Solved I have a white screen when Windows 7 finishes loading

[USAF83]

Combofix worked OK.
ComboFix 15-02-09.01 - MIKE 02/12/2015 23:18:31.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3564.1340 [GMT -6:00]
Running from: c:\users\MIKE\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MIKE\AppData\Local\Adobe\downloader.dll
c:\users\MIKE\AppData\Local\Adobe\gccheck.exe
c:\users\MIKE\AppData\Local\Adobe\gtbcheck.exe
c:\users\MIKE\AppData\Local\assembly\tmp
c:\windows\system32\AdobePDF.dll
c:\windows\wininit.ini
E:\install.exe
G:\Autorun.inf
G:\setup.exe
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Service_CltMngSvc
.
.
((((((((((((((((((((((((( Files Created from 2015-01-13 to 2015-02-13 )))))))))))))))))))))))))))))))
.
.
2015-02-13 05:23 . 2015-02-13 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-13 03:37 . 2015-02-13 03:53 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2015-02-13 03:11 . 2015-02-13 03:22 35064 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2015-02-13 03:11 . 2015-02-13 03:11 -------- d-----w- c:\programdata\RogueKiller
2015-02-13 03:04 . 2015-02-13 03:04 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED336A9-2A7B-403C-8F57-37024D575ADC}\MpKsl7e8d1ddc.sys
2015-02-13 02:52 . 2015-02-13 03:05 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED336A9-2A7B-403C-8F57-37024D575ADC}\offreg.dll
2015-02-13 02:34 . 2015-02-13 02:34 -------- d--h--w- c:\windows\PIF
2015-02-13 02:18 . 2015-02-13 02:18 -------- d-----w- c:\programdata\explauncher
2015-02-13 02:07 . 2015-02-13 02:07 -------- dc----w- c:\windows\system32\DRVSTORE
2015-02-13 02:07 . 2013-02-18 19:59 27136 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2015-02-13 01:52 . 2015-02-13 02:02 -------- d-----w- c:\users\MIKE\AppData\Roaming\dlg
2015-02-13 01:47 . 2015-02-13 01:47 -------- d-----w- c:\programdata\launcher
2015-02-12 23:53 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED336A9-2A7B-403C-8F57-37024D575ADC}\mpengine.dll
2015-02-12 21:39 . 2015-02-12 21:47 -------- d-----w- C:\FRST
2015-02-12 04:14 . 2015-02-12 04:14 -------- d-----w- c:\users\MIKE\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-02-12 04:12 . 2015-02-12 04:12 -------- d-----w- c:\programdata\{77089FCB-278A-4E4D-960C-3ECF468EED41}
2015-02-11 19:42 . 2014-09-16 17:44 908840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA3F2B3D-386D-46DE-91D5-203D9E389B36}\gapaengine.dll
2015-02-11 19:42 . 2014-12-02 11:01 9054624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-02-11 16:37 . 2015-01-23 03:00 1810944 ----a-w- c:\windows\system32\jscript9.dll
2015-02-05 21:01 . 2015-01-23 10:40 73816 ----a-w- c:\program files\Mozilla Firefox\wow_helper.exe
2015-02-05 21:01 . 2015-01-23 10:38 922168 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2015-02-05 21:01 . 2015-01-23 10:38 49776 ----a-w- c:\program files\Mozilla Firefox\browser\components\browsercomps.dll
2015-02-05 16:09 . 2014-10-18 01:33 3209728 ----a-w- c:\windows\system32\mf.dll
2015-02-05 16:09 . 2014-07-07 01:40 103424 ----a-w- c:\windows\system32\mfps.dll
2015-02-05 16:09 . 2014-07-07 01:39 50176 ----a-w- c:\windows\system32\rrinstaller.exe
2015-02-05 16:09 . 2014-07-07 01:39 23040 ----a-w- c:\windows\system32\mfpmp.exe
2015-02-05 16:09 . 2014-07-07 01:37 2048 ----a-w- c:\windows\system32\mferror.dll
2015-02-05 15:58 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\system32\msi.dll
2015-02-05 15:58 . 2014-11-11 01:32 74752 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-02-05 15:58 . 2014-11-08 02:45 2048 ----a-w- c:\windows\system32\tzres.dll
2015-02-05 15:58 . 2014-10-30 01:45 155136 ----a-w- c:\windows\system32\charmap.exe
2015-02-05 15:58 . 2014-10-03 01:45 1177088 ----a-w- c:\windows\system32\WsmSvc.dll
2015-02-05 15:58 . 2014-10-03 01:45 248832 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2015-02-05 15:58 . 2014-10-03 01:45 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2015-02-05 15:58 . 2014-10-03 01:45 145920 ----a-w- c:\windows\system32\WsmAuto.dll
2015-02-05 15:58 . 2014-10-03 01:44 198656 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-13 03:37 . 2014-07-04 00:56 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-13 03:37 . 2014-07-04 00:56 82648 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-02-12 04:10 . 2014-01-12 00:11 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-12 04:10 . 2014-01-12 00:11 701616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-12-31 11:13 . 2014-01-12 04:57 249488 ------w- c:\windows\system32\MpSigStub.exe
2014-12-19 02:43 . 2015-01-13 21:48 164864 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:34 . 2015-01-13 21:48 116224 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-13 00:12 . 2014-09-19 17:31 1291464 ----a-w- c:\windows\system32\nvspbridge.dll
2014-12-13 00:12 . 2014-04-18 15:05 2210040 ----a-w- c:\windows\system32\nvspcap.dll
