TechSpot

Trogen detection

By soderquist1
Oct 23, 2014
  1. I did the virus scan first like suggested and it detected TR/Crypt.XPACK.Gen3 + ADWARE/Dealply.gen
    and the malware detected trojan.fakeMS.ED, and Trojan.Miuref
    only issue is it never saved the log for some reason so I cleared the logs and rescanned and this time it showed nothing but I posted them anyways like you asked.
    I will be doing step 3 and 4 shortly so I will repost when im done.

    I also herd back from avira my anti-virus and they said avira pro I got is the new name and interface for the suite and is the successor product of suite. I was finally able to get my anti-virus to update and I did update my malware prior to the scan then went offline shortly after so this virus/malware cant access the internet.

    I do still get notifications shortly after going online that mbam has blocked the following..
    91.195.10.91 port 6881 process c:windows/explorer.exe


    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 23/10/2014 1:42:06 PM, SYSTEM, DALE-ASUS, Manual, Failed, Unable to access update server,
    Scan, 23/10/2014 1:57:44 PM, SYSTEM, DALE-ASUS, Manual, Start:23/10/2014 1:42:06 PM, Duration:15 min 38 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

    (end)
     

    Attached Files:

  2. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by dale at 14:27:08 on 2014-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5337 [GMT -7:00]
    .
    AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\FSP\fspuip.exe
    C:\Windows\system32\RunDLL32.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    C:\Program Files\Nightly\firefox.exe
    C:\Program Files\Nightly\plugin-container.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
    uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
    uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    TCP: NameServer = 70.28.245.227 184.151.118.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
    FF - prefs.js: browser.search.selectedEngine - My Online Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.enabled - false
    FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
    R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
    R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
    R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
    R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
    R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
    R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
    R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
    R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
    R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
    R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
    R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
    R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
    R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
    R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
    R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
    R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
    R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
    R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
    R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
    S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
    2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
    2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
    2014-10-21 20:16:21 -------- d-----w- C:\Perl64
    2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
    2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
    2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
    2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
    2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
    2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
    2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
    2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
    2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
    2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
    2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
    2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
    2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
    2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
    2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
    2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
    2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
    2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
    2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
    2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
    2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
    2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
    2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
    2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
    2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
    2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
    2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
    2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    .
    ============= FINISH: 14:28:04.29 ===============
     
  3. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/11/2011 5:18:08 PM
    System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G74Sx
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 192.742 GiB free.
    D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
    E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
    F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
    G: is CDROM (UDF)
    H: is Removable
    R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer:
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
    RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
    RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
    RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
    RP424: 20/10/2014 4:01:25 PM - Windows Update
    RP425: 20/10/2014 4:04:11 PM - Windows Update
    RP426: 20/10/2014 4:23:33 PM - Windows Backup
    RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Antivirus Pro
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ASUS WebStorage
    AsusScr_G74 Series_ENG
    AsusVibe2.0
    ATK Package
    Avira System Speedup
    Bell Mobile Broadband Drivers
    BitTorrent
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Dropbox
    eReg
    Finger Sensing Pad Driver
    Fresco Logic USB3.0 Host Controller
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Update Helper
    InstallVC90Support
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Java 7 Update 67 (64-bit)
    Java SE Development Kit 7 Update 67 (64-bit)
    Junk Mail filter update
    LG USB Modem driver
    Logitech SetPoint 6.61
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 365 - en-us
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mobile Connect
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Nightly 33.0a1 (x64 en-US)
    NVIDIA 3D Vision Driver 344.11
    NVIDIA Control Panel 344.11
    NVIDIA GeForce Experience 2.1.2
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 344.11
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 16.13.42
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 16.13.42
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.25
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    RoboForm 7-9-8-5 (All Users)
    RuneScape Launcher 1.2.3
    SAMSUNG Intelli-studio
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    Skype Click to Call
    Skype™ 6.18
    syncables desktop SE
    THX TruStudio
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    WinRAR 4.20 (32-bit)
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
    22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
    22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
    22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
    22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
    22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
    22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
    22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
    21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
    20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
    20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
    16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
    16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
    .
    ==== End Of File ===========================
     
  4. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    trojan.agent.FF detected shortly after turning on internet.

    and sorry about them 2 posts I never saw the second note uptil after I posted the results.
    anyways I made sure I disabled all protection then re-scanned. I never use a specialty product before for scanning :x

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by dale at 14:48:51 on 2014-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5203 [GMT -7:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\FSP\fspuip.exe
    C:\Windows\system32\RunDLL32.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    C:\Program Files\Nightly\firefox.exe
    C:\Program Files\Nightly\plugin-container.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
    uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
    uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    TCP: NameServer = 70.28.245.227 184.151.118.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
    FF - prefs.js: browser.search.selectedEngine - My Online Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.enabled - false
    FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
    R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
    R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
    R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
    R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
    R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
    R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
    R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
    R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
    R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
    R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
    R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
    R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
    R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
    R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
    R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
    R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
    R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
    R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
    R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
    S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
    2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
    2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
    2014-10-21 20:16:21 -------- d-----w- C:\Perl64
    2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
    2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
    2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
    2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
    2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
    2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
    2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
    2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
    2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
    2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
    2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
    2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
    2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
    2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
    2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
    2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
    2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
    2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
    2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
    2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
    2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
    2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
    2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
    2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
    2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
    2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
    2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
    2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    .
    ============= FINISH: 14:49:02.45 ===============
     
  5. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/11/2011 5:18:08 PM
    System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G74Sx
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 192.741 GiB free.
    D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
    E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
    F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
    G: is CDROM (UDF)
    H: is Removable
    R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer:
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
    RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
    RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
    RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
    RP424: 20/10/2014 4:01:25 PM - Windows Update
    RP425: 20/10/2014 4:04:11 PM - Windows Update
    RP426: 20/10/2014 4:23:33 PM - Windows Backup
    RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Antivirus Pro
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ASUS WebStorage
    AsusScr_G74 Series_ENG
    AsusVibe2.0
    ATK Package
    Avira System Speedup
    Bell Mobile Broadband Drivers
    BitTorrent
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Dropbox
    eReg
    Finger Sensing Pad Driver
    Fresco Logic USB3.0 Host Controller
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Update Helper
    InstallVC90Support
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Java 7 Update 67 (64-bit)
    Java SE Development Kit 7 Update 67 (64-bit)
    Junk Mail filter update
    LG USB Modem driver
    Logitech SetPoint 6.61
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 365 - en-us
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mobile Connect
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Nightly 33.0a1 (x64 en-US)
    NVIDIA 3D Vision Driver 344.11
    NVIDIA Control Panel 344.11
    NVIDIA GeForce Experience 2.1.2
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 344.11
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 16.13.42
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 16.13.42
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.25
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    RoboForm 7-9-8-5 (All Users)
    RuneScape Launcher 1.2.3
    SAMSUNG Intelli-studio
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    Skype Click to Call
    Skype™ 6.18
    syncables desktop SE
    THX TruStudio
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    WinRAR 4.20 (32-bit)
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
    22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
    22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
    22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
    22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
    22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
    22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
    22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
    21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
    20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
    20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
    16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
    16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
    .
    ==== End Of File ===========================

    I see logmein is on the report I uninstalled that a quite awhile ago before comming to this site so im not sure y it still shows up
     
  6. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  7. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    RogueKiller V10.0.3.0 [Oct 22 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : dale [Administrator]
    Mode : Delete -- Date : 10/23/2014 19:29:04

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 23 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\1SecureIconsProvider | (default) : {FC9D8189-520A-4417-AED7-9EAC810C6FBA} -> Deleted
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\Run | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\Run | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> ERROR [2]
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce | eventcreate : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> ERROR [2]
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} | NameServer : 208.69.150.252,208.69.150.250 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} | DhcpNameServer : 70.28.245.227 184.151.118.254 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Control Panel\Desktop | SCRNSAVE.EXE : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" [x] -> Replaced (C:\Windows\system32\logon.scr)
    [HJ.AutoRun] (X64) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> Replaced ()
    [HJ.AutoRun] (X86) HKEY_USERS\S-1-5-21-2803351199-1918054348-220819788-1000\Software\Microsoft\Command Processor | AutoRun : "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe" -> Replaced ()

    ¤¤¤ Tasks : 5 ¤¤¤
    [Suspicious.Path] DSite.job -- C:\Users\dale\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> Deleted
    [Suspicious.Path] \\ASUS Patch 10430001 -- C:\Windows\AsPatch10430001.exe (-e) -> Deleted
    [Suspicious.Path] \\dale -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe ("C:\Users\dale\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\dale.nji") -> Deleted
    [Suspicious.Path] \\dale Merge -- "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe" ("C:\Users\dale\AppData\Roaming\Seagate\Seagate Dashboard 2.0\Files\dale Merge.nji") -> Deleted
    [Suspicious.Path] \\DSite -- C:\Users\dale\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE (/Check) -> ERROR [0]

    ¤¤¤ Files : 1 ¤¤¤
    [Suspicious.Path][File] eventcreate.lnk -- C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eventcreate.lnk [LNK@] C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] w6cc8k2q.default : user_pref("browser.startup.homepage", "www.google.ca"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST9750420AS +++++
    --- User ---
    [MBR] 11a63cf61758b3bfca216e89802736e0
    [BSP] a6dfcef95bdca6f6c690eb797753f4a9 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 25600 MB
    1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 52430848 | Size: 286161 MB
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 638488576 | Size: 403641 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST9750420AS +++++
    --- User ---
    [MBR] b17efdbde997cde13963cd71a27bec4c
    [BSP] e6c2cebec9d5914c6fe029aa4b621d92 : HP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 357688 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 732547072 | Size: 357715 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: SanDisk SanDisk Ultra USB Device +++++
    --- User ---
    [MBR] b5bdf4860e35110f13c3c1534367a8cd
    [BSP] 5b78b3a367da6d46f8e3b2d0c3e9f6c0 : Windows XP MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 29553 MB
    User = LL1 ... OK
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_10232014_192745.log
     
