Miuref
only issue is it never saved the log for some reason so I cleared the logs and rescanned and this time it showed nothing but I posted them anyways like you asked.
I will be doing step 3 and 4 shortly so I will repost when im done.

I also herd back from avira my anti-virus and they said avira pro I got is the new name and interface for the suite and is the successor product of suite. I was finally able to get my anti-virus to update and I did update my malware prior to the scan then went offline shortly after so this virus/malware cant access the internet.

I do still get notifications shortly after going online that mbam has blocked the following..
91.195.10.91 port 6881 process c:windows/explorer.exe


Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 23/10/2014 1:42:06 PM, SYSTEM, DALE-ASUS, Manual, Failed, Unable to access update server,
Scan, 23/10/2014 1:57:44 PM, SYSTEM, DALE-ASUS, Manual, Start:23/10/2014 1:42:06 PM, Duration:15 min 38 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)
 

Attachments

  • malware log.txt
    343 bytes · Views: 1
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by dale at 14:27:08 on 2014-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5337 [GMT -7:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\FSP\fspuip.exe
C:\Windows\system32\RunDLL32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files\Nightly\firefox.exe
C:\Program Files\Nightly\plugin-container.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 70.28.245.227 184.151.118.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
FF - prefs.js: browser.search.selectedEngine - My Online Search
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.enabled - false
FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
2014-10-21 20:16:21 -------- d-----w- C:\Perl64
2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 14:28:04.29 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/11/2011 5:18:08 PM
System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G74Sx
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 192.742 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
G: is CDROM (UDF)
H: is Removable
R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
RP424: 20/10/2014 4:01:25 PM - Windows Update
RP425: 20/10/2014 4:04:11 PM - Windows Update
RP426: 20/10/2014 4:23:33 PM - Windows Backup
RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Antivirus Pro
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G74 Series_ENG
AsusVibe2.0
ATK Package
Avira System Speedup
Bell Mobile Broadband Drivers
BitTorrent
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dropbox
eReg
Finger Sensing Pad Driver
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
InstallVC90Support
Intel(R) Control Center
Intel(R) Management Engine Components
Java 7 Update 67 (64-bit)
Java SE Development Kit 7 Update 67 (64-bit)
Junk Mail filter update
LG USB Modem driver
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Connect
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nightly 33.0a1 (x64 en-US)
NVIDIA 3D Vision Driver 344.11
NVIDIA Control Panel 344.11
NVIDIA GeForce Experience 2.1.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.11
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.42
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.42
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RoboForm 7-9-8-5 (All Users)
RuneScape Launcher 1.2.3
SAMSUNG Intelli-studio
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype Click to Call
Skype™ 6.18
syncables desktop SE
THX TruStudio
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinFlash
WinRAR 4.20 (32-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
.
==== End Of File ===========================
 
trojan.agent.FF detected shortly after turning on internet.

and sorry about them 2 posts I never saw the second note uptil after I posted the results.
anyways I made sure I disabled all protection then re-scanned. I never use a specialty product before for scanning :x

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by dale at 14:48:51 on 2014-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5203 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\FSP\fspuip.exe
C:\Windows\system32\RunDLL32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Nightly\firefox.exe
C:\Program Files\Nightly\plugin-container.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 70.28.245.227 184.151.118.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
FF - prefs.js: browser.search.selectedEngine - My Online Search
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.enabled - false
FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
2014-10-21 20:16:21 -------- d-----w- C:\Perl64
2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 14:49:02.45 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/11/2011 5:18:08 PM
System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G74Sx
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 192.741 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
G: is CDROM (UDF)
H: is Removable
R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
RP424: 20/10/2014 4:01:25 PM - Windows Update
RP425: 20/10/2014 4:04:11 PM - Windows Update
RP426: 20/10/2014 4:23:33 PM - Windows Backup
RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Antivirus Pro
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G74 Series_ENG
AsusVibe2.0
ATK Package
Avira System Speedup
Bell Mobile Broadband Drivers
BitTorrent
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dropbox
eReg
Finger Sensing Pad Driver
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
InstallVC90Support
Intel(R) Control Center
Intel(R) Management Engine Components
Java 7 Update 67 (64-bit)
Java SE Development Kit 7 Update 67 (64-bit)
Junk Mail filter update
LG USB Modem driver
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Connect
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nightly 33.0a1 (x64 en-US)
NVIDIA 3D Vision Driver 344.11
NVIDIA Control Panel 344.11
NVIDIA GeForce Experience 2.1.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.11
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.42
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.42
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RoboForm 7-9-8-5 (All Users)
RuneScape Launcher 1.2.3
SAMSUNG Intelli-studio
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype Click to Call
Skype™ 6.18
syncables desktop SE
THX TruStudio
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinFlash
WinRAR 4.20 (32-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
.
==== End Of File ===========================

I see logmein is on the report I uninstalled that a quite awhile ago before comming to this site so im not sure y it still shows up
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : dale [Administrator]
Mode : Delete -- Date : 10/23/2014 19:29:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 23 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA} -> Deleted
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\Run | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\Run | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> ERROR [2]
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> ERROR [2]
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Control Panel\Desktop | SCRNSAVE.EXE : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Replaced (C:\Windows\system32\logon.scr)
[HJ.AutoRun] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> Replaced ()
[HJ.AutoRun] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> Replaced ()

¤¤¤ Tasks : 5 ¤¤¤
[Suspicious.Path] DSite.job -- C:\Users\dale\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted
[Suspicious.Path] \\ASUS Patch 10430001 -- C:\Windows\AsPatch10430001.exe (-e) -> Deleted
[Suspicious.Path] \\dale -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\dale\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\dale.nji") -> Deleted
[Suspicious.Path] \\dale Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\dale\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\dale Merge.nji") -> Deleted
[Suspicious.Path] \\DSite -- C:\Users\dale\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] eventcreate.lnk -- C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eventcreate.lnk [LNK@] C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] w6cc8k2q.default : user_pref("browser.startup.homepage", "www.google.ca"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9750420AS +++++
--- User ---
[MBR] 11a63cf61758b3bfca216e89802736e0
[BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 25600 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST9750420AS +++++
--- User ---
[MBR] b17efdbde997cde13963cd71a27bec4c
[BSP] e6c2cebec9d5914c6fe029aa4b621d92 : HP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 357688 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: SanDisk SanDisk Ultra USB Device +++++
--- User ---
[MBR] b5bdf4860e35110f13c3c1534367a8cd
[BSP] 5b78b3a367da6d46f8e3b2d0c3e9f6c0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 29553 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_SCN_10232014_192745.log
 