2014-12-11 17:47 . 2015-01-13 21:48 74240 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-06 03:50 . 2015-01-13 21:48 242688 ----a-w- c:\windows\system32\nlasvc.dll
2014-11-22 10:46 . 2014-12-18 20:40 32912 ----a-w- c:\windows\system32\drivers\nvvad32v.sys
2014-11-22 10:46 . 2014-04-18 15:04 32400 ----a-w- c:\windows\system32\nvaudcap32v.dll
2014-11-21 12:14 . 2014-07-04 00:56 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 12:14 . 2014-07-04 00:56 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-15 20:46 . 2014-11-15 20:46 239224 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2014-11-15 20:46 . 2014-03-11 14:52 95408 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-12 03:50 222832 ----a-w- c:\users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-12 03:50 222832 ----a-w- c:\users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-12 03:50 222832 ----a-w- c:\users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\MIKE\AppData\Local\Akamai\netsession_win.exe" [2014-10-30 4673432]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2014-05-09 6983168]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2015-02-06 110160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2012-01-26 1058400]
"FUFAXRCV"="c:\program files\Epson Software\FAX Utility\FUFAXRCV.exe" [2012-02-29 502912]
"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2012-02-29 863360]
"RUSB3MON"="c:\program files\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 115048]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\\isuspm.exe" [2010-05-21 324976]
"PaperPort PTD"="d:\paperport\PaperPort\pptd40nt.exe" [2011-10-29 38824]
"IndexSearch"="d:\paperport\PaperPort\IndexSearch.exe" [2011-10-29 51120]
"PPort14reminder"="d:\paperport\PaperPort\Ereg\Ereg.exe" [2011-05-16 333088]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"Acrobat Assistant 8.0"="d:\adobe pro xi\Acrobat\Acrotray.exe" [2014-12-03 3498728]
"Launchpad"="c:\program files\Windows Server\Bin\Launchpad.exe" [2012-11-03 1099360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 2296600]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-12-13 2210040]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2013-06-13 19:31 64280 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl1a28ae8c;MpKsl1a28ae8c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED336A9-2A7B-403C-8F57-37024D575ADC}\MpKsl1a28ae8c.sys [2015-02-13 39464]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R3 FlexRadioSystemDAXService_Audio;DAX RX Audio (WDM);c:\windows\system32\DRIVERS\audiodax.sys [2014-06-05 43776]
R3 FlexRadioSystemDAXService_IQ;DAX RX IQ (WDM);c:\windows\system32\DRIVERS\iqdax.sys [2014-06-05 43648]
R3 FlexRadioSystemDAXService_TX;DAX TX Audio (WDM);c:\windows\system32\DRIVERS\txdax.sys [2014-06-05 43648]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 25112]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2014-01-21 1343400]
R4 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2013-02-18 27136]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2013-12-03 26248]
S1 MpKsl7e8d1ddc;MpKsl7e8d1ddc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6ED336A9-2A7B-403C-8F57-37024D575ADC}\MpKsl7e8d1ddc.sys [2015-02-13 39464]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\Drivers\Uim_Vim.sys [2013-02-18 283600]
S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2012-11-03 84576]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2014-11-11 1679536]
S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [2012-02-27 142432]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-05-10 539744]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc.exe [2011-12-12 122000]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2014-12-13 915600]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-04-20 462048]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2014-09-19 14624]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-06-25 166720]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-11-21 1871160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2014-11-21 969016]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-12-13 1701520]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-12-13 18186896]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;d:\paperport\PaperPort\PDFProFiltSrvPP.exe [2011-10-29 219496]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-10-15 3921880]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-09-20 1042272]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-09-13 171416]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-11-03 41568]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-11-12 410768]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-07-17 365376]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2012-11-03 98400]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 162176]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [2011-03-02 53504]