  8. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    2 more files were produced dds and another lables attach. looks like it removed my program that was instlled from my internet stick but im still able to connect with it so thats all that matters atm. anyways here are the other 2 from roguekiller and ill repost when im done the next part (also I did disable my anti-v also and such jut like before)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17344
    Run by dale at 14:48:51 on 2014-10-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5203 [GMT -7:00]
    .
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
    C:\Windows\SysWow64\perfhost.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Logitech\SetPointP\SetPoint.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\FSP\fspuip.exe
    C:\Windows\system32\RunDLL32.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
    C:\Program Files\Logitech\SetPointP\LBTWiz.exe
    C:\Program Files\Nightly\firefox.exe
    C:\Program Files\Nightly\plugin-container.exe
    C:\program files (x86)\avira\antivir desktop\avcenter.exe
    C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.ca/
    uDefault_Page_URL = hxxp://asus.msn.com
    uURLSearchHooks: {09152f0b-739c-4dec-a245-1aa8a37594f1} - <orphaned>
    uURLSearchHooks: {f9bbf004-6e40-4019-8214-c43a37e1d058} - <orphaned>
    mWinlogon: Userinit = userinit.exe,
    BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
    TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [AviraSpeedup] "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" -autorun
    uRun: [Uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    uRun: [SanDiskSecureAccess_Manager.exe] C:\Users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    uRun: [BitTorrent] "C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED
    uRun: [BearShare] "C:\Program Files (x86)\BearShare Applications\BearShare\BearShare.exe" --lightmode
    uRun: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    uRunOnce: [eventcreate] "C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe"
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mRun: [Bell Canada Connection Manager] "C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe" -a
    mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [DBAgent] "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
    mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    StartupFolder: C:\Users\dale\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTC~1.LNK - C:\Users\dale\AppData\Roaming\Microsoft\Windows\IEUpdate\eventcreate.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PCAUTO~1.LNK - C:\Program Files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab
    TCP: NameServer = 70.28.245.227 184.151.118.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\14355535 : DHCPNameServer = 192.168.1.1 8.8.8.8
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\35861677F40756E6 : DHCPNameServer = 10.63.8.194 10.63.8.195
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\4554C4553513434373 : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\638343433344 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}\E6073636 : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1} : NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{80C4197C-C1E0-40FF-B4F4-F159B2752AE9} : DHCPNameServer = 70.28.245.227 184.151.118.254
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs=
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
    x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
    FF - prefs.js: browser.search.selectedEngine - My Online Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.enabled - false
    FF - plugin: C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll
    FF - plugin: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Windows\System32\Macromed\Flash\NPSWF64_15_0_0_189.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 ATKWMIACPIIO_;ATKWMIACPI Driver_;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
    R1 avfwot;avfwot;C:\Windows\System32\drivers\avfwot.sys [2013-8-26 141376]
    R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-8-26 28600]
    R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-4-26 93400]
    R2 AntiVirMailService;Avira Mail Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [2013-8-26 806704]
    R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-8-26 431920]
    R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-8-26 431920]
    R2 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2013-8-26 994096]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-8-26 119272]
    R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2013-8-26 43064]
    R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [2012-8-28 120712]
    R2 CABellCanada;Bell Canada Con App Svc;C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [2012-8-28 124808]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-8-31 72216]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-26 1871160]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-26 968504]
    R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2012-8-7 96128]
    R2 NWHelper;Novatel Wireless Device Helper ;C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [2010-6-3 270336]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-10-8 411968]
    R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2012-6-4 326544]
    R2 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    R3 AiCharger;ASUS Charger Driver;C:\Windows\System32\drivers\AiCharger.sys [2011-7-15 17152]
    R3 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
    R3 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
    R3 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-25 2369720]
    R3 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-7-18 246568]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-7-18 76584]
    R3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;C:\Windows\System32\drivers\fspad_win764.sys [2011-6-23 53760]
    R3 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-10-8 1149760]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\System32\drivers\ew_jubusenum.sys [2014-10-20 86016]
    R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
    R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-10-4 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-26 129752]
    R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2011-7-15 32344]
    R3 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-10-8 1796928]
    R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-10-8 20288]
    R3 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-10-8 19440960]
    R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-10-8 38048]
    R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;C:\Windows\System32\drivers\nwbellrmnet.sys [2011-8-25 350208]
    R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;C:\Windows\System32\drivers\nwbellusbmdm.sys [2011-8-25 222208]
    R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;C:\Windows\System32\drivers\nwbellusbser.sys [2011-8-25 222208]
    R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;C:\Windows\System32\drivers\nwbellusbser2.sys [2011-8-25 222208]
    R3 ProfileImpSvc;Native WiFi profile importer;C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [2012-8-28 169864]
    R3 RDPDISPM;RDPDISPM;C:\Windows\System32\drivers\rdpdispm.sys [2010-8-31 10752]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-4-30 471144]
    R3 Seagate Dashboard Services;Seagate Dashboard Services;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [2014-2-10 16000]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-15 2655768]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 avfwim;AvFw Packet Filter Miniport;C:\Windows\System32\drivers\avfwim.sys [2013-8-26 114608]
    S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-7-15 79360]
    S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-1 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-26 63704]
    S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-8-5 43032]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-1 19456]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-7-15 290920]
    S3 Seagate MobileBackup Service;Seagate MobileBackup Service;C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [2014-2-10 157264]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-4 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-10-23 08:24:30 -------- d-----w- C:\Users\dale\AppData\Local\Ornhics
    2014-10-22 20:16:11 -------- d-----w- C:\Users\dale\AppData\Roaming\Avira
    2014-10-21 21:24:39 -------- d-----w- C:\Users\dale\AppData\Local\ActiveState
    2014-10-21 20:16:21 -------- d-----w- C:\Perl64
    2014-10-21 00:23:46 -------- d-----w- C:\ProgramData\BoostSoftware
    2014-10-20 22:23:01 98816 ----a-w- C:\Windows\System32\drivers\ew_jucdcacm.sys
    2014-10-20 22:23:01 86016 ----a-w- C:\Windows\System32\drivers\ew_jubusenum.sys
    2014-10-20 22:23:01 69632 ----a-w- C:\Windows\System32\drivers\ew_jucdcecm.sys
    2014-10-20 22:23:01 421376 ----a-w- C:\Windows\System32\drivers\ewusbwwan.sys
    2014-10-20 22:23:01 32768 ----a-w- C:\Windows\System32\drivers\ewdcsc.sys
    2014-10-20 22:23:01 28672 ----a-w- C:\Windows\System32\drivers\ew_juextctrl.sys
    2014-10-20 22:23:01 221312 ----a-w- C:\Windows\System32\drivers\ewusbmdm.sys
    2014-10-20 22:23:01 22016 ----a-w- C:\Windows\System32\drivers\ew_hwupgrade.sys
    2014-10-20 22:23:01 212992 ----a-w- C:\Windows\System32\drivers\ew_juwwanecm.sys
    2014-10-20 22:23:01 13952 ----a-w- C:\Windows\System32\drivers\ew_usbenumfilter.sys
    2014-10-20 22:23:01 117248 ----a-w- C:\Windows\System32\drivers\ew_hwusbdev.sys
    2014-10-20 22:23:01 1001472 ----a-w- C:\Windows\System32\drivers\mod7700.sys
    2014-10-20 22:22:23 -------- d-----w- C:\Program Files (x86)\Sierra Wireless Inc
    2014-10-19 03:09:44 2507776 ----a-w- C:\ProgramData\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-18 20:55:03 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6733FE1F-81E1-45A3-A0AC-2197C2DCE524}\mpengine.dll
    2014-10-16 10:20:39 0 ----a-w- C:\Windows\SysWow64\sho2B0.tmp
    2014-10-15 23:30:02 3198976 ----a-w- C:\Windows\System32\win32k.sys
    2014-10-15 23:30:01 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
    2014-10-15 23:30:01 73880 ----a-w- C:\Windows\System32\mscories.dll
    2014-10-15 23:30:01 1943696 ----a-w- C:\Windows\System32\dfshim.dll
    2014-10-15 23:30:01 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
    2014-10-15 23:30:01 156312 ----a-w- C:\Windows\System32\mscorier.dll
    2014-10-15 23:30:01 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2014-10-15 23:27:19 3241472 ----a-w- C:\Windows\System32\msi.dll
    2014-10-15 23:27:18 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
    2014-10-15 23:25:58 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-15 23:25:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-13 21:32:42 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-10-13 11:04:58 0 ----a-w- C:\Windows\SysWow64\shoF4EA.tmp
    2014-10-12 03:10:58 0 ----a-w- C:\Windows\SysWow64\sho5A78.tmp
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Roaming\GitHub
    2014-10-09 23:01:06 -------- d-----w- C:\Users\dale\AppData\Local\GitHub
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Deployment
    2014-10-09 22:58:48 -------- d-----w- C:\Users\dale\AppData\Local\Apps
    2014-10-09 06:02:14 -------- d-----w- C:\Users\dale\AppData\Roaming\NVIDIA
    2014-10-09 05:55:29 -------- d-----w- C:\Users\dale\AppData\Local\NVIDIA
    2014-10-09 05:55:26 2799784 ----a-w- C:\Windows\System32\nvspcap64.dll
    2014-10-09 05:55:26 2193560 ----a-w- C:\Windows\SysWow64\nvspcap.dll
    2014-10-09 05:55:26 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
    2014-10-09 05:55:26 1291280 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
    2014-10-09 05:54:45 613696 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2014-10-09 05:54:16 934216 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-10-09 05:54:16 6890696 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-10-09 05:54:16 62608 ----a-w- C:\Windows\System32\nvshext.dll
    2014-10-09 05:54:16 3961833 ----a-w- C:\Windows\System32\nvcoproc.bin
    2014-10-09 05:54:16 385168 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-10-09 05:54:16 3529872 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-10-09 05:54:16 2557640 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-10-09 05:53:58 73872 ----a-w- C:\Windows\System32\OpenCL.dll
    2014-10-09 05:53:58 60560 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2014-10-07 08:47:02 0 ----a-w- C:\Windows\SysWow64\shoB3BC.tmp
    2014-10-07 01:32:14 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-10-07 01:32:14 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-10-07 01:32:05 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2014-10-23 20:38:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-23 01:37:37 43064 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
    2014-10-23 01:37:25 119272 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2014-10-16 18:59:36 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-16 18:59:36 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
    2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
    2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-10-01 18:11:26 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-01 18:11:16 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-01 18:11:12 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
    2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
    2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-09-17 04:51:20 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
    2014-09-17 04:51:20 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
    2014-09-17 04:51:20 1538880 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
    2014-09-15 16:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-04 19:14:38 38048 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
    2014-09-04 19:14:38 34976 ----a-w- C:\Windows\System32\nvaudcap64v.dll
    2014-09-04 19:14:38 32416 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
    2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
    2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
    2014-08-29 02:07:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll
    2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
    2014-08-29 02:07:12 5780480 ----a-w- C:\Windows\System32\mstscax.dll
    2014-08-29 02:07:10 322560 ----a-w- C:\Windows\System32\aaclient.dll
    2014-08-29 02:06:47 1125888 ----a-w- C:\Windows\System32\mstsc.exe
    2014-08-29 01:44:52 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll
    2014-08-29 01:44:51 4922368 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-08-29 01:44:49 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll
    2014-08-29 01:44:19 1050112 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
    2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
    2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
    2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
    2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
    2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
    2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
    2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
    2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
    2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
    2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
    2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    .
    ============= FINISH: 14:49:02.45 ===============
     