2 more files were produced dds and another lables attach. looks like it removed my program that was instlled from my internet stick but im still able to connect with it so thats all that matters atm. anyways here are the other 2 from roguekiller and ill repost when im done the next part (also I did disable my anti-v also and such jut like before)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by dale at 14:48:51 on 2014-10-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5203 [GMT -7:00]
.
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
C:\Windows\SysWow64\perfhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\FSP\fspuip.exe
C:\Windows\system32\RunDLL32.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\Program Files\Nightly\firefox.exe
C:\Program Files\Nightly\plugin-container.exe
C:\program files (x86)\avira\antivir desktop\avcenter.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.ca/
uDefault_Page_URL = hxxp://asus.msn.com
uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
TCP: NameServer = 70.28.245.227 184.151.118.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
FF - prefs.js: browser.search.selectedEngine - My Online Search
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.enabled - false
FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
.
=============== Created Last 30 ================
.
2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
2014-10-21 20:16:21 -------- d-----w- C:\Perl64
2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
.
==================== Find3M ====================
.
2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
.
============= FINISH: 14:49:02.45 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/11/2011 5:18:08 PM
System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | G74Sx
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 192.741 GiB free.
D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
G: is CDROM (UDF)
H: is Removable
R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
==== System Restore Points ===================
.
RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
RP424: 20/10/2014 4:01:25 PM - Windows Update
RP425: 20/10/2014 4:04:11 PM - Windows Update
RP426: 20/10/2014 4:23:33 PM - Windows Backup
RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
.
==== Installed Programs ======================
.
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Antivirus Pro
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS USB Charger Plus
ASUS Virtual Camera
ASUS WebStorage
AsusScr_G74 Series_ENG
AsusVibe2.0
ATK Package
Avira System Speedup
Bell Mobile Broadband Drivers
BitTorrent
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Dropbox
eReg
Finger Sensing Pad Driver
Fresco Logic USB3.0 Host Controller
Galeria de Fotografias do Windows Live
Galerie de photos Windows Live
Galería fotográfica de Windows Live
Google Chrome
Google Update Helper
InstallVC90Support
Intel(R) Control Center
Intel(R) Management Engine Components
Java 7 Update 67 (64-bit)
Java SE Development Kit 7 Update 67 (64-bit)
Junk Mail filter update
LG USB Modem driver
Logitech SetPoint 6.61
Malwarebytes Anti-Malware version 2.0.3.1025
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 365 - en-us
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mobile Connect
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Nightly 33.0a1 (x64 en-US)
NVIDIA 3D Vision Driver 344.11
NVIDIA Control Panel 344.11
NVIDIA GeForce Experience 2.1.2
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 344.11
NVIDIA HD Audio Driver 1.3.32.1
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.13.42
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.13.42
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.25
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Reader Driver
RoboForm 7-9-8-5 (All Users)
RuneScape Launcher 1.2.3
SAMSUNG Intelli-studio
Seagate Dashboard
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
Skype Click to Call
Skype™ 6.18
syncables desktop SE
THX TruStudio
Windows Live
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinFlash
WinRAR 4.20 (32-bit)
Wireless Console 3
.
==== Event Viewer Messages From Past Week ========
.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
.
==== End Of File ===========================
 
Umm by the looks of that report am I suppose to stay online while I use these programs so the programs can use the internet if needed? im doing all scans offline atm unless um told to be connected during the scan processes just as a precaution so this so called trogen cant access the internet unless thats what you need so a program can catch it? also I have bin turning off all security just like before so if I do go online I feel better to make sure there on first. if you really can help fix all my issues then I prob will donate a bit to you just to show my appreciation :)

also if you need me to scan with my av again then asa heads up it usualy takes 3-4h ish to scan everything because for some reason this computer came with a lot of files right off the bat. so far making a new backup take a bit of time also but not to bad maybe about 15-20min give it take.
 
K the scan just finished so here you goand yes I restarted my computer after the scan prior to posting because it did detect 1 malware

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
dale :: DALE-ASUS [administrator]

23/10/2014 8:35:39 PM
mbar-log-2014-10-23 (20-35-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 318026
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe (Trojan.FakeMS.ED) -> Delete on reboot. [635eef280b716fc7c01e498cbb46bd43]

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8565989376, free: 4359966720

Downloaded database version: v2014.10.24.01
Canceled update
Downloaded database version: v2014.10.24.01
Downloaded database version: v2014.10.22.01
Initializing...
======================
------------ Kernel report ------------
10/23/2014 20:34:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\qmpvp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\rdpdispm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\fspad_win764.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\msiscsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007839060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007203050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80077e3790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007205050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80077e32c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80072014c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007205050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38601C96

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 52430848 Numsec = 586057728
Partition file system is NTFS
Partition is bootable

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 638488576 Numsec = 826656768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007839ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007201e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007203050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 732545024

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 732547072 Numsec = 732602096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe --> [Trojan.FakeMS.ED]
Scan finished
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
Last edited:
No detections :)

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.10.24.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
dale :: DALE-ASUS [administrator]

23/10/2014 9:12:25 PM
mbar-log-2014-10-23 (21-12-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 318443
Time elapsed: 13 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8565989376, free: 4359966720

Downloaded database version: v2014.10.24.01
Canceled update
Downloaded database version: v2014.10.24.01
Downloaded database version: v2014.10.22.01
Initializing...
======================
------------ Kernel report ------------
10/23/2014 20:34:41
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\drivers\qmpvp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\avfwot.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\rdpdispm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\fspad_win764.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\drivers\msiscsi.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\NWADIenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\ew_jubusenum.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\MBfilt64.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LEqdUsb.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LHidEqd.Sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\??\C:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\gdi32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\nsi.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\advapi32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\clbcatq.dll
\Windows\System32\usp10.dll
\Windows\System32\kernel32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\shell32.dll
\Windows\System32\urlmon.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\ole32.dll
\Windows\System32\lpk.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\userenv.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\System32\profapi.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8007839060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-2\
Lower Device Object: 0xfffffa8007203050
Lower Device Driver Name: \Driver\iaStor\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80077e3790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8007205050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80077e32c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80072014c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007205050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38601C96