 

[USAF83]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [2013-05-23 42264]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [2013-05-23 10136]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-11-21 23256]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2015-02-13 114904]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-11-21 51928]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2012-07-02 55104]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2014-12-13 18576]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2014-11-22 32912]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-09-29 490088]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3hub.sys [2012-05-10 80256]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);c:\windows\system32\DRIVERS\rusb3xhc.sys [2012-05-10 171520]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-18 c:\windows\Tasks\Allway Sync_{406D25DFA39225BDD09522A270BA9096}.job
- d:\allway sync\Bin\syncappw.exe [2010-03-06 19:48]
.
2014-01-18 c:\windows\Tasks\Allway Sync_{46FC36D8CE030952E6138290111E83A7}.job
- d:\allway sync\Bin\syncappw.exe [2010-03-06 19:48]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-08 01:44]
.
2015-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-08 01:44]
.
.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = localhost:8080
uSearchAssistant = hxxp://www.google.com
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Fill Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Show RoboForm Toolbar - file://C:/Program Files/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\d4vvwqv4.default-1422632225485\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{C4D78C72-08DB-4A3F-9175-B265157283F3} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-TurboTax 2014 - d:\turbotax\Installer\TurboTax 2014 Installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(7480)
c:\windows\system32\FXSRESM.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft Mouse and Keyboard Center\itype.exe
c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\program files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
c:\windows\system32\conhost.exe
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\program files\Malwarebytes Anti-Malware\mbam.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2015-02-12 23:32:20 - machine was rebooted
ComboFix-quarantined-files.txt 2015-02-13 05:32
.
Pre-Run: 450,506,125,312 bytes free
Post-Run: 450,188,947,456 bytes free
.
- - End Of File - - ED767F52CDCFDA217C62FAC1CB4D30A9
A36C5E4F47E84449FF07ED3517B43A31

 

[USAF83]

I am going to have to call it a night. I'll check back tomorrow.

 

[Broni]

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Scan button.
• When the scan has finished click on Clean button.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[USAF83]

ADWCLEARNER.
# AdwCleaner v4.110 - Logfile created 13/02/2015 at 13:26:19
# Updated 05/02/2015 by Xplode
# Database : 2015-02-13.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x86)
# Username : MIKE - MAIN
# Running from : C:\Users\MIKE\Desktop\adwcleaner_4.110.exe
# Option : Cleaning
***** [ Services ] *****

***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Tarma Installer
[x] Not Deleted : C:\Users\MIKE\AppData\Local\FileTypeAssistant
Folder Deleted : C:\Users\MIKE\AppData\Local\iac
Folder Deleted : C:\Users\MIKE\AppData\Local\CrashRpt
***** [ Scheduled tasks ] *****
Task Deleted : ProgramRefresh-ATFST
Task Deleted : ProgramUpdateCheck
Task Deleted : Binkiland
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}
Key Deleted : HKCU\Software\FileTypeAssistant
Key Deleted : HKCU\Software\genesis
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\SPPDCOM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Soft-Now bundle
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
***** [ Web browsers ] *****
-\\ Internet Explorer v9.0.8112.16609

-\\ Mozilla Firefox v35.0.1 (x86 en-US)

-\\ Google Chrome v
[C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
*************************
AdwCleaner[R0].txt - [2574 bytes] - [13/02/2015 13:19:54]
AdwCleaner[S0].txt - [2653 bytes] - [13/02/2015 13:26:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2712 bytes] ##########

 

[USAF83]