  9. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/11/2011 5:18:08 PM
    System Uptime: 23/10/2014 1:37:49 PM (1 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | G74Sx
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 279 GiB total, 192.741 GiB free.
    D: is FIXED (NTFS) - 394 GiB total, 394.08 GiB free.
    E: is FIXED (NTFS) - 349 GiB total, 349.206 GiB free.
    F: is FIXED (NTFS) - 349 GiB total, 193.174 GiB free.
    G: is CDROM (UDF)
    H: is Removable
    R: is FIXED (FAT32) - 25 GiB total, 1.727 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: LogMeIn Kernel Information Provider
    Device ID: ROOT\LEGACY_LMIINFO\0000
    Manufacturer:
    Name: LogMeIn Kernel Information Provider
    PNP Device ID: ROOT\LEGACY_LMIINFO\0000
    Service: LMIInfo
    .
    ==== System Restore Points ===================
    .
    RP420: 20/10/2014 2:30:32 PM - Removed LogMeIn Hamachi
    RP421: 20/10/2014 3:02:54 PM - Removed Bell Mobile Broadband Drivers.
    RP422: 20/10/2014 3:14:56 PM - Removed LogMeIn
    RP423: 20/10/2014 3:20:14 PM - Installed Mobile Connect.
    RP424: 20/10/2014 4:01:25 PM - Windows Update
    RP425: 20/10/2014 4:04:11 PM - Windows Update
    RP426: 20/10/2014 4:23:33 PM - Windows Backup
    RP427: 21/10/2014 1:15:12 PM - Installed ActivePerl 5.18.2 Build 1802 (64-bit)
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Antivirus Pro
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS USB Charger Plus
    ASUS Virtual Camera
    ASUS WebStorage
    AsusScr_G74 Series_ENG
    AsusVibe2.0
    ATK Package
    Avira System Speedup
    Bell Mobile Broadband Drivers
    BitTorrent
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Dropbox
    eReg
    Finger Sensing Pad Driver
    Fresco Logic USB3.0 Host Controller
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Update Helper
    InstallVC90Support
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Java 7 Update 67 (64-bit)
    Java SE Development Kit 7 Update 67 (64-bit)
    Junk Mail filter update
    LG USB Modem driver
    Logitech SetPoint 6.61
    Malwarebytes Anti-Malware version 2.0.3.1025
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 365 - en-us
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mobile Connect
    Mozilla Firefox 29.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    Nightly 33.0a1 (x64 en-US)
    NVIDIA 3D Vision Driver 344.11
    NVIDIA Control Panel 344.11
    NVIDIA GeForce Experience 2.1.2
    NVIDIA GeForce Experience Service
    NVIDIA Graphics Driver 344.11
    NVIDIA HD Audio Driver 1.3.32.1
    NVIDIA Install Application
    NVIDIA LED Visualizer 1.0
    NVIDIA Network Service
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.14.0702
    NVIDIA ShadowPlay 16.13.42
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 16.13.42
    NVIDIA Update Core
    NVIDIA Virtual Audio 1.2.25
    Office 15 Click-to-Run Extensibility Component
    Office 15 Click-to-Run Licensing Component
    Office 15 Click-to-Run Localization Component
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    RoboForm 7-9-8-5 (All Users)
    RuneScape Launcher 1.2.3
    SAMSUNG Intelli-studio
    Seagate Dashboard
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    SHIELD Streaming
    SHIELD Wireless Controller Driver
    Skype Click to Call
    Skype™ 6.18
    syncables desktop SE
    THX TruStudio
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    WinRAR 4.20 (32-bit)
    Wireless Console 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Tcp Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    23/10/2014 1:38:12 PM, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
    22/10/2014 6:39:09 PM, Error: Service Control Manager [7024] - The Avira Web Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:30:42 PM, Error: Service Control Manager [7024] - The Avira Mail Protection service terminated with service-specific error Incorrect function..
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    22/10/2014 6:26:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    22/10/2014 6:26:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    22/10/2014 6:26:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    22/10/2014 6:26:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:12:54 PM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
    22/10/2014 6:11:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Microsoft iSCSI Initiator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 6:10:54 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    22/10/2014 4:58:55 PM, Error: volmgr [46] - Crash dump initialization failed!
    22/10/2014 4:33:56 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
    22/10/2014 4:29:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    22/10/2014 4:28:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATKWMIACPIIO_ avfwot avipbb avkmgr discache mbamchameleon spldr Wanarpv6
    22/10/2014 4:16:05 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    22/10/2014 3:04:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avfwot
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Web Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7001] - The Avira Mail Protection service depends on the Avira Real-Time Protection service which failed to start because of the following error: The operation completed successfully.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    22/10/2014 2:38:02 PM, Error: Service Control Manager [7000] - The Application Information service failed to start due to the following error: A system shutdown is in progress.
    22/10/2014 2:38:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    22/10/2014 2:31:09 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Type with the following error: Access is denied.
    22/10/2014 2:27:35 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 4 time(s).
    22/10/2014 2:27:04 PM, Error: Service Control Manager [7034] - The Avira Web Protection service terminated unexpectedly. It has done this 3 time(s).
    22/10/2014 2:26:53 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for ImagePath with the following error: Access is denied.
    22/10/2014 2:26:25 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DisplayName with the following error: Access is denied.
    22/10/2014 2:20:15 PM, Error: Service Control Manager [7031] - The Avira Web Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    22/10/2014 2:15:14 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    22/10/2014 12:30:01 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 195.180.0.5 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    22/10/2014 12:17:13 PM, Error: Microsoft-Windows-Diagnostics-Networking [5300] - An error occurred. The Network Diagnostics Framework failed to complete the repair phase of operation. A Windows Error Report was generated. [2147942487]
    22/10/2014 1:53:58 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{721FD7A1-6E65-4708-A81E-A6F7F34D5B18} because another computer on the network has the same name. The server could not start.
    22/10/2014 1:39:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AntiVirWebService service.
    22/10/2014 1:08:58 PM, Error: NWBellRmNet [4000] - <qnet0001>: SIM is not inserted or bad SIM detected
    21/10/2014 8:14:54 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 10.142.126.182 with the system having network hardware address 00-A0-C6-00-00-01. Network operations on this system may be disrupted as a result.
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2928562).
    20/10/2014 4:02:28 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 7 for x64-based Systems (KB2908783).
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Description with the following error: Access is denied.
    20/10/2014 3:36:27 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DelayedAutostart with the following error: Access is denied.
    20/10/2014 3:14:36 PM, Error: Service Control Manager [7023] - The LogMeIn service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions.
    20/10/2014 2:28:03 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    20/10/2014 1:54:47 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.
    17/10/2014 11:10:15 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    16/10/2014 3:20:15 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
    16/10/2014 11:55:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
    16/10/2014 11:51:13 AM, Error: Service Control Manager [7034] - The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).
    16/10/2014 11:45:41 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Seagate MobileBackup Service service to connect.
    .
    ==== End Of File ===========================
     
  10. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    Umm by the looks of that report am I suppose to stay online while I use these programs so the programs can use the internet if needed? im doing all scans offline atm unless um told to be connected during the scan processes just as a precaution so this so called trogen cant access the internet unless thats what you need so a program can catch it? also I have bin turning off all security just like before so if I do go online I feel better to make sure there on first. if you really can help fix all my issues then I prob will donate a bit to you just to show my appreciation :)

    also if you need me to scan with my av again then asa heads up it usualy takes 3-4h ish to scan everything because for some reason this computer came with a lot of files right off the bat. so far making a new backup take a bit of time also but not to bad maybe about 15-20min give it take.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It doesn't matter if you're connected or not.

    I still need MBAR logs.
     
  12. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    K the scan just finished so here you goand yes I restarted my computer after the scan prior to posting because it did detect 1 malware

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.24.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    dale :: DALE-ASUS [administrator]

    23/10/2014 8:35:39 PM
    mbar-log-2014-10-23 (20-35-39).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 318026
    Time elapsed: 11 minute(s), 30 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe (Trojan.FakeMS.ED) -> Delete on reboot. [635eef280b716fc7c01e498cbb46bd43]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8565989376, free: 4359966720

    Downloaded database version: v2014.10.24.01
    Canceled update
    Downloaded database version: v2014.10.24.01
    Downloaded database version: v2014.10.22.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    10/23/2014 20:34:41
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\drivers\qmpvp.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avfwot.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\rdpdispm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\AiCharger.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\fspad_win764.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\drivers\msiscsi.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\NWADIenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\LHidEqd.Sys
    \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\avnetflt.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\wininet.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\sechost.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\usp10.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\ole32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007839060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-2\
    Lower Device Object: 0xfffffa8007203050
    Lower Device Driver Name: \Driver\iaStor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80077e3790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8007205050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80077e32c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80072014c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8007205050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 38601C96

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 52428800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848 Numsec = 586057728
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 638488576 Numsec = 826656768

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007839ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007201e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8007203050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BBC58B91

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 732545024

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 732547072 Numsec = 732602096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe --> [Trojan.FakeMS.ED]
    Scan finished
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
    Last edited: Oct 24, 2014
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Re-run MBAR one more time and post fresh logs.
     