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 52430848 Numsec = 586057728
Partition file system is NTFS
Partition is bootable

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 638488576 Numsec = 826656768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007839ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007201e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8007203050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 732545024

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 732547072 Numsec = 732602096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe --> [Trojan.FakeMS.ED]
Scan finished
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17358

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8565989376, free: 5644705792

Initializing...
======================
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38601C96

Partition information:

Partition 0 type is Other (0xc)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 52428800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 52430848 Numsec = 586057728
Partition file system is NTFS
Partition is bootable

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 638488576 Numsec = 826656768

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: BBC58B91

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 732545024

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 732547072 Numsec = 732602096

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished
 
So far my computer has bin running noticeably better and no more random detections shortly after internet connnection or any random windows saying copying files. but like your rules stated its not completly gone until you confirm it so I will keep checking back here to see what else you need me to do :)
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Worked with no problems. only thing is now my start menu button doesnt look the way it normally does but still works normaly. do you still need me to run roadkill again?

ComboFix 14-10-24.01 - dale 24/10/2014 16:46:18.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6124 [GMT -7:00]
Running from: c:\users\dale\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\dale\AppData\Roaming\SearchProtect
c:\users\dale\AppData\Roaming\SearchProtect\bin\rep.dat
c:\windows\AsPatch10430001.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-09-24 to 2014-10-24 )))))))))))))))))))))))))))))))
.
.
2014-10-24 23:54 . 2014-10-24 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-24 21:40 . 2014-10-24 21:42 -------- d-----w- c:\programdata\TweakBit
2014-10-24 21:40 . 2014-10-24 21:41 -------- d-----w- c:\program files (x86)\TweakBit
2014-10-24 21:39 . 2014-10-24 21:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-24 21:38 . 2014-10-24 21:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1EE365-684A-4C16-BDA3-477242CD53BB}\offreg.dll
2014-10-24 21:33 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1EE365-684A-4C16-BDA3-477242CD53BB}\mpengine.dll
2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\users\dale\AppData\Local\VS Revo Group
2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\programdata\VS Revo Group
2014-10-24 21:09 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\program files\VS Revo Group
2014-10-24 02:23 . 2014-10-24 02:23 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-24 02:23 . 2014-10-24 02:23 -------- d-----w- c:\programdata\RogueKiller
2014-10-23 08:24 . 2014-10-23 20:36 -------- d-----w- c:\users\dale\AppData\Local\Ornhics
2014-10-22 20:16 . 2014-10-22 20:16 -------- d-----w- c:\users\dale\AppData\Roaming\Avira
2014-10-21 21:24 . 2014-10-21 21:24 -------- d-----w- c:\users\dale\AppData\Local\ActiveState
2014-10-21 20:16 . 2014-10-21 20:19 -------- d-----w- C:\Perl64
2014-10-21 00:23 . 2014-10-21 06:06 -------- d-----w- c:\programdata\BoostSoftware
2014-10-20 22:23 . 2011-05-24 21:29 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2014-10-20 22:23 . 2011-05-24 21:29 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2014-10-20 22:23 . 2011-05-24 21:29 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2014-10-20 22:23 . 2011-05-24 21:29 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2014-10-20 22:23 . 2011-05-24 21:29 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2014-10-20 22:23 . 2011-05-24 21:29 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2014-10-20 22:23 . 2011-05-24 21:29 221312 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2014-10-20 22:23 . 2011-05-24 21:29 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2014-10-20 22:23 . 2011-05-24 21:29 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2014-10-20 22:23 . 2011-05-24 21:29 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2014-10-20 22:23 . 2011-05-24 21:29 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2014-10-20 22:23 . 2011-05-24 21:29 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2014-10-20 22:22 . 2014-10-20 22:22 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
2014-10-19 03:09 . 2014-10-19 03:09 2507776 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
2014-10-19 03:09 . 2014-10-19 03:09 3166208 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
2014-10-16 10:20 . 2014-10-16 10:20 0 ----a-w- c:\windows\SysWow64\sho2B0.tmp
2014-10-15 23:30 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
2014-10-15 23:30 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
2014-10-15 23:30 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
2014-10-15 23:30 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
2014-10-15 23:30 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
2014-10-15 23:30 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
2014-10-15 23:30 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
2014-10-15 23:27 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-15 23:27 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-15 23:25 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-15 23:25 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-13 21:33 . 2014-10-13 21:32 319912 ----a-w- c:\windows\system32\javaws.exe
2014-10-13 21:32 . 2014-10-13 21:32 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-10-13 21:32 . 2014-10-13 21:32 189352 ----a-w- c:\windows\system32\javaw.exe
2014-10-13 21:32 . 2014-10-13 21:32 189352 ----a-w- c:\windows\system32\java.exe
2014-10-13 11:04 . 2014-10-13 11:04 0 ----a-w- c:\windows\SysWow64\shoF4EA.tmp
2014-10-12 03:10 . 2014-10-12 03:10 0 ----a-w- c:\windows\SysWow64\sho5A78.tmp
2014-10-09 23:01 . 2014-10-09 23:10 -------- d-----w- c:\users\dale\AppData\Local\GitHub
2014-10-09 23:01 . 2014-10-09 23:01 -------- d-----w- c:\users\dale\AppData\Roaming\GitHub
2014-10-09 22:58 . 2014-10-19 04:59 -------- d-----w- c:\users\dale\AppData\Local\Deployment
2014-10-09 22:58 . 2014-10-09 22:58 -------- d-----w- c:\users\dale\AppData\Local\Apps
2014-10-09 06:02 . 2014-10-09 06:02 -------- d-----w- c:\users\dale\AppData\Roaming\NVIDIA
2014-10-09 05:55 . 2014-10-09 05:55 -------- d-----w- c:\users\dale\AppData\Local\NVIDIA
2014-10-09 05:55 . 2014-09-17 02:10 2193560 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-10-09 05:55 . 2014-09-17 02:10 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-10-09 05:55 . 2014-09-17 02:10 2799784 ----a-w- c:\windows\system32\nvspcap64.dll
2014-10-09 05:55 . 2014-09-17 02:10 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-10-09 05:55 . 2014-10-09 05:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2014-10-09 05:54 . 2014-09-13 20:13 613696 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-10-09 05:54 . 2014-09-13 21:53 6890696 ----a-w- c:\windows\system32\nvcpl.dll
2014-10-09 05:54 . 2014-09-13 21:53 3529872 ----a-w- c:\windows\system32\nvsvc64.dll
2014-10-09 05:54 . 2014-09-13 21:53 934216 ----a-w- c:\windows\system32\nvvsvc.exe
2014-10-09 05:54 . 2014-09-13 21:53 62608 ----a-w- c:\windows\system32\nvshext.dll
2014-10-09 05:54 . 2014-09-13 21:53 385168 ----a-w- c:\windows\system32\nvmctray.dll
2014-10-09 05:54 . 2014-09-13 21:53 2557640 ----a-w- c:\windows\system32\nvsvcr.dll
2014-10-09 05:54 . 2014-09-11 15:37 3961833 ----a-w- c:\windows\system32\nvcoproc.bin
2014-10-09 05:53 . 2014-09-13 23:48 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-10-09 05:53 . 2014-09-13 23:48 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-10-07 08:47 . 2014-10-07 08:47 0 ----a-w- c:\windows\SysWow64\shoB3BC.tmp
2014-10-07 01:35 . 2014-10-07 01:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-10-07 01:32 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-07 01:32 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-10-07 01:32 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-07 01:32 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-24 03:50 . 2014-04-27 01:14 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-23 01:37 . 2013-08-27 06:22 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-23 01:37 . 2013-08-27 06:22 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-10-23 01:37 . 2013-08-27 06:22 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-10-16 18:59 . 2012-05-28 03:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-16 18:59 . 2012-05-28 03:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 10:01 . 2011-11-05 01:32 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-02 22:53 . 2011-11-04 16:50 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-10-01 18:11 . 2014-04-27 01:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-04-27 01:13 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2013-10-04 16:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-17 04:51 . 2013-01-07 23:14 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-08-25 01:05 . 2013-12-04 20:38 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-08-23 02:07 . 2014-08-30 16:41 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-30 16:41 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-01 11:53 . 2014-09-11 04:04 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-11 04:04 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"AviraSpeedup"="c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" [2014-10-23 5395704]
"Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-02-10 126056]
"BitTorrent"="c:\users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-10-10 1387864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-23 703736]
"Bell Canada Connection Manager"="c:\program files (x86)\Bell\Mobile Connect\MobileConnect.exe" [2012-08-28 87944]
"DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-02-10 1519176]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe [x]
R2 CABellCanada;Bell Canada Con App Svc;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;c:\windows\system32\DRIVERS\nwbellrmnet.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellrmnet.sys [x]
R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;c:\windows\system32\DRIVERS\nwbellusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbmdm.sys [x]
R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;c:\windows\system32\DRIVERS\nwbellusbser.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbser.sys [x]
R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwbellusbser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbser2.sys [x]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
R3 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
S3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S3 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S3 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
S3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 ProfileImpSvc;Native WiFi profile importer;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [x]
S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 19:43 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:59]
.
2014-10-23 c:\windows\Tasks\AviraSpeedup.job
- c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [2014-10-20 00:53]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: facebook.com\www
Trusted Zone: hotmail.com\www
Trusted Zone: runescape.com\services
Trusted Zone: runescape.com\www
TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}: NameServer = 208.69.150.252,208.69.150.250
TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1}: NameServer = 208.69.150.252,208.69.150.250
FF - ProfilePath - c:\users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
FF - prefs.js: browser.search.selectedEngine - My Online Search
FF - prefs.js: browser.startup.homepage - www.google.ca
FF - prefs.js: keyword.enabled - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-SanDiskSecureAccess_Manager.exe - c:\users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
Wow6432Node-HKCU-Run-BearShare - c:\program files (x86)\BearShare Applications\BearShare\BearShare.exe
Wow6432Node-HKLM-Run-LogMeIn Hamachi Ui - c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk - c:\program files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-24 16:57:08
ComboFix-quarantined-files.txt 2014-10-24 23:57
.
Pre-Run: 205,978,513,408 bytes free
Post-Run: 206,717,689,856 bytes free
.
- - End Of File - - FA3DF1CC2F72D7017D742BD86BDF8A7B
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Adware cleaner had 2 logs R0 + S0