JRT.
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x86
Ran by MIKE on Fri 02/13/2015 at 13:42:27.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\free download manager
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\MIKE\Local Settings\Application Data\filetypeassistant"
~~~ FireFox
Successfully deleted: [Folder] C:\Users\MIKE\AppData\Roaming\mozilla\firefox\profiles\d4vvwqv4.default-1422632225485\extensions\staged
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/13/2015 at 13:43:42.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[USAF83]

FRST.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-02-2015
Ran by MIKE (administrator) on MAIN on 13-02-2015 13:53:55
Running from C:\Users\MIKE\Desktop
Loaded Profiles: MIKE (Available profiles: MIKE)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
(Renesas Electronics Corporation) C:\Program Files\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Nuance Communications, Inc.) D:\PaperPort\PaperPort\pptd40nt.exe
(Adobe Systems Inc.) D:\Adobe Pro XI\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Launchpad.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Akamai Technologies, Inc.) C:\Users\MIKE\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Siber Systems) C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Akamai Technologies, Inc.) C:\Users\MIKE\AppData\Local\Akamai\netsession_win.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Nuance Communications, Inc.) D:\PaperPort\PaperPort\PDFProFiltSrvPP.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
(Microsoft Corporation) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Orbiscom Ltd.) C:\Windows\System32\OBroker.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10996368 2012-06-10] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-02-29] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [RUSB3MON] => C:\Program Files\Rocketfish\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [324976 2010-05-21] (Flexera Software, Inc.)
HKLM\...\Run: [PaperPort PTD] => D:\PaperPort\PaperPort\pptd40nt.exe [38824 2011-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] => D:\PaperPort\PaperPort\IndexSearch.exe [51120 2011-10-28] (Nuance Communications, Inc.)
HKLM\...\Run: [PPort14reminder] => D:\PaperPort\PaperPort\Ereg\Ereg.exe [333088 2011-05-16] (Nuance Communications, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => D:\Adobe Pro XI\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM\...\Run: [Launchpad] => C:\Program Files\Windows Server\Bin\Launchpad.exe [1099360 2012-11-02] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [978520 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\...\Run: [Akamai NetSession Interface] => C:\Users\MIKE\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\...\Run: [RoboForm] => C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-02-06] (Siber Systems)
BootExecute: autocheck
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Virtual Account Numbers Helper -> {17424104-1444-4810-85D7-B4DA413C5A9A} -> C:\Program Files\Virtual Account Numbers\CitiVANHelper.dll (Orbiscom Ltd. All rights reserved.)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM - Virtual Account Numbers - {7A21A046-B886-4A62-9D69-EF2059B0A27B} - C:\Program Files\Virtual Account Numbers\CitiVANToolbar.dll (Orbiscom Ltd. All rights reserved.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-832620415-3016655454-3292669285-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-832620415-3016655454-3292669285-1000 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-832620415-3016655454-3292669285-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\MIKE\AppData\Roaming\Mozilla\Firefox\Profiles\d4vvwqv4.default-1422632225485
FF NewTab: about:newtab
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat -> D:\Adobe Pro XI\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF HKLM\...\Firefox\Extensions: [citius@orbiscom] - C:\Program Files\Virtual Account Numbers
FF Extension: Virtual Account Numbers for Firefox - C:\Program Files\Virtual Account Numbers [2014-01-13]
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - D:\Adobe Pro XI\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Adobe Pro XI\Acrobat\Browser\WCFirefoxExtn [2014-01-16]
FF HKLM\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-02-12]
FF HKLM\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files\Siber Systems\AI RoboForm\Firefox [2014-01-11]
FF HKU\S-1-5-21-832620415-3016655454-3292669285-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files\Siber Systems\AI RoboForm\Firefox
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR Profile: C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-10]
CHR Extension: (Google Drive) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-10]
CHR Extension: (YouTube) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-10]
CHR Extension: (Google Search) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-10]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2014-12-10]
CHR Extension: (Google Wallet) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR Extension: (Gmail) - C:\Users\MIKE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-10]