  14. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    No detections :)

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.24.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17358
    dale :: DALE-ASUS [administrator]

    23/10/2014 9:12:25 PM
    mbar-log-2014-10-23 (21-12-25).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 318443
    Time elapsed: 13 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8565989376, free: 4359966720

    Downloaded database version: v2014.10.24.01
    Canceled update
    Downloaded database version: v2014.10.24.01
    Downloaded database version: v2014.10.22.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    10/23/2014 20:34:41
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\drivers\qmpvp.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\DRIVERS\avfwot.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\avkmgr.sys
    \SystemRoot\system32\DRIVERS\avipbb.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\rdpdispm.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\DRIVERS\AiCharger.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\Rt64win7.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\fspad_win764.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\wmiacpi.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\drivers\msiscsi.sys
    \SystemRoot\system32\drivers\storport.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\NWADIenum.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\drivers\nvvad64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\ew_jubusenum.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\MBfilt64.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\LHidEqd.Sys
    \SystemRoot\system32\DRIVERS\LHidFilt.Sys
    \SystemRoot\system32\DRIVERS\LMouFilt.Sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\avgntflt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\DRIVERS\avnetflt.sys
    \??\C:\Windows\system32\drivers\LMIRfsDriver.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\drivers\WudfPf.sys
    \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\system32\DRIVERS\Sftredirlh.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\system32\DRIVERS\cdfs.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\gdi32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\wininet.dll
    \Windows\System32\nsi.dll
    \Windows\System32\msctf.dll
    \Windows\System32\sechost.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\usp10.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\ole32.dll
    \Windows\System32\lpk.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\userenv.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\msasn1.dll
    \Windows\System32\profapi.dll
    \Windows\SysWOW64\normaliz.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk1\DR1
    Upper Device Object: 0xfffffa8007839060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-2\
    Lower Device Object: 0xfffffa8007203050
    Lower Device Driver Name: \Driver\iaStor\
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa80077e3790
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8007205050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa80077e32c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa80077e3790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80072014c0, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8007205050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 38601C96

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 52428800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848 Numsec = 586057728
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 638488576 Numsec = 826656768

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Physical Sector Size: 512
    Drive: 1, DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8007839ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007839060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8007201e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa8007203050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BBC58B91

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 732545024

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 732547072 Numsec = 732602096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Done!
    Infected: C:\Users\dale\AppData\Local\Temp\tmp1D8E.exe --> [Trojan.FakeMS.ED]
    Scan finished
    Cleaning up...
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17358

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, Q:\ DRIVE_FIXED, R:\ DRIVE_FIXED
    CPU speed: 1.995000 GHz
    Memory total: 8565989376, free: 5644705792

    Initializing...
    ======================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 38601C96

    Partition information:

    Partition 0 type is Other (0xc)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 52428800

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 52430848 Numsec = 586057728
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 638488576 Numsec = 826656768

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: BBC58B91

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048 Numsec = 732545024

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 732547072 Numsec = 732602096

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 750156374016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-52430848-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  15. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    So far my computer has bin running noticeably better and no more random detections shortly after internet connnection or any random windows saying copying files. but like your rules stated its not completly gone until you confirm it so I will keep checking back here to see what else you need me to do :)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  17. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    Worked with no problems. only thing is now my start menu button doesnt look the way it normally does but still works normaly. do you still need me to run roadkill again?

    ComboFix 14-10-24.01 - dale 24/10/2014 16:46:18.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6124 [GMT -7:00]
    Running from: c:\users\dale\Downloads\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
    SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\dale\AppData\Roaming\SearchProtect
    c:\users\dale\AppData\Roaming\SearchProtect\bin\rep.dat
    c:\windows\AsPatch10430001.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-24 to 2014-10-24 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-24 23:54 . 2014-10-24 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-24 21:40 . 2014-10-24 21:42 -------- d-----w- c:\programdata\TweakBit
    2014-10-24 21:40 . 2014-10-24 21:41 -------- d-----w- c:\program files (x86)\TweakBit
    2014-10-24 21:39 . 2014-10-24 21:39 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-10-24 21:38 . 2014-10-24 21:38 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1EE365-684A-4C16-BDA3-477242CD53BB}\offreg.dll
    2014-10-24 21:33 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BC1EE365-684A-4C16-BDA3-477242CD53BB}\mpengine.dll
    2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\users\dale\AppData\Local\VS Revo Group
    2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\programdata\VS Revo Group
    2014-10-24 21:09 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2014-10-24 21:09 . 2014-10-24 21:09 -------- d-----w- c:\program files\VS Revo Group
    2014-10-24 02:23 . 2014-10-24 02:23 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-24 02:23 . 2014-10-24 02:23 -------- d-----w- c:\programdata\RogueKiller
    2014-10-23 08:24 . 2014-10-23 20:36 -------- d-----w- c:\users\dale\AppData\Local\Ornhics
    2014-10-22 20:16 . 2014-10-22 20:16 -------- d-----w- c:\users\dale\AppData\Roaming\Avira
    2014-10-21 21:24 . 2014-10-21 21:24 -------- d-----w- c:\users\dale\AppData\Local\ActiveState
    2014-10-21 20:16 . 2014-10-21 20:19 -------- d-----w- C:\Perl64
    2014-10-21 00:23 . 2014-10-21 06:06 -------- d-----w- c:\programdata\BoostSoftware
    2014-10-20 22:23 . 2011-05-24 21:29 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
    2014-10-20 22:23 . 2011-05-24 21:29 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
    2014-10-20 22:23 . 2011-05-24 21:29 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
    2014-10-20 22:23 . 2011-05-24 21:29 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
    2014-10-20 22:23 . 2011-05-24 21:29 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
    2014-10-20 22:23 . 2011-05-24 21:29 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
    2014-10-20 22:23 . 2011-05-24 21:29 221312 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
    2014-10-20 22:23 . 2011-05-24 21:29 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
    2014-10-20 22:23 . 2011-05-24 21:29 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
    2014-10-20 22:23 . 2011-05-24 21:29 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
    2014-10-20 22:23 . 2011-05-24 21:29 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
    2014-10-20 22:23 . 2011-05-24 21:29 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
    2014-10-20 22:22 . 2014-10-20 22:22 -------- d-----w- c:\program files (x86)\Sierra Wireless Inc
    2014-10-19 03:09 . 2014-10-19 03:09 2507776 ----a-w- c:\programdata\Microsoft\Secure\Icons\IconsCacheHelper.dll
    2014-10-19 03:09 . 2014-10-19 03:09 3166208 ----a-w- c:\programdata\Microsoft\Secure\Icons\SecureIconsProvider.dll
    2014-10-16 10:20 . 2014-10-16 10:20 0 ----a-w- c:\windows\SysWow64\sho2B0.tmp
    2014-10-15 23:30 . 2014-09-29 00:58 3198976 ----a-w- c:\windows\system32\win32k.sys
    2014-10-15 23:30 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
    2014-10-15 23:30 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-15 23:30 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-15 23:30 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
    2014-10-15 23:30 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
    2014-10-15 23:30 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
    2014-10-15 23:27 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
    2014-10-15 23:27 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
    2014-10-15 23:25 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
    2014-10-15 23:25 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2014-10-13 21:33 . 2014-10-13 21:32 319912 ----a-w- c:\windows\system32\javaws.exe
    2014-10-13 21:32 . 2014-10-13 21:32 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-10-13 21:32 . 2014-10-13 21:32 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-10-13 21:32 . 2014-10-13 21:32 189352 ----a-w- c:\windows\system32\java.exe
    2014-10-13 11:04 . 2014-10-13 11:04 0 ----a-w- c:\windows\SysWow64\shoF4EA.tmp
    2014-10-12 03:10 . 2014-10-12 03:10 0 ----a-w- c:\windows\SysWow64\sho5A78.tmp
    2014-10-09 23:01 . 2014-10-09 23:10 -------- d-----w- c:\users\dale\AppData\Local\GitHub
    2014-10-09 23:01 . 2014-10-09 23:01 -------- d-----w- c:\users\dale\AppData\Roaming\GitHub
    2014-10-09 22:58 . 2014-10-19 04:59 -------- d-----w- c:\users\dale\AppData\Local\Deployment
    2014-10-09 22:58 . 2014-10-09 22:58 -------- d-----w- c:\users\dale\AppData\Local\Apps
    2014-10-09 06:02 . 2014-10-09 06:02 -------- d-----w- c:\users\dale\AppData\Roaming\NVIDIA
    2014-10-09 05:55 . 2014-10-09 05:55 -------- d-----w- c:\users\dale\AppData\Local\NVIDIA
    2014-10-09 05:55 . 2014-09-17 02:10 2193560 ----a-w- c:\windows\SysWow64\nvspcap.dll
    2014-10-09 05:55 . 2014-09-17 02:10 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
    2014-10-09 05:55 . 2014-09-17 02:10 2799784 ----a-w- c:\windows\system32\nvspcap64.dll
    2014-10-09 05:55 . 2014-09-17 02:10 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
    2014-10-09 05:55 . 2014-10-09 05:55 -------- d-----w- c:\program files (x86)\AGEIA Technologies
    2014-10-09 05:54 . 2014-09-13 20:13 613696 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2014-10-09 05:54 . 2014-09-13 21:53 6890696 ----a-w- c:\windows\system32\nvcpl.dll
    2014-10-09 05:54 . 2014-09-13 21:53 3529872 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-10-09 05:54 . 2014-09-13 21:53 934216 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-10-09 05:54 . 2014-09-13 21:53 62608 ----a-w- c:\windows\system32\nvshext.dll
    2014-10-09 05:54 . 2014-09-13 21:53 385168 ----a-w- c:\windows\system32\nvmctray.dll
    2014-10-09 05:54 . 2014-09-13 21:53 2557640 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-10-09 05:54 . 2014-09-11 15:37 3961833 ----a-w- c:\windows\system32\nvcoproc.bin
    2014-10-09 05:53 . 2014-09-13 23:48 73872 ----a-w- c:\windows\system32\OpenCL.dll
    2014-10-09 05:53 . 2014-09-13 23:48 60560 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-10-07 08:47 . 2014-10-07 08:47 0 ----a-w- c:\windows\SysWow64\shoB3BC.tmp
    2014-10-07 01:35 . 2014-10-07 01:35 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2014-10-07 01:32 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-10-07 01:32 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-10-07 01:32 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-10-07 01:32 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-24 03:50 . 2014-04-27 01:14 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-23 01:37 . 2013-08-27 06:22 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
    2014-10-23 01:37 . 2013-08-27 06:22 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2014-10-23 01:37 . 2013-08-27 06:22 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2014-10-16 18:59 . 2012-05-28 03:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-16 18:59 . 2012-05-28 03:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-16 10:01 . 2011-11-05 01:32 103265616 ----a-w- c:\windows\system32\MRT.exe
    2014-10-02 22:53 . 2011-11-04 16:50 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-01 18:11 . 2014-04-27 01:13 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-01 18:11 . 2014-04-27 01:13 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-01 18:11 . 2013-10-04 16:08 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-17 04:51 . 2013-01-07 23:14 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
    2014-08-25 01:05 . 2013-12-04 20:38 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2014-08-23 02:07 . 2014-08-30 16:41 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-30 16:41 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-01 11:53 . 2014-09-11 04:04 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-08-01 11:35 . 2014-09-11 04:04 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 131480 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    "AviraSpeedup"="c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe" [2014-10-23 5395704]
    "Uploader"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe" [2014-02-10 126056]
    "BitTorrent"="c:\users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe" [2014-10-10 1387864]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2012-02-02 2321072]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-12-23 318080]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2011-10-25 174720]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-10-23 703736]
    "Bell Canada Connection Manager"="c:\program files (x86)\Bell\Mobile Connect\MobileConnect.exe" [2012-08-28 87944]
    "DBAgent"="c:\program files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" [2014-02-10 1519176]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-1 548528]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    R2 BellCanadaRcAppSvc;Bell Canada Rc App Svc;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe;c:\program files (x86)\Bell\Mobile Connect\RcAppSvc.exe [x]
    R2 CABellCanada;Bell Canada Con App Svc;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]
    R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys;c:\windows\SYSNATIVE\DRIVERS\avfwim.sys [x]
    R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
    R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 NWBellRmNet;Novatel Wireless Bell RmNet Network Adapter;c:\windows\system32\DRIVERS\nwbellrmnet.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellrmnet.sys [x]
    R3 NWBellUSBModem;Novatel Wireless Bell USB Modem Driver;c:\windows\system32\DRIVERS\nwbellusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbmdm.sys [x]
    R3 NWBellUSBPort;Novatel Wireless Bell USB Status Port Driver;c:\windows\system32\DRIVERS\nwbellusbser.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbser.sys [x]
    R3 NWBellUSBPort2;Novatel Wireless Bell USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwbellusbser2.sys;c:\windows\SYSNATIVE\DRIVERS\nwbellusbser2.sys [x]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS;c:\windows\SYSNATIVE\PCTINDIS5X64.SYS [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
    R3 Seagate MobileBackup Service;Seagate MobileBackup Service;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S1 ATKWMIACPIIO_;ATKWMIACPI Driver_;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
    S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys;c:\windows\SYSNATIVE\DRIVERS\avfwot.sys [x]
    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
    S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
    S2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
    S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [x]
    S2 NWHelper;Novatel Wireless Device Helper ;c:\program files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe;c:\program files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]
    S2 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x]
    S3 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S3 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S3 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
    S3 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
    S3 fspad_win764;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_win764;c:\windows\system32\DRIVERS\fspad_win764.sys;c:\windows\SYSNATIVE\DRIVERS\fspad_win764.sys [x]
    S3 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
    S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
    S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
    S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
    S3 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
    S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
    S3 ProfileImpSvc;Native WiFi profile importer;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe;c:\program files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [x]
    S3 RDPDISPM;RDPDISPM;c:\windows\system32\DRIVERS\rdpdispm.sys;c:\windows\SYSNATIVE\DRIVERS\rdpdispm.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 Seagate Dashboard Services;Seagate Dashboard Services;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe;c:\program files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-17 19:43 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 18:59]
    .
    2014-10-23 c:\windows\Tasks\AviraSpeedup.job
    - c:\program files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [2014-10-20 00:53]
    .
    2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
    .
    2014-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-08-25 01:07 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2014-06-24 22:04 164760 ----a-w- c:\users\dale\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-01 12446824]
    "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
    IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
    Trusted Zone: facebook.com\www
    Trusted Zone: hotmail.com\www
    Trusted Zone: runescape.com\services
    Trusted Zone: runescape.com\www
    TCP: Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}: NameServer = 208.69.150.252,208.69.150.250
    TCP: Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1}: NameServer = 208.69.150.252,208.69.150.250
    FF - ProfilePath - c:\users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default\
    FF - prefs.js: browser.search.selectedEngine - My Online Search
    FF - prefs.js: browser.startup.homepage - www.google.ca
    FF - prefs.js: keyword.enabled - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{09152f0b-739c-4dec-a245-1aa8a37594f1} - (no file)
    URLSearchHooks-{f9bbf004-6e40-4019-8214-c43a37e1d058} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKCU-Run-SanDiskSecureAccess_Manager.exe - c:\users\dale\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
    Wow6432Node-HKCU-Run-BearShare - c:\program files (x86)\BearShare Applications\BearShare\BearShare.exe
    Wow6432Node-HKLM-Run-LogMeIn Hamachi Ui - c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PC Auto Backup.lnk - c:\program files (x86)\SAMSUNG\PC Auto Backup\AutoBackup.exe
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
    HKLM-Run-LogMeIn GUI - c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-10-24 16:57:08
    ComboFix-quarantined-files.txt 2014-10-24 23:57
    .
    Pre-Run: 205,978,513,408 bytes free
    Post-Run: 206,717,689,856 bytes free
    .
    - - End Of File - - FA3DF1CC2F72D7017D742BD86BDF8A7B
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  19. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    Adware cleaner had 2 logs R0 + S0