# AdwCleaner v4.001 - Report created 24/10/2014 at 17:25:27
# Updated 20/10/2014 by Xplode
# Database :
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dale - DALE-ASUS
# Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
Folder Found : C:\Program Files (x86)\BearShare Applications
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\Music Toolbar
Folder Found : C:\Program Files (x86)\otshot
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Conduit
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\dale\AppData\Local\apn
Folder Found : C:\Users\dale\AppData\Local\Babylon
Folder Found : C:\Users\dale\AppData\Local\Conduit
Folder Found : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Folder Found : C:\Users\dale\AppData\Local\iLivid
Folder Found : C:\Users\dale\AppData\Local\jZip
Folder Found : C:\Users\dale\AppData\LocalLow\Conduit
Folder Found : C:\Users\dale\AppData\Roaming\DSite
Folder Found : C:\Users\dale\Qtrax

***** [ Scheduled Tasks ] *****

Task Found : QtraxPlayer
Task Found : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APNDTX
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Key Found : HKCU\Software\jZip
Key Found : HKCU\Software\qtrax
Key Found : HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\APNDTX
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\jZip
Key Found : [x64] HKCU\Software\qtrax
Key Found : [x64] HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Found : HKLM\SOFTWARE\VBMZ
Key Found : HKLM\SOFTWARE\visualbee
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v29.0.1 (en-US)

[w6cc8k2q.default] - Line Found : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[w6cc8k2q.default] - Line Found : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
[w6cc8k2q.default] - Line Found : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
[w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
[w6cc8k2q.default] - Line Found : user_pref("show.CT3297947", false);
[w6cc8k2q.default] - Line Found : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");

-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [7353 octets] - [24/10/2014 17:25:27]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7413 octets] ##########