CHR HKLM\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - D:\Adobe Pro XI\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 arXfrSvc; C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [84576 2012-11-02] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1679536 2014-11-11] (Microsoft Corporation)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [539744 2012-05-10] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-02-27] (SEIKO EPSON CORPORATION)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-12] (NVIDIA Corporation)
R2 HealthAlertsSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
S2 initMonitor; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [462048 2012-04-20] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 LANConfig; C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [27520 2011-03-02] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22184 2015-01-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284472 2015-01-30] (Microsoft Corporation)
R2 NotificationsProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)

 

[USAF83]

R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-12] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; D:\PaperPort\PaperPort\PDFProFiltSrvPP.exe [219496 2011-10-28] (Nuance Communications, Inc.)
R2 providers_system; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 ServiceProviderRegistry; C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [41568 2012-11-02] (Microsoft Corporation)
S4 SqmProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
R2 WhsMcClient; C:\Program Files\Windows Server\Bin\WhsMcClient.exe [98400 2012-11-02] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
R2 WSConnectorUpdate; C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [162176 2011-03-02] (Microsoft Corporation)
R2 WSS_ComputerBackupProviderSvc; C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [30592 2011-03-02] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 BackupReader; C:\Windows\System32\DRIVERS\BackupReader.sys [53504 2011-03-02] (Microsoft Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [26248 2013-12-03] (EldoS Corporation)
S3 FlexRadioSystemDAXService_Audio; C:\Windows\System32\DRIVERS\audiodax.sys [43776 2014-06-05] (FlexRadio Systems) [File not signed]
S3 FlexRadioSystemDAXService_IQ; C:\Windows\System32\DRIVERS\iqdax.sys [43648 2014-06-05] (FlexRadio Systems) [File not signed]
S3 FlexRadioSystemDAXService_TX; C:\Windows\System32\DRIVERS\txdax.sys [43648 2014-06-05] (FlexRadio Systems) [File not signed]
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [27136 2013-02-18] (Paragon Software Group)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 LEqdUsb; C:\Windows\System32\Drivers\LEqdUsb.Sys [42264 2013-05-23] (Logitech, Inc.)
R3 LHidEqd; C:\Windows\System32\Drivers\LHidEqd.Sys [10136 2013-05-23] (Logitech, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [55104 2012-07-02] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [239224 2014-11-15] (Microsoft Corporation)
R1 MpKsldeadd66e; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77A5A42E-7008-4C84-B129-D2C732B5C1AE}\MpKsldeadd66e.sys [39464 2015-02-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [80256 2012-05-10] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [171520 2012-05-10] (Renesas Electronics Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\UimBus.sys [81232 2013-02-18] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IM.sys [452816 2013-02-18] (Paragon)
R1 Uim_Vim; C:\Windows\System32\Drivers\Uim_Vim.sys [283600 2013-02-18] (Paragon)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\MIKE\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-13 13:53 - 2015-02-13 13:54 - 00023627 _____ () C:\Users\MIKE\Desktop\FRST.txt
2015-02-13 13:52 - 2015-02-13 13:52 - 01125376 _____ (Farbar) C:\Users\MIKE\Desktop\FRST.exe
2015-02-13 13:43 - 2015-02-13 13:43 - 00001018 _____ () C:\Users\MIKE\Desktop\JRT.txt
2015-02-13 13:19 - 2015-02-13 13:30 - 00000000 ____D () C:\AdwCleaner
2015-02-12 23:36 - 2015-02-12 23:36 - 00000000 ____D () C:\Users\MIKE\AppData\Local\CrashDumps
2015-02-12 23:32 - 2015-02-12 23:32 - 00023131 _____ () C:\ComboFix.txt
2015-02-12 23:17 - 2015-02-12 23:32 - 00000000 ____D () C:\ComboFix
2015-02-12 23:17 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-12 23:17 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-12 23:17 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-12 23:17 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-12 23:17 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-12 23:17 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-12 23:17 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-12 23:17 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-12 22:18 - 2015-02-12 23:32 - 00000000 ____D () C:\Qoobox
2015-02-12 22:17 - 2015-02-12 23:31 - 00000000 ____D () C:\Windows\erdnt
2015-02-12 22:17 - 2015-02-12 22:17 - 05611930 ____R (Swearware) C:\Users\MIKE\Desktop\ComboFix.exe
2015-02-12 21:58 - 2015-02-13 13:51 - 00000000 ____D () C:\Users\MIKE\Desktop\VIRUS SOFTWARE
2015-02-12 21:37 - 2015-02-12 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-12 21:11 - 2015-02-12 21:22 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-12 21:11 - 2015-02-12 21:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-12 20:34 - 2015-02-12 20:34 - 00000000 ___HD () C:\Windows\PIF
2015-02-12 20:24 - 2015-02-12 20:24 - 00000000 ____D () C:\Users\MIKE\Desktop\FRST
2015-02-12 20:18 - 2015-02-12 20:18 - 00000000 ____D () C:\ProgramData\explauncher
2015-02-12 20:07 - 2015-02-12 20:07 - 00001745 _____ () C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk
2015-02-12 20:07 - 2015-02-12 20:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2013 Free
2015-02-12 20:07 - 2013-02-18 13:59 - 00027136 _____ (Paragon Software Group) C:\Windows\system32\Drivers\hotcore3.sys
2015-02-12 19:52 - 2015-02-12 20:02 - 00000000 ____D () C:\Users\MIKE\AppData\Roaming\dlg
2015-02-12 19:47 - 2015-02-12 19:47 - 00000000 ____D () C:\ProgramData\launcher
2015-02-12 17:12 - 2015-02-12 20:39 - 00000000 ____D () C:\Users\MIKE\Desktop\LOG FILES
2015-02-12 15:39 - 2015-02-13 13:53 - 00000000 ____D () C:\FRST
2015-02-11 22:14 - 2015-02-11 22:14 - 00000000 ____D () C:\Users\MIKE\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2015-02-11 22:12 - 2015-02-11 22:12 - 00000000 ____D () C:\ProgramData\{77089FCB-278A-4E4D-960C-3ECF468EED41}
2015-02-11 22:11 - 2015-02-11 22:11 - 17709352 _____ (Adobe Systems Inc.) C:\Users\MIKE\Downloads\AdobeAIR-P92-Setup.exe
2015-02-11 10:37 - 2015-01-22 21:00 - 01810944 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 10:37 - 2015-01-22 20:51 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-10 15:38 - 2015-01-15 01:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 15:38 - 2015-01-15 01:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 15:38 - 2015-01-15 01:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 15:38 - 2015-01-15 01:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 15:38 - 2015-01-15 01:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 15:38 - 2015-01-15 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 15:38 - 2015-01-15 01:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 15:38 - 2015-01-15 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 15:38 - 2015-01-15 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 15:38 - 2015-01-15 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 15:38 - 2015-01-15 01:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 15:38 - 2015-01-14 22:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 15:38 - 2015-01-13 23:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-10 15:38 - 2015-01-13 23:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 15:38 - 2015-01-13 19:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 15:38 - 2015-01-13 19:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-10 15:38 - 2015-01-13 19:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 15:38 - 2015-01-13 19:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 15:38 - 2015-01-13 19:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 15:38 - 2015-01-13 19:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 15:38 - 2015-01-13 19:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 15:38 - 2015-01-13 19:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 15:38 - 2015-01-13 19:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 15:38 - 2015-01-13 19:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-10 15:38 - 2015-01-13 19:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 15:38 - 2015-01-13 19:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 15:38 - 2015-01-13 19:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-10 15:38 - 2015-01-13 19:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-10 15:38 - 2015-01-13 19:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-10 15:38 - 2015-01-12 20:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 15:38 - 2015-01-08 19:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 15:38 - 2014-12-07 20:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 13:35 - 2015-02-10 13:35 - 00151521 _____ () C:\Users\MIKE\Downloads\MICHAEL
2015-02-05 15:00 - 2015-02-05 15:00 - 39894936 _____ () C:\Users\MIKE\Downloads\Firefox-P181-Setup.exe
2015-02-05 10:09 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-05 10:09 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-05 10:09 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-05 10:09 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-05 10:09 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-05 09:58 - 2014-11-10 19:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-05 09:58 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-05 09:58 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-05 09:58 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-05 09:58 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-05 09:58 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-05 09:58 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-05 09:58 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-05 09:58 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-01 15:12 - 2015-02-01 15:12 - 00001793 _____ () C:\Users\Public\Desktop\P-touch Editor 5.1.lnk
2015-01-30 09:37 - 2015-01-30 09:37 - 00000000 ____D () C:\Users\MIKE\Desktop\Old Firefox Data
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-13 13:36 - 2009-07-13 22:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-13 13:36 - 2009-07-13 22:34 - 00023424 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-13 13:35 - 2014-01-11 12:29 - 01781153 _____ () C:\Windows\WindowsUpdate.log
2015-02-13 13:29 - 2014-07-03 19:26 - 00074343 _____ () C:\Windows\setupact.log