    # AdwCleaner v4.001 - Report created 24/10/2014 at 17:25:27
    # Updated 20/10/2014 by Xplode
    # Database :
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : dale - DALE-ASUS
    # Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\END
    File Found : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
    Folder Found : C:\Program Files (x86)\BearShare Applications
    Folder Found : C:\Program Files (x86)\Conduit
    Folder Found : C:\Program Files (x86)\Music Toolbar
    Folder Found : C:\Program Files (x86)\otshot
    Folder Found : C:\ProgramData\apn
    Folder Found : C:\ProgramData\Ask
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\Conduit
    Folder Found : C:\ProgramData\Partner
    Folder Found : C:\Users\dale\AppData\Local\apn
    Folder Found : C:\Users\dale\AppData\Local\Babylon
    Folder Found : C:\Users\dale\AppData\Local\Conduit
    Folder Found : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    Folder Found : C:\Users\dale\AppData\Local\iLivid
    Folder Found : C:\Users\dale\AppData\Local\jZip
    Folder Found : C:\Users\dale\AppData\LocalLow\Conduit
    Folder Found : C:\Users\dale\AppData\Roaming\DSite
    Folder Found : C:\Users\dale\Qtrax

    ***** [ Scheduled Tasks ] *****

    Task Found : QtraxPlayer
    Task Found : VisualBeeRecovery

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\APNDTX
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\dsiteproducts
    Key Found : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    Key Found : HKCU\Software\jZip
    Key Found : HKCU\Software\qtrax
    Key Found : HKCU\Software\Softonic
    Key Found : [x64] HKCU\Software\APNDTX
    Key Found : [x64] HKCU\Software\Conduit
    Key Found : [x64] HKCU\Software\dsiteproducts
    Key Found : [x64] HKCU\Software\jZip
    Key Found : [x64] HKCU\Software\qtrax
    Key Found : [x64] HKCU\Software\Softonic
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Found : HKLM\SOFTWARE\Conduit
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    Key Found : HKLM\SOFTWARE\VBMZ
    Key Found : HKLM\SOFTWARE\visualbee
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
    Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [w6cc8k2q.default] - Line Found : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
    [w6cc8k2q.default] - Line Found : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
    [w6cc8k2q.default] - Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
    [w6cc8k2q.default] - Line Found : user_pref("show.CT3297947", false);
    [w6cc8k2q.default] - Line Found : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");

    -\\ Google Chrome v38.0.2125.104


    *************************

    AdwCleaner[R0].txt - [7353 octets] - [24/10/2014 17:25:27]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7413 octets] ##########

    # AdwCleaner v4.001 - Report created 24/10/2014 at 17:27:13
    # DB v
    # Updated 20/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : dale - DALE-ASUS
    # Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\Users\dale\AppData\Local\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Users\dale\AppData\Local\Babylon
    Folder Deleted : C:\Program Files (x86)\BearShare Applications
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Users\dale\AppData\Local\Conduit
    Folder Deleted : C:\Users\dale\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\dale\AppData\Roaming\DSite
    Folder Deleted : C:\Users\dale\AppData\Local\iLivid
    Folder Deleted : C:\Users\dale\AppData\Local\jZip
    Folder Deleted : C:\Program Files (x86)\Music Toolbar
    Folder Deleted : C:\Program Files (x86)\otshot
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\dale\Qtrax
    Folder Deleted : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    File Deleted : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****

    Task Deleted : QtraxPlayer
    Task Deleted : VisualBeeRecovery

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
    Key Deleted : HKCU\Software\APNDTX
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\jZip
    Key Deleted : HKCU\Software\qtrax
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\VBMZ
    Key Deleted : HKLM\SOFTWARE\visualbee

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [w6cc8k2q.default] - Line Deleted : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
    [w6cc8k2q.default] - Line Deleted : user_pref("show.CT3297947", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");

    -\\ Google Chrome v38.0.2125.104

    # AdwCleaner v4.001 - Report created 24/10/2014 at 17:27:13
    # DB v
    # Updated 20/10/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : dale - DALE-ASUS
    # Running from : C:\Users\dale\Downloads\adwcleaner_4.001.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\apn
    Folder Deleted : C:\Users\dale\AppData\Local\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\Users\dale\AppData\Local\Babylon
    Folder Deleted : C:\Program Files (x86)\BearShare Applications
    Folder Deleted : C:\ProgramData\Conduit
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Users\dale\AppData\Local\Conduit
    Folder Deleted : C:\Users\dale\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\dale\AppData\Roaming\DSite
    Folder Deleted : C:\Users\dale\AppData\Local\iLivid
    Folder Deleted : C:\Users\dale\AppData\Local\jZip
    Folder Deleted : C:\Program Files (x86)\Music Toolbar
    Folder Deleted : C:\Program Files (x86)\otshot
    Folder Deleted : C:\ProgramData\Partner
    Folder Deleted : C:\Users\dale\Qtrax
    Folder Deleted : C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    File Deleted : C:\Users\dale\AppData\Local\CRE\hhepndnhfbdjmegechokkbabcphcihdi.crx
    File Deleted : C:\END