# AdwCleaner v4.001 - Report created 24/10/2014 at 17:27:13
# DB v
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dale - DALE-ASUS
# Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\dale\AppData\Local\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\dale\AppData\Local\Babylon
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\dale\AppData\Local\Conduit
Folder Deleted : C:\Users\dale\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dale\AppData\Roaming\DSite
Folder Deleted : C:\Users\dale\AppData\Local\iLivid
Folder Deleted : C:\Users\dale\AppData\Local\jZip
Folder Deleted : C:\Program Files (x86)\Music Toolbar
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\dale\Qtrax
Folder Deleted : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
File Deleted : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

Task Deleted : QtraxPlayer
Task Deleted : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\qtrax
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v29.0.1 (en-US)

[w6cc8k2q.default] - Line Deleted : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
[w6cc8k2q.default] - Line Deleted : user_pref("show.CT3297947", false);
[w6cc8k2q.default] - Line Deleted : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");

-\\ Google Chrome v38.0.2125.104

# AdwCleaner v4.001 - Report created 24/10/2014 at 17:27:13
# DB v
# Updated 20/10/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : dale - DALE-ASUS
# Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\Users\dale\AppData\Local\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\dale\AppData\Local\Babylon
Folder Deleted : C:\Program Files (x86)\BearShare Applications
Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Users\dale\AppData\Local\Conduit
Folder Deleted : C:\Users\dale\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\dale\AppData\Roaming\DSite
Folder Deleted : C:\Users\dale\AppData\Local\iLivid
Folder Deleted : C:\Users\dale\AppData\Local\jZip
Folder Deleted : C:\Program Files (x86)\Music Toolbar
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\dale\Qtrax
Folder Deleted : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
File Deleted : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
File Deleted : C:\END

***** [ Scheduled Tasks ] *****

Task Deleted : QtraxPlayer
Task Deleted : VisualBeeRecovery

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Key Deleted : HKCU\Software\APNDTX
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\jZip
Key Deleted : HKCU\Software\qtrax
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v29.0.1 (en-US)

[w6cc8k2q.default] - Line Deleted : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
[w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
[w6cc8k2q.default] - Line Deleted : user_pref("show.CT3297947", false);
[w6cc8k2q.default] - Line Deleted : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");
-\\ Google Chrome v38.0.2125.104


*************************

AdwCleaner[R0].txt - [7529 octets] - [24/10/2014 17:25:27]
AdwCleaner[S0].txt - [7348 octets] - [24/10/2014 17:27:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7408 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.3 (10.21.2014:1)
OS: Windows 7 Home Premium x64
Ran by dale on 24/10/2014 at 17:36:57.43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{931592A4-5A64-4FEE-A24E-5609858967C1}



~~~ Files

Successfully deleted: [File] "C:\Users\dale\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\dale\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{531DAD27-6128-4272-957F-989CE160337E}
Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{E1C96A1E-2218-463F-9EC3-671A2324CFDF}
Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{E87219FD-93EA-4807-8971-5A1929A7830B}



~~~ FireFox

Emptied folder: C:\Users\dale\AppData\Roaming\mozilla\firefox\profiles\w6cc8k2q.default\minidumps [396 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/10/2014 at 17:41:34.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
Ran by dale (administrator) on DALE-ASUS on 24-10-2014 17:43:22
Running from C:\Users\dale\Downloads
Loaded Profile: dale (Available profiles: dale)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
(Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
(Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(SmithMicro Inc.) C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87944 2012-08-28] (Bell)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-10-22] (Avira)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [BitTorrent] => C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe [1387864 2014-10-09] (BitTorrent Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}: [NameServer] 208.69.150.252,208.69.150.250
Tcpip\..\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1}: [NameServer] 208.69.150.252,208.69.150.250

FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default
FF DefaultSearchEngine: My Online Search
FF SearchEngineOrder.1:
FF SelectedSearchEngine: My Online Search
FF Homepage: www.google.ca
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-11]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-05-11]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-04]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-05-03]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> ask.com
CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=cr...E002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-08]
CHR Extension: (Google Search) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-08]
CHR Extension: (Vgrabber1) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi [2014-01-12]
CHR Extension: (Skype Click to Call) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-30]
CHR Extension: (Google Wallet) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
CHR Extension: (Gmail) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-08]
CHR Extension: (RoboForm) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-07-01]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-22] (Avira Operations GmbH & Co. KG)
S2 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120712 2012-08-28] (SmithMicro Inc.)
R3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124808 2012-08-28] (SmithMicro Inc.)
R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
R3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
R3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)
R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [96128 2012-08-07] ()
R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [270336 2010-06-03] (Novatel Wireless Inc.) [File not signed]
R3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169864 2012-08-28] (SmithMicro Inc.)
R3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
 
==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
S3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-26] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-26] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-22] (Avira Operations GmbH & Co. KG)
U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-18] (Fresco Logic)
R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-18] (Windows (R) Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S4 LMIRfsClientNP; No ImagePath
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
R3 NWBellRmNet; C:\Windows\System32\DRIVERS\nwbellrmnet.sys [350208 2011-08-25] (Novatel Wireless Inc.)
R3 NWBellUSBModem; C:\Windows\System32\DRIVERS\nwbellusbmdm.sys [222208 2011-08-25] (Novatel Wireless Inc.)
R3 NWBellUSBPort; C:\Windows\System32\DRIVERS\nwbellusbser.sys [222208 2011-08-25] (Novatel Wireless Inc.)
R3 NWBellUSBPort2; C:\Windows\System32\DRIVERS\nwbellusbser2.sys [222208 2011-08-25] (Novatel Wireless Inc.)
S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-23] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 17:41 - 2014-10-24 17:41 - 00001791 _____ () C:\Users\dale\Desktop\JRT.txt
2014-10-24 17:34 - 2014-10-24 17:34 - 00000000 ____D () C:\Windows\ERUNT
2014-10-24 17:32 - 2014-10-24 17:32 - 00000000 ____D () C:\Users\dale\AppData\Local\CrashDumps
2014-10-24 17:25 - 2014-10-24 17:27 - 00000000 ____D () C:\AdwCleaner
2014-10-24 17:22 - 2014-10-24 17:22 - 02112000 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2014-10-24 17:21 - 2014-10-24 17:21 - 01706144 _____ (Thisisu) C:\Users\dale\Downloads\JRT.exe
2014-10-24 17:19 - 2014-10-24 17:19 - 01962496 _____ () C:\Users\dale\Downloads\adwcleaner_4.001.exe
2014-10-24 16:44 - 2014-10-24 16:57 - 00000000 ____D () C:\Qoobox
2014-10-24 16:44 - 2014-10-24 16:57 - 00000000 ____D () C:\ComboFix
2014-10-24 16:44 - 2014-10-24 16:55 - 00000000 ____D () C:\Windows\erdnt
2014-10-24 16:44 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-24 16:44 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-24 16:44 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-24 16:44 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-24 16:44 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-24 16:44 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-24 16:44 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-24 16:44 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-24 16:29 - 2014-10-24 16:30 - 05583977 ____R (Swearware) C:\Users\dale\Downloads\ComboFix.exe
2014-10-24 14:51 - 2014-10-24 14:57 - 120133880 _____ (Microsoft Corporation) C:\Users\dale\Documents\msert.exe
2014-10-24 14:49 - 2014-10-24 15:00 - 306270552 _____ (NVIDIA Corporation) C:\Users\dale\Downloads\344.48-notebook-win8-win7-64bit-international-whql.exe
2014-10-24 14:41 - 2014-10-24 14:41 - 00001152 _____ () C:\Users\dale\Desktop\TweakBit PCCleaner.lnk
2014-10-24 14:40 - 2014-10-24 14:42 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
2014-10-24 14:40 - 2014-10-24 14:42 - 00000000 ____D () C:\ProgramData\TweakBit
2014-10-24 14:40 - 2014-10-24 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2014-10-24 14:40 - 2014-10-24 14:41 - 00000000 ____D () C:\Program Files (x86)\TweakBit
2014-10-24 14:40 - 2014-10-24 14:40 - 00001124 _____ () C:\Users\dale\Desktop\TweakBit FixMyPC.lnk
2014-10-24 14:39 - 2014-10-24 14:39 - 08023896 _____ (Auslogics Labs Pty Ltd ) C:\Users\dale\Documents\fix-my-pc-setup.exe
2014-10-24 14:27 - 2014-10-24 14:31 - 92658088 _____ (Oracle Corporation) C:\Users\dale\Documents\jre-8u25-windows-x64.exe
2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\Users\dale\AppData\Local\VS Revo Group
2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-24 14:09 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-10-24 14:08 - 2014-10-24 14:08 - 10691640 _____ (VS Revo Group ) C:\Users\dale\Downloads\RevoUninProSetup.exe
2014-10-23 20:28 - 2014-10-23 21:25 - 00000000 ____D () C:\Users\dale\Desktop\mbar
2014-10-23 19:23 - 2014-10-23 19:23 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-23 19:13 - 2014-10-23 19:14 - 16281688 _____ () C:\Users\dale\Downloads\RogueKiller.exe
2014-10-23 14:33 - 2014-10-23 14:33 - 00005152 _____ () C:\Users\dale\Documents\Attach.zip
2014-10-23 14:31 - 2014-10-23 14:31 - 00022946 _____ () C:\Users\dale\Documents\Attach.txt
2014-10-23 14:26 - 2014-10-23 14:26 - 00688992 ____R (Swearware) C:\Users\dale\Downloads\dds.com
2014-10-23 01:24 - 2014-10-23 13:36 - 00000000 ____D () C:\Users\dale\AppData\Local\Ornhics
2014-10-22 17:52 - 2014-10-22 17:53 - 00000350 _____ () C:\Windows\Tasks\AviraSpeedup.job
2014-10-22 13:16 - 2014-10-22 13:16 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Avira
2014-10-21 15:40 - 2014-10-21 15:41 - 00000000 ____D () C:\Users\dale\Documents\backup files
2014-10-21 14:24 - 2014-10-21 14:24 - 00000000 ____D () C:\Users\dale\AppData\Local\ActiveState
2014-10-21 13:16 - 2014-10-21 13:19 - 00000000 ____D () C:\Perl64
2014-10-20 20:16 - 2014-10-20 23:01 - 00000000 ____D () C:\Users\dale\Downloads\keep
2014-10-20 20:09 - 2014-10-24 15:19 - 00000000 ____D () C:\Users\dale\Downloads\mods
2014-10-20 17:23 - 2014-10-20 23:06 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-10-20 17:22 - 2014-10-20 17:22 - 02909936 _____ (BoostSoftware Inc. ) C:\Users\dale\Downloads\PCHealthBoost-Setup.exe
2014-10-20 15:23 - 2011-05-24 14:29 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
2014-10-20 15:23 - 2011-05-24 14:29 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
2014-10-20 15:22 - 2014-10-20 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bell
2014-10-20 15:22 - 2014-10-20 15:22 - 00000000 ____D () C:\Program Files (x86)\Sierra Wireless Inc
2014-10-20 14:26 - 2014-10-22 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-10-20 14:17 - 2014-10-22 17:53 - 00001315 _____ () C:\Users\dale\Desktop\Avira System Speedup.lnk
2014-10-20 14:17 - 2014-10-20 14:17 - 00003384 _____ () C:\Windows\System32\Tasks\AviraSpeedup
2014-10-18 21:27 - 2014-10-18 21:27 - 00002976 _____ () C:\Windows\System32\Tasks\{339E3F71-6C6E-490D-8FC3-9DD722E38906}
2014-10-18 21:26 - 2014-10-18 21:26 - 00002976 _____ () C:\Windows\System32\Tasks\{4177DDE1-F197-45A4-9D68-66C4857FD80A}
2014-10-18 14:04 - 2014-10-17 12:03 - 00027821 _____ () C:\Users\dale\Documents\crash-2014-10-17_12.03.06-client.txt
2014-10-17 14:00 - 2014-10-17 14:00 - 00001330 _____ () C:\Users\dale\Desktop\taskkill.lnk
2014-10-16 03:20 - 2014-10-16 03:20 - 00000000 _____ () C:\Windows\SysWOW64\sho2B0.tmp
2014-10-15 23:55 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 23:55 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 23:55 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 23:55 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 23:55 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 23:55 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 23:55 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 23:55 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 23:55 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 23:55 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 23:55 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 23:55 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 23:55 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 23:55 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 23:55 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 23:55 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 23:55 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 23:55 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 23:55 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 23:55 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 23:55 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 23:55 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 23:55 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 23:55 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 23:55 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 23:55 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 23:55 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 23:55 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 23:55 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 23:55 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 23:55 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 23:55 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 23:55 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 23:55 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 23:55 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 23:55 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 23:55 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 16:51 - 2014-10-15 16:16 - 00000127 ____N () C:\Users\dale\Documents\response-0001.json