    ***** [ Scheduled Tasks ] *****

    Task Deleted : QtraxPlayer
    Task Deleted : VisualBeeRecovery

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\Google\Chrome\Extensions\hhepndnhfbdjmegechokkbabcphcihdi
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3614D305-2DBB-4991-9297-750DD60FFC73}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5637-00A7-7A786E7484D7}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
    Key Deleted : HKCU\Software\APNDTX
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\dsiteproducts
    Key Deleted : HKCU\Software\jZip
    Key Deleted : HKCU\Software\qtrax
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKLM\SOFTWARE\Conduit
    Key Deleted : HKLM\SOFTWARE\VBMZ
    Key Deleted : HKLM\SOFTWARE\visualbee

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344


    -\\ Mozilla Firefox v29.0.1 (en-US)

    [w6cc8k2q.default] - Line Deleted : user_pref("CT3297947_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1374867334746,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.com.avira.dnt.rules", "\"{\\\"Version\\\":38,\\\"Companies\\\":[{\\\"company\\\":\\\"Google Inc\\\",\\\"rules\\\":[{\\\"name\\\":\\\"Google Analytics\\\",\\\"category\\\[...]
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.AVIRA-V7.domain", "\"avira.search.ask.com\"");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3&n=77fd0c89&p2=^ZO^xdm038^YYA^ca&si=pd-angels");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013072521");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm038^YYA^ca");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "pd-angels");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "54D71C5C-12EF-4FF7-96B1-9CC1D6B7AAC3");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374811636017");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "V3J+V");
    [w6cc8k2q.default] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "utilitychest@mindspark.com");
    [w6cc8k2q.default] - Line Deleted : user_pref("show.CT3297947", false);
    [w6cc8k2q.default] - Line Deleted : user_pref("smartbar.machineId", "GFCEHZSPPAQFCXZFK6TI5C7G4AMWJNZ/5VZATSIZESFZGLUZPSKO/QC9F3L6P4+ZPVJ6OUTEYKBG/NRSSHSD4W");
    -\\ Google Chrome v38.0.2125.104


    *************************

    AdwCleaner[R0].txt - [7529 octets] - [24/10/2014 17:25:27]
    AdwCleaner[S0].txt - [7348 octets] - [24/10/2014 17:27:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7408 octets] ##########
     
  20. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.21.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by dale on 24/10/2014 at 17:36:57.43
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{931592A4-5A64-4FEE-A24E-5609858967C1}



    ~~~ Files

    Successfully deleted: [File] "C:\Users\dale\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\dale\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{531DAD27-6128-4272-957F-989CE160337E}
    Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{E1C96A1E-2218-463F-9EC3-671A2324CFDF}
    Successfully deleted: [Empty Folder] C:\Users\dale\appdata\local\{E87219FD-93EA-4807-8971-5A1929A7830B}



    ~~~ FireFox

    Emptied folder: C:\Users\dale\AppData\Roaming\mozilla\firefox\profiles\w6cc8k2q.default\minidumps [396 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 24/10/2014 at 17:41:34.46
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-10-2014
    Ran by dale (administrator) on DALE-ASUS on 24-10-2014 17:43:22
    Running from C:\Users\dale\Downloads
    Loaded Profile: dale (Available profiles: dale)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
    (Novatel Wireless Inc.) C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\perfhost.exe
    (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
    (Microsoft Corporation) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Avira) C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
    (SmithMicro Inc.) C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
    (Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic\Fresco Logic USB3.0 Host Controller\amd64_host\FLxHCIm.exe
    (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
    (Sentelic Corporation) C:\Program Files\FSP\FspUip.exe
    (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
    HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
    HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
    HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-02] (ASUSTeK Computer Inc.)
    HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [318080 2011-12-22] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174720 2011-10-24] (ASUS)
    HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-22] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [Bell Canada Connection Manager] => C:\Program Files (x86)\Bell\Mobile Connect\MobileConnect.exe [87944 2012-08-28] (Bell)
    HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-02-10] (Seagate Technology LLC)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup_internetsecuritysuite.exe [5395704 2014-10-22] (Avira)
    HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [126056 2014-02-10] (Seagate Technology LLC)
    HKU\S-1-5-21-2803351199-1918054348-220819788-1000\...\Run: [BitTorrent] => C:\Users\dale\AppData\Roaming\BitTorrent\BitTorrent.exe [1387864 2014-10-09] (BitTorrent Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
    ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
    ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
     
  22. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
    Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
    Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\..\Interfaces\{31404D12-408C-4CCC-A128-479DD520C0BC}: [NameServer] 208.69.150.252,208.69.150.250
    Tcpip\..\Interfaces\{5B6E6188-EB8A-4769-861E-48643C4699E1}: [NameServer] 208.69.150.252,208.69.150.250

    FireFox:
    ========
    FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\w6cc8k2q.default
    FF DefaultSearchEngine: My Online Search
    FF SearchEngineOrder.1:
    FF SelectedSearchEngine: My Online Search
    FF Homepage: www.google.ca
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-11]
    FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} [2014-05-11]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
    FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-04]
    FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2012-05-03]
    FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
    FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Nightly\firefox.exe

    Chrome:
    =======
    CHR DefaultSearchKeyword: Default -> ask.com
    CHR DefaultSearchURL: Default -> http://dts.search.ask.com/sr?src=cr...E002&o=APN10641&apn_ptnrs=AG2&q={searchTerms}
    CHR DefaultSuggestURL: Default ->
    CHR Profile: C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
    CHR Extension: (Google Drive) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
    CHR Extension: (YouTube) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-08]
    CHR Extension: (Google Search) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-08]
    CHR Extension: (Vgrabber1) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhepndnhfbdjmegechokkbabcphcihdi [2014-01-12]
    CHR Extension: (Skype Click to Call) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-09-30]
    CHR Extension: (Google Wallet) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR Extension: (Gmail) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-08]
    CHR Extension: (RoboForm) - C:\Users\dale\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-07-01]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-07-01]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [806704 2014-10-22] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-10-22] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-10-22] (Avira Operations GmbH & Co. KG)
    R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [994096 2014-10-22] (Avira Operations GmbH & Co. KG)
    S2 BellCanadaRcAppSvc; C:\Program Files (x86)\Bell\Mobile Connect\RcAppSvc.exe [120712 2012-08-28] (SmithMicro Inc.)
    R3 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R3 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 CABellCanada; C:\Program Files (x86)\Bell\Mobile Connect\ConAppsSvc.exe [124808 2012-08-28] (SmithMicro Inc.)
    R3 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-15] (Creative Labs) [File not signed]
    R3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-09-16] (NVIDIA Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-09-16] (NVIDIA Corporation)
    R3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19440960 2014-09-16] (NVIDIA Corporation)
    R2 NvtlService; C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [96128 2012-08-07] ()
    R2 NWHelper; C:\Program Files (x86)\Novatel Wireless\Bell\Drivers\NWHelper.exe [270336 2010-06-03] (Novatel Wireless Inc.) [File not signed]
    R3 ProfileImpSvc; C:\Program Files (x86)\Bell\Mobile Connect\ProfileImpSvc.exe [169864 2012-08-28] (SmithMicro Inc.)
    R3 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-02-10] (Seagate Technology LLC)
    S3 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-02-10] (Seagate Technology LLC)
    R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
     