2014-10-15 16:30 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 16:30 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 16:30 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 16:30 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 16:30 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 16:30 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 16:30 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 16:29 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 16:29 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 16:29 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 16:29 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 16:29 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 16:29 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 16:29 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 16:29 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 16:29 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 16:29 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 16:29 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 16:29 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 16:29 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 16:29 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 16:29 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 16:29 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 16:29 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 16:29 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 16:29 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 16:29 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 16:29 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 16:29 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 16:29 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 16:29 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 16:29 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 16:29 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 16:29 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 16:29 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 16:29 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 16:29 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 16:29 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 16:29 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 16:29 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 16:29 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 16:29 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 16:29 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 16:29 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 16:29 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 16:29 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 16:29 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 16:29 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 16:29 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 16:29 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 16:29 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 16:29 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 16:29 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 16:29 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 16:29 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 16:29 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 16:29 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 16:29 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 16:29 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 16:29 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 16:29 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 16:29 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 16:29 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 16:29 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 16:29 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 16:29 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 16:29 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 16:29 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 16:29 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 16:29 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 16:29 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 16:27 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 16:27 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 16:26 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 16:26 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 16:26 - 2014-08-28 19:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 16:26 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-15 16:26 - 2014-08-28 19:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-10-15 16:26 - 2014-08-28 19:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-15 16:26 - 2014-08-28 19:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 16:26 - 2014-08-28 18:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 16:26 - 2014-08-28 18:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 16:26 - 2014-08-28 18:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 16:26 - 2014-08-28 18:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-15 16:26 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 16:26 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 16:26 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 16:26 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 16:26 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 16:26 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 16:26 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 16:26 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 16:26 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 16:26 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 16:26 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-15 16:25 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 16:25 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-13 14:33 - 2014-10-13 14:32 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-13 14:32 - 2014-10-13 14:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-13 14:32 - 2014-10-13 14:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-13 14:32 - 2014-10-13 14:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-10-13 14:29 - 2014-10-13 14:30 - 31013800 _____ (Oracle Corporation) C:\Users\dale\Documents\jre-7u67-windows-x64.exe
2014-10-13 04:04 - 2014-10-13 04:04 - 00000000 _____ () C:\Windows\SysWOW64\shoF4EA.tmp
2014-10-11 20:10 - 2014-10-11 20:10 - 00000000 _____ () C:\Windows\SysWOW64\sho5A78.tmp
2014-10-09 18:59 - 2014-10-09 19:00 - 00000000 ____D () C:\Users\dale\Downloads\New World
2014-10-09 17:51 - 2014-10-09 17:51 - 02350021 _____ () C:\Users\dale\Downloads\mcpatcher-4.3.2_03.exe
2014-10-09 17:35 - 2014-10-20 20:09 - 00000000 ____D () C:\Users\dale\Downloads\tekkit resource packs
2014-10-09 16:01 - 2014-10-18 22:00 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2014-10-09 16:01 - 2014-10-09 16:10 - 00000000 ____D () C:\Users\dale\AppData\Local\GitHub
2014-10-09 16:01 - 2014-10-09 16:02 - 00000000 ____D () C:\Users\dale\Documents\GitHub
2014-10-09 16:01 - 2014-10-09 16:01 - 00000000 ____D () C:\Users\dale\AppData\Roaming\GitHub
2014-10-09 15:58 - 2014-10-18 21:59 - 00000000 ____D () C:\Users\dale\AppData\Local\Deployment
2014-10-09 15:58 - 2014-10-09 15:58 - 00000000 ____D () C:\Users\dale\AppData\Local\Apps\2.0
2014-10-08 23:02 - 2014-10-08 23:02 - 00000000 ____D () C:\Users\dale\AppData\Roaming\NVIDIA
2014-10-08 22:55 - 2014-10-08 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-10-08 22:55 - 2014-10-08 22:55 - 00000000 ____D () C:\Users\dale\AppData\Local\NVIDIA