  23. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-01-30] (ASUSTek Computer Inc.)
    U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
    R1 ATKWMIACPIIO_; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [17536 2011-09-07] (ASUS)
    S3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-08-26] (Avira GmbH)
    R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-08-26] (Avira GmbH)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-22] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-22] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-05] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [43064 2014-10-22] (Avira Operations GmbH & Co. KG)
    U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [117248 2011-05-24] (Huawei Technologies Co., Ltd.)
    R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [76584 2012-07-18] (Fresco Logic)
    R3 fspad_win764; C:\Windows\System32\DRIVERS\fspad_win764.sys [53760 2011-06-18] (Windows (R) Win 7 DDK provider)
    R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
    S4 LMIRfsClientNP; No ImagePath
    R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-24] (Malwarebytes Corporation)
    S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20288 2014-09-16] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation)
    R3 NWBellRmNet; C:\Windows\System32\DRIVERS\nwbellrmnet.sys [350208 2011-08-25] (Novatel Wireless Inc.)
    R3 NWBellUSBModem; C:\Windows\System32\DRIVERS\nwbellusbmdm.sys [222208 2011-08-25] (Novatel Wireless Inc.)
    R3 NWBellUSBPort; C:\Windows\System32\DRIVERS\nwbellusbser.sys [222208 2011-08-25] (Novatel Wireless Inc.)
    R3 NWBellUSBPort2; C:\Windows\System32\DRIVERS\nwbellusbser2.sys [222208 2011-08-25] (Novatel Wireless Inc.)
    S3 PCTINDIS5X64; C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-08-05] (Smith Micro Inc.)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-23] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
    S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
    S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
    S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-24 17:41 - 2014-10-24 17:41 - 00001791 _____ () C:\Users\dale\Desktop\JRT.txt
    2014-10-24 17:34 - 2014-10-24 17:34 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-24 17:32 - 2014-10-24 17:32 - 00000000 ____D () C:\Users\dale\AppData\Local\CrashDumps
    2014-10-24 17:25 - 2014-10-24 17:27 - 00000000 ____D () C:\AdwCleaner
    2014-10-24 17:22 - 2014-10-24 17:22 - 02112000 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
    2014-10-24 17:21 - 2014-10-24 17:21 - 01706144 _____ (Thisisu) C:\Users\dale\Downloads\JRT.exe
    2014-10-24 17:19 - 2014-10-24 17:19 - 01962496 _____ () C:\Users\dale\Downloads\adwcleaner_4.001.exe
    2014-10-24 16:44 - 2014-10-24 16:57 - 00000000 ____D () C:\Qoobox
    2014-10-24 16:44 - 2014-10-24 16:57 - 00000000 ____D () C:\ComboFix
    2014-10-24 16:44 - 2014-10-24 16:55 - 00000000 ____D () C:\Windows\erdnt
    2014-10-24 16:44 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-24 16:44 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-24 16:44 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-24 16:44 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-24 16:44 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-24 16:44 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-24 16:44 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-24 16:44 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-24 16:29 - 2014-10-24 16:30 - 05583977 ____R (Swearware) C:\Users\dale\Downloads\ComboFix.exe
    2014-10-24 14:51 - 2014-10-24 14:57 - 120133880 _____ (Microsoft Corporation) C:\Users\dale\Documents\msert.exe
    2014-10-24 14:49 - 2014-10-24 15:00 - 306270552 _____ (NVIDIA Corporation) C:\Users\dale\Downloads\344.48-notebook-win8-win7-64bit-international-whql.exe
    2014-10-24 14:41 - 2014-10-24 14:41 - 00001152 _____ () C:\Users\dale\Desktop\TweakBit PCCleaner.lnk
    2014-10-24 14:40 - 2014-10-24 14:42 - 00000000 ____D () C:\Windows\System32\Tasks\TweakBit
    2014-10-24 14:40 - 2014-10-24 14:42 - 00000000 ____D () C:\ProgramData\TweakBit
    2014-10-24 14:40 - 2014-10-24 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
    2014-10-24 14:40 - 2014-10-24 14:41 - 00000000 ____D () C:\Program Files (x86)\TweakBit
    2014-10-24 14:40 - 2014-10-24 14:40 - 00001124 _____ () C:\Users\dale\Desktop\TweakBit FixMyPC.lnk
    2014-10-24 14:39 - 2014-10-24 14:39 - 08023896 _____ (Auslogics Labs Pty Ltd ) C:\Users\dale\Documents\fix-my-pc-setup.exe
    2014-10-24 14:27 - 2014-10-24 14:31 - 92658088 _____ (Oracle Corporation) C:\Users\dale\Documents\jre-8u25-windows-x64.exe
    2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\Users\dale\AppData\Local\VS Revo Group
    2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\ProgramData\VS Revo Group
    2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2014-10-24 14:09 - 2014-10-24 14:09 - 00000000 ____D () C:\Program Files\VS Revo Group
    2014-10-24 14:09 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
    2014-10-24 14:08 - 2014-10-24 14:08 - 10691640 _____ (VS Revo Group ) C:\Users\dale\Downloads\RevoUninProSetup.exe
    2014-10-23 20:28 - 2014-10-23 21:25 - 00000000 ____D () C:\Users\dale\Desktop\mbar
    2014-10-23 19:23 - 2014-10-23 19:23 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-23 19:23 - 2014-10-23 19:23 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-23 19:13 - 2014-10-23 19:14 - 16281688 _____ () C:\Users\dale\Downloads\RogueKiller.exe
    2014-10-23 14:33 - 2014-10-23 14:33 - 00005152 _____ () C:\Users\dale\Documents\Attach.zip
    2014-10-23 14:31 - 2014-10-23 14:31 - 00022946 _____ () C:\Users\dale\Documents\Attach.txt
    2014-10-23 14:26 - 2014-10-23 14:26 - 00688992 ____R (Swearware) C:\Users\dale\Downloads\dds.com
    2014-10-23 01:24 - 2014-10-23 13:36 - 00000000 ____D () C:\Users\dale\AppData\Local\Ornhics
    2014-10-22 17:52 - 2014-10-22 17:53 - 00000350 _____ () C:\Windows\Tasks\AviraSpeedup.job
    2014-10-22 13:16 - 2014-10-22 13:16 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Avira
    2014-10-21 15:40 - 2014-10-21 15:41 - 00000000 ____D () C:\Users\dale\Documents\backup files
    2014-10-21 14:24 - 2014-10-21 14:24 - 00000000 ____D () C:\Users\dale\AppData\Local\ActiveState
    2014-10-21 13:16 - 2014-10-21 13:19 - 00000000 ____D () C:\Perl64
    2014-10-20 20:16 - 2014-10-20 23:01 - 00000000 ____D () C:\Users\dale\Downloads\keep
    2014-10-20 20:09 - 2014-10-24 15:19 - 00000000 ____D () C:\Users\dale\Downloads\mods
    2014-10-20 17:23 - 2014-10-20 23:06 - 00000000 ____D () C:\ProgramData\BoostSoftware
    2014-10-20 17:22 - 2014-10-20 17:22 - 02909936 _____ (BoostSoftware Inc. ) C:\Users\dale\Downloads\PCHealthBoost-Setup.exe
    2014-10-20 15:23 - 2011-05-24 14:29 - 01001472 _____ (DiBcom SA) C:\Windows\system32\Drivers\mod7700.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00421376 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbwwan.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00221312 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ewusbmdm.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00212992 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juwwanecm.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00117248 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwusbdev.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00098816 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcacm.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00086016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jubusenum.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00069632 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_jucdcecm.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00032768 _____ (Huawei Tech. Co., Ltd.) C:\Windows\system32\Drivers\ewdcsc.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00028672 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_juextctrl.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00022016 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_hwupgrade.sys
    2014-10-20 15:23 - 2011-05-24 14:29 - 00013952 _____ (Huawei Technologies Co., Ltd.) C:\Windows\system32\Drivers\ew_usbenumfilter.sys
    2014-10-20 15:22 - 2014-10-20 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bell
    2014-10-20 15:22 - 2014-10-20 15:22 - 00000000 ____D () C:\Program Files (x86)\Sierra Wireless Inc
    2014-10-20 14:26 - 2014-10-22 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2014-10-20 14:17 - 2014-10-22 17:53 - 00001315 _____ () C:\Users\dale\Desktop\Avira System Speedup.lnk
    2014-10-20 14:17 - 2014-10-20 14:17 - 00003384 _____ () C:\Windows\System32\Tasks\AviraSpeedup
    2014-10-18 21:27 - 2014-10-18 21:27 - 00002976 _____ () C:\Windows\System32\Tasks\{339E3F71-6C6E-490D-8FC3-9DD722E38906}
    2014-10-18 21:26 - 2014-10-18 21:26 - 00002976 _____ () C:\Windows\System32\Tasks\{4177DDE1-F197-45A4-9D68-66C4857FD80A}
    2014-10-18 14:04 - 2014-10-17 12:03 - 00027821 _____ () C:\Users\dale\Documents\crash-2014-10-17_12.03.06-client.txt
    2014-10-17 14:00 - 2014-10-17 14:00 - 00001330 _____ () C:\Users\dale\Desktop\taskkill.lnk
    2014-10-16 03:20 - 2014-10-16 03:20 - 00000000 _____ () C:\Windows\SysWOW64\sho2B0.tmp
    2014-10-15 23:55 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-15 23:55 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-15 23:55 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-15 23:55 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-15 23:55 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-15 23:55 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-15 23:55 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-15 23:55 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-15 23:55 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-15 23:55 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-15 23:55 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-15 23:55 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-15 23:55 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-15 23:55 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-15 23:55 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-15 23:55 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-15 23:55 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-15 23:55 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-15 23:55 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-15 23:55 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-15 23:55 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-15 23:55 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-15 23:55 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-15 23:55 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-15 23:55 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-15 23:55 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-15 23:55 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-15 23:55 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-15 23:55 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-15 23:55 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-15 23:55 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-15 23:55 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-15 23:55 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-15 23:55 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-15 23:55 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-15 23:55 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-15 23:55 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-15 16:51 - 2014-10-15 16:16 - 00000127 ____N () C:\Users\dale\Documents\response-0001.json
    2014-10-15 16:30 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 16:30 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 16:30 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 16:30 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 16:30 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 16:30 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 16:30 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 16:29 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-15 16:29 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-15 16:29 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-15 16:29 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 16:29 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 16:29 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 16:29 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 16:29 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 16:29 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 16:29 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 16:29 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 16:29 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 16:29 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 16:29 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 16:29 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 16:29 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 16:29 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 16:29 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 16:29 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 16:29 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 16:29 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 16:29 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 16:29 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 16:29 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 16:29 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 16:29 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 16:29 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 16:29 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 16:29 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 16:29 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 16:29 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 16:29 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 16:29 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 16:29 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 16:29 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 16:29 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 16:29 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 16:29 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 16:29 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 16:29 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 16:29 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 16:29 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 16:29 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 16:29 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 16:29 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 16:29 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 