2014-10-08 22:55 - 2014-10-08 22:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-10-08 22:55 - 2014-09-16 19:10 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-10-08 22:55 - 2014-09-16 19:10 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-10-08 22:55 - 2014-09-16 19:10 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-10-08 22:55 - 2014-09-16 19:10 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-10-08 22:54 - 2014-09-13 14:53 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-10-08 22:54 - 2014-09-13 14:53 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-10-08 22:54 - 2014-09-13 14:53 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-10-08 22:54 - 2014-09-13 14:53 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-10-08 22:54 - 2014-09-13 14:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-10-08 22:54 - 2014-09-13 14:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-10-08 22:54 - 2014-09-13 13:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-10-08 22:54 - 2014-09-11 08:37 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-10-08 22:53 - 2014-09-13 16:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-10-08 22:53 - 2014-09-13 16:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-10-08 22:52 - 2014-09-16 21:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-10-08 22:52 - 2014-09-16 21:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-10-08 22:52 - 2014-09-13 16:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-10-08 22:52 - 2014-09-13 16:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-10-08 22:52 - 2014-09-04 12:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-10-08 22:52 - 2014-09-04 12:14 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-10-08 22:52 - 2014-09-04 12:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-10-08 22:21 - 2014-10-08 22:26 - 319671744 _____ (NVIDIA Corporation) C:\Users\dale\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
2014-10-08 09:58 - 2014-10-08 09:58 - 00000000 ____D () C:\Users\dale\Downloads\saves
2014-10-07 01:47 - 2014-10-07 01:47 - 00000000 _____ () C:\Windows\SysWOW64\shoB3BC.tmp
2014-10-06 18:32 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-06 18:32 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-06 18:32 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-06 18:32 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-24 17:43 - 2014-07-26 07:55 - 00026560 _____ () C:\Users\dale\Downloads\FRST.txt
2014-10-24 17:43 - 2014-07-26 07:55 - 00000000 ____D () C:\FRST
2014-10-24 17:41 - 2011-04-01 21:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-24 17:41 - 2011-04-01 21:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 17:38 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-24 17:38 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-24 17:35 - 2012-06-21 04:02 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2014-10-24 17:33 - 2014-02-25 23:05 - 00075767 _____ () C:\Windows\setupact.log
2014-10-24 17:32 - 2014-02-08 00:26 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for dale-ASUS-dale dale-ASUS
2014-10-24 17:31 - 2014-04-26 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-24 17:29 - 2014-03-25 16:49 - 00304686 _____ () C:\Windows\PFRO.log
2014-10-24 17:29 - 2014-02-11 00:39 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-10-24 17:29 - 2012-09-13 22:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-10-24 17:29 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-24 17:28 - 2011-07-15 22:21 - 01343365 _____ () C:\Windows\WindowsUpdate.log
2014-10-24 17:27 - 2011-11-02 17:18 - 00000000 ____D () C:\Users\dale
2014-10-24 17:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
2014-10-24 17:18 - 2009-07-13 22:13 - 00798844 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-24 17:09 - 2009-07-13 22:08 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-24 16:57 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
2014-10-24 16:54 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-24 16:50 - 2012-05-27 20:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-24 14:36 - 2013-11-23 23:07 - 00000000 ____D () C:\Program Files\Java
2014-10-24 14:36 - 2013-10-16 21:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-23 21:25 - 2013-10-04 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-23 19:16 - 2014-07-26 22:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\dale\Downloads\mbar-1.07.0.1012.exe
2014-10-23 15:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-23 13:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
2014-10-22 18:39 - 2014-02-20 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
2014-10-22 18:39 - 2013-08-26 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-10-22 18:39 - 2012-04-30 17:32 - 00000000 ____D () C:\ProgramData\P4G
2014-10-22 18:39 - 2011-11-04 10:45 - 00000000 ____D () C:\ProgramData\Avira
2014-10-22 18:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-22 18:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
2014-10-22 18:37 - 2013-08-26 23:22 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-22 18:37 - 2013-08-26 23:22 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-10-22 18:37 - 2013-08-26 23:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-22 18:29 - 2013-10-07 22:35 - 00000000 ____D () C:\Windows\pss
2014-10-22 16:32 - 2009-07-14 00:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-10-20 23:25 - 2013-08-26 23:23 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-10-20 17:20 - 2013-02-09 15:34 - 00000000 ____D () C:\Users\dale\AppData\Roaming\SoftGrid Client
2014-10-20 16:07 - 2012-12-15 23:13 - 00000000 ___RD () C:\Users\dale\Dropbox
2014-10-20 15:35 - 2014-04-26 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 15:35 - 2014-04-26 18:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-20 15:35 - 2013-10-04 09:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-20 15:30 - 2012-12-15 23:06 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Dropbox
2014-10-20 15:22 - 2012-04-30 17:45 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
2014-10-20 15:22 - 2012-04-30 17:39 - 00000000 ____D () C:\ProgramData\Bell
2014-10-20 15:20 - 2011-11-04 18:38 - 00009255 _____ () C:\Windows\SysWOW64\pcregtemp.txt
2014-10-20 15:15 - 2013-08-31 16:27 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-10-20 15:15 - 2013-08-31 16:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-10-20 14:31 - 2013-09-01 01:59 - 00000000 ____D () C:\Users\dale\AppData\Local\LogMeIn Hamachi
2014-10-20 14:14 - 2014-02-20 23:44 - 08280992 _____ (Avira) C:\Users\dale\Downloads\avira_speedup_internetsecuritysuite.exe
2014-10-18 23:57 - 2014-04-08 16:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\BitTorrent
2014-10-18 21:40 - 2013-07-17 17:51 - 00000000 ____D () C:\Users\dale\AppData\Roaming\.minecraft
2014-10-17 11:09 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 12:00 - 2014-08-20 11:19 - 00000000 ____D () C:\Users\dale\AppData\Local\Adobe
2014-10-16 11:59 - 2012-05-27 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-16 11:59 - 2012-05-27 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-16 11:59 - 2012-05-27 20:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 11:47 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-16 11:44 - 2009-07-13 21:45 - 00437120 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 11:42 - 2014-04-22 16:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 11:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 11:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 03:07 - 2013-07-15 11:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 03:01 - 2011-11-04 18:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 22:56 - 2013-11-23 23:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-10-08 22:56 - 2012-08-06 00:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-10-08 22:55 - 2013-12-17 13:05 - 00000000 ____D () C:\Users\dale\AppData\Local\NVIDIA Corporation
2014-10-08 22:55 - 2012-09-13 22:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-10-08 22:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-10-06 18:35 - 2012-06-21 04:02 - 00000000 ____D () C:\ProgramData\Skype
2014-10-02 15:53 - 2011-11-04 09:50 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-01 11:11 - 2014-04-26 18:13 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-04-26 18:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-10-04 09:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\dale\jagex_cl_oldschool_LIVE.dat
C:\Users\dale\jagex_cl_runescape_LIVE.dat
C:\Users\dale\jagex_cl_runescape_LIVE1.dat
C:\Users\dale\jagex_cl_runescape_LIVE_BETA.dat
C:\Users\dale\random.dat


Some content of TEMP:
====================
C:\Users\dale\AppData\Local\Temp\avgnt.exe
C:\Users\dale\AppData\Local\Temp\Quarantine.exe
C:\Users\dale\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-23 15:17

==================== End Of Log ============================
 
Dang that farbar made a very big log longer then 50k so I had to breake it down into 3 sections.
your sure giving me a lot of programs to use and yes I did them all in order and done exactly what your post suggested :)
 
You must log in or register to reply here.

Similar threads

D
Mini PCs sold on Amazon contained factory-installed spyware
Replies
16
Views
421
Fastturtle
F
Daniel Sims
Valve and AMD begin fixing Counter-Strike 2 driver bans
Replies
3
Views
311
Puiu
Puiu
A
Windows Phone returns from grave as an anti-ad-blocker on YouTube
Replies
17
Views
549
Vanderlinde
V

Latest posts

Back