16:29 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 16:29 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 16:29 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 16:29 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 16:29 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 16:29 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 16:29 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 16:29 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 16:29 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 16:29 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 16:29 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 16:29 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 16:29 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-15 16:29 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-15 16:29 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-15 16:29 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-15 16:29 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-15 16:29 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-15 16:29 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-10-15 16:29 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-15 16:27 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-15 16:27 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-15 16:26 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 16:26 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 16:26 - 2014-08-28 19:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 16:26 - 2014-08-28 19:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 16:26 - 2014-08-28 19:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2014-10-15 16:26 - 2014-08-28 19:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-10-15 16:26 - 2014-08-28 19:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-15 16:26 - 2014-08-28 18:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 16:26 - 2014-08-28 18:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-15 16:26 - 2014-08-28 18:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-15 16:26 - 2014-08-28 18:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-10-15 16:26 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 16:26 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 16:26 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 16:26 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 16:26 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 16:26 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 16:26 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 16:26 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 16:26 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 16:26 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 16:26 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-15 16:25 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 16:25 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-13 14:33 - 2014-10-13 14:32 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-10-13 14:32 - 2014-10-13 14:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-10-13 14:32 - 2014-10-13 14:32 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-10-13 14:32 - 2014-10-13 14:32 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-10-13 14:29 - 2014-10-13 14:30 - 31013800 _____ (Oracle Corporation) C:\Users\dale\Documents\jre-7u67-windows-x64.exe
    2014-10-13 04:04 - 2014-10-13 04:04 - 00000000 _____ () C:\Windows\SysWOW64\shoF4EA.tmp
    2014-10-11 20:10 - 2014-10-11 20:10 - 00000000 _____ () C:\Windows\SysWOW64\sho5A78.tmp
    2014-10-09 18:59 - 2014-10-09 19:00 - 00000000 ____D () C:\Users\dale\Downloads\New World
    2014-10-09 17:51 - 2014-10-09 17:51 - 02350021 _____ () C:\Users\dale\Downloads\mcpatcher-4.3.2_03.exe
    2014-10-09 17:35 - 2014-10-20 20:09 - 00000000 ____D () C:\Users\dale\Downloads\tekkit resource packs
    2014-10-09 16:01 - 2014-10-18 22:00 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
    2014-10-09 16:01 - 2014-10-09 16:10 - 00000000 ____D () C:\Users\dale\AppData\Local\GitHub
    2014-10-09 16:01 - 2014-10-09 16:02 - 00000000 ____D () C:\Users\dale\Documents\GitHub
    2014-10-09 16:01 - 2014-10-09 16:01 - 00000000 ____D () C:\Users\dale\AppData\Roaming\GitHub
    2014-10-09 15:58 - 2014-10-18 21:59 - 00000000 ____D () C:\Users\dale\AppData\Local\Deployment
    2014-10-09 15:58 - 2014-10-09 15:58 - 00000000 ____D () C:\Users\dale\AppData\Local\Apps\2.0
    2014-10-08 23:02 - 2014-10-08 23:02 - 00000000 ____D () C:\Users\dale\AppData\Roaming\NVIDIA
    2014-10-08 22:55 - 2014-10-08 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-10-08 22:55 - 2014-10-08 22:55 - 00000000 ____D () C:\Users\dale\AppData\Local\NVIDIA
    2014-10-08 22:55 - 2014-10-08 22:55 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
    2014-10-08 22:55 - 2014-09-16 19:10 - 02799784 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-10-08 22:55 - 2014-09-16 19:10 - 02193560 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-10-08 22:55 - 2014-09-16 19:10 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2014-10-08 22:55 - 2014-09-16 19:10 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2014-10-08 22:54 - 2014-09-13 14:53 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2014-10-08 22:54 - 2014-09-13 14:53 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2014-10-08 22:54 - 2014-09-13 14:53 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2014-10-08 22:54 - 2014-09-13 14:53 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2014-10-08 22:54 - 2014-09-13 14:53 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2014-10-08 22:54 - 2014-09-13 14:53 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2014-10-08 22:54 - 2014-09-13 13:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-10-08 22:54 - 2014-09-11 08:37 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
    2014-10-08 22:53 - 2014-09-13 16:48 - 00073872 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2014-10-08 22:53 - 2014-09-13 16:48 - 00060560 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2014-10-08 22:52 - 2014-09-16 21:51 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
    2014-10-08 22:52 - 2014-09-16 21:51 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-10-08 22:52 - 2014-09-13 16:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-10-08 22:52 - 2014-09-13 16:48 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
    2014-10-08 22:52 - 2014-09-04 12:14 - 00038048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-10-08 22:52 - 2014-09-04 12:14 - 00034976 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2014-10-08 22:52 - 2014-09-04 12:14 - 00032416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-10-08 22:21 - 2014-10-08 22:26 - 319671744 _____ (NVIDIA Corporation) C:\Users\dale\Downloads\344.11-notebook-win8-win7-64bit-international-whql.exe
    2014-10-08 09:58 - 2014-10-08 09:58 - 00000000 ____D () C:\Users\dale\Downloads\saves
    2014-10-07 01:47 - 2014-10-07 01:47 - 00000000 _____ () C:\Windows\SysWOW64\shoB3BC.tmp
    2014-10-06 18:32 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-06 18:32 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-06 18:32 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-10-06 18:32 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-24 17:43 - 2014-07-26 07:55 - 00026560 _____ () C:\Users\dale\Downloads\FRST.txt
    2014-10-24 17:43 - 2014-07-26 07:55 - 00000000 ____D () C:\FRST
    2014-10-24 17:41 - 2011-04-01 21:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-24 17:41 - 2011-04-01 21:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-24 17:38 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-24 17:38 - 2009-07-13 21:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-24 17:35 - 2012-06-21 04:02 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
    2014-10-24 17:33 - 2014-02-25 23:05 - 00075767 _____ () C:\Windows\setupact.log
    2014-10-24 17:32 - 2014-02-08 00:26 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for dale-ASUS-dale dale-ASUS
    2014-10-24 17:31 - 2014-04-26 18:14 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-24 17:29 - 2014-03-25 16:49 - 00304686 _____ () C:\Windows\PFRO.log
    2014-10-24 17:29 - 2014-02-11 00:39 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
    2014-10-24 17:29 - 2012-09-13 22:09 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-10-24 17:29 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-24 17:28 - 2011-07-15 22:21 - 01343365 _____ () C:\Windows\WindowsUpdate.log
    2014-10-24 17:27 - 2011-11-02 17:18 - 00000000 ____D () C:\Users\dale
    2014-10-24 17:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\tracing
    2014-10-24 17:18 - 2009-07-13 22:13 - 00798844 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-24 17:09 - 2009-07-13 22:08 - 00032536 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2014-10-24 16:57 - 2009-07-13 20:20 - 00000000 __RHD () C:\Users\Default
    2014-10-24 16:54 - 2009-07-13 19:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-24 16:50 - 2012-05-27 20:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-24 14:36 - 2013-11-23 23:07 - 00000000 ____D () C:\Program Files\Java
    2014-10-24 14:36 - 2013-10-16 21:52 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-23 21:25 - 2013-10-04 11:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-23 19:16 - 2014-07-26 22:28 - 14349744 _____ (Malwarebytes Corp.) C:\Users\dale\Downloads\mbar-1.07.0.1012.exe
    2014-10-23 15:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-23 13:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Resources
    2014-10-22 18:39 - 2014-02-20 23:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviraSpeedup
    2014-10-22 18:39 - 2013-08-26 23:22 - 00000000 ____D () C:\Program Files (x86)\Avira
    2014-10-22 18:39 - 2012-04-30 17:32 - 00000000 ____D () C:\ProgramData\P4G
    2014-10-22 18:39 - 2011-11-04 10:45 - 00000000 ____D () C:\ProgramData\Avira
    2014-10-22 18:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-22 18:39 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\registration
    2014-10-22 18:37 - 2013-08-26 23:22 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
    2014-10-22 18:37 - 2013-08-26 23:22 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
    2014-10-22 18:37 - 2013-08-26 23:22 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
    2014-10-22 18:29 - 2013-10-07 22:35 - 00000000 ____D () C:\Windows\pss
    2014-10-22 16:32 - 2009-07-14 00:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2014-10-20 23:25 - 2013-08-26 23:23 - 00002068 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
    2014-10-20 17:20 - 2013-02-09 15:34 - 00000000 ____D () C:\Users\dale\AppData\Roaming\SoftGrid Client
    2014-10-20 16:07 - 2012-12-15 23:13 - 00000000 ___RD () C:\Users\dale\Dropbox
    2014-10-20 15:35 - 2014-04-26 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-20 15:35 - 2014-04-26 18:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-20 15:35 - 2013-10-04 09:08 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-20 15:30 - 2012-12-15 23:06 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Dropbox
    2014-10-20 15:22 - 2012-04-30 17:45 - 00000000 ____D () C:\Program Files (x86)\Novatel Wireless
    2014-10-20 15:22 - 2012-04-30 17:39 - 00000000 ____D () C:\ProgramData\Bell
    2014-10-20 15:20 - 2011-11-04 18:38 - 00009255 _____ () C:\Windows\SysWOW64\pcregtemp.txt
    2014-10-20 15:15 - 2013-08-31 16:27 - 00000000 ____D () C:\ProgramData\LogMeIn
    2014-10-20 15:15 - 2013-08-31 16:27 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
    2014-10-20 14:31 - 2013-09-01 01:59 - 00000000 ____D () C:\Users\dale\AppData\Local\LogMeIn Hamachi
    2014-10-20 14:14 - 2014-02-20 23:44 - 08280992 _____ (Avira) C:\Users\dale\Downloads\avira_speedup_internetsecuritysuite.exe
    2014-10-18 23:57 - 2014-04-08 16:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\BitTorrent
    2014-10-18 21:40 - 2013-07-17 17:51 - 00000000 ____D () C:\Users\dale\AppData\Roaming\.minecraft
    2014-10-17 11:09 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-16 12:00 - 2014-08-20 11:19 - 00000000 ____D () C:\Users\dale\AppData\Local\Adobe
    2014-10-16 11:59 - 2012-05-27 20:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-16 11:59 - 2012-05-27 20:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-16 11:59 - 2012-05-27 20:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-16 11:47 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-16 11:44 - 2009-07-13 21:45 - 00437120 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-16 11:42 - 2014-04-22 16:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-16 11:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-16 11:42 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-16 03:07 - 2013-07-15 11:55 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-16 03:01 - 2011-11-04 18:32 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-08 22:56 - 2013-11-23 23:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-10-08 22:56 - 2012-08-06 00:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-10-08 22:55 - 2013-12-17 13:05 - 00000000 ____D () C:\Users\dale\AppData\Local\NVIDIA Corporation
    2014-10-08 22:55 - 2012-09-13 22:09 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-10-08 22:54 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
    2014-10-06 18:35 - 2012-06-21 04:02 - 00000000 ____D () C:\ProgramData\Skype
    2014-10-02 15:53 - 2011-11-04 09:50 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-01 11:11 - 2014-04-26 18:13 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-01 11:11 - 2014-04-26 18:13 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-01 11:11 - 2013-10-04 09:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

    Files to move or delete:
    ====================
    C:\Users\dale\jagex_cl_oldschool_LIVE.dat
    C:\Users\dale\jagex_cl_runescape_LIVE.dat
    C:\Users\dale\jagex_cl_runescape_LIVE1.dat
    C:\Users\dale\jagex_cl_runescape_LIVE_BETA.dat
    C:\Users\dale\random.dat


    Some content of TEMP:
    ====================
    C:\Users\dale\AppData\Local\Temp\avgnt.exe
    C:\Users\dale\AppData\Local\Temp\Quarantine.exe
    C:\Users\dale\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-23 15:17

    ==================== End Of Log ============================
     
  24. soderquist1

    soderquist1 TS Rookie Topic Starter Posts: 31

    Dang that farbar made a very big log longer then 50k so I had to breake it down into 3 sections.
    your sure giving me a lot of programs to use and yes I did them all in order and done exactly what your post suggested :)
     
  25. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    I still need Addition.txt log from FRST.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...