2015-02-13 13:29 - 2014-07-03 18:56 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-13 13:28 - 2014-05-07 19:44 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-13 13:28 - 2014-01-11 23:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-13 13:28 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-13 13:26 - 2014-06-29 19:56 - 00001022 _____ () C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-02-13 13:22 - 2014-05-07 19:44 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-12 23:32 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2015-02-12 23:32 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
2015-02-12 23:26 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2015-02-12 23:25 - 2014-07-03 19:26 - 00260406 _____ () C:\Windows\PFRO.log
2015-02-12 23:24 - 2009-07-13 20:03 - 57933824 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-12 23:24 - 2009-07-13 20:03 - 26738688 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-02-12 23:24 - 2009-07-13 20:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-02-12 23:24 - 2009-07-13 20:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-02-12 23:24 - 2009-07-13 20:03 - 00262144 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-02-12 23:23 - 2014-06-27 14:55 - 00000000 ____D () C:\Users\MIKE\AppData\Local\Adobe
2015-02-12 22:18 - 2014-06-06 15:28 - 00000000 ____D () C:\Users\MIKE\AppData\Roaming\Free Download Manager
2015-02-12 21:37 - 2014-07-03 18:56 - 00082648 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-12 20:20 - 2014-01-11 22:39 - 00823590 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-12 15:44 - 2014-01-20 12:28 - 00000000 ____D () C:\Users\MIKE\AppData\Local\Microsoft_Corporation
2015-02-12 15:44 - 2014-01-16 10:48 - 00000000 ____D () C:\Users\MIKE\AppData\Local\Akamai
2015-02-12 15:44 - 2014-01-11 12:36 - 00000000 ____D () C:\Users\MIKE
2015-02-12 15:44 - 2009-07-14 01:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-12 15:44 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\wfp
2015-02-12 15:44 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\rescache
2015-02-12 15:44 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\AppCompat
2015-02-12 15:11 - 2014-10-06 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother P-touch
2015-02-12 15:11 - 2014-07-03 18:29 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-02-12 15:11 - 2014-02-12 22:39 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-02-12 15:11 - 2014-02-12 22:39 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-02-12 15:11 - 2014-02-11 16:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-02-12 15:11 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-12 15:11 - 2009-07-13 20:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 14:47 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Speech
2015-02-12 14:33 - 2014-12-15 14:40 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-12 14:19 - 2014-07-03 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-12 14:19 - 2014-07-03 18:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-12 12:28 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-02-12 12:07 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\registration
2015-02-11 22:15 - 2014-01-12 19:37 - 00000000 ____D () C:\Program Files\Adobe
2015-02-11 22:14 - 2014-01-11 12:36 - 00001377 _____ () C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-11 22:12 - 2014-02-12 22:40 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-11 22:10 - 2014-01-11 18:11 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-11 22:10 - 2014-01-11 18:11 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-11 21:34 - 2014-01-30 23:00 - 00000000 ____D () C:\Users\MIKE\Documents\TurboTax
2015-02-11 18:07 - 2014-01-12 12:07 - 00000000 ____D () C:\ProgramData\TEMP
2015-02-11 10:30 - 2009-07-13 22:33 - 00364680 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-10 22:39 - 2014-01-21 11:06 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-10 22:35 - 2014-01-21 11:06 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-10 22:33 - 2014-07-03 18:29 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-02-10 22:33 - 2014-07-03 18:29 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-02-09 12:29 - 2009-07-13 22:53 - 00032650 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 13:51 - 2014-10-12 11:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-05 15:01 - 2014-02-12 22:40 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-01 15:13 - 2014-01-11 17:07 - 00085544 _____ () C:\Users\MIKE\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 15:12 - 2014-10-06 13:44 - 00000000 ____D () C:\Program Files\Brother
2015-01-29 13:32 - 2014-01-12 12:06 - 00000000 ____D () C:\Users\MIKE\AppData\Roaming\.oit
==================== Files in the root of some directories =======
2014-01-30 23:00 - 2015-01-08 13:56 - 0000590 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
Some content of TEMP:
====================
C:\Users\MIKE\AppData\Local\Temp\Quarantine.exe
C:\Users\MIKE\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-02-13 12:04

 

[USAF83]

FRST Addition.
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-02-2015
Ran by MIKE at 2015-02-13 13:54:23
Running from C:\Users\MIKE\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Pro (HKLM\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Akamai NetSession Interface (HKU\S-1-5-21-832620415-3016655454-3292669285-1000\...\Akamai) (Version: - Akamai Technologies, Inc)
Allway Sync version 14.0.1 (HKLM\...\Allway Sync_is1) (Version: - Botkind Inc)
Belarc Advisor 8.4 (HKLM\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{0CB9668D-F979-4F31-B8B8-67FE90F929F8}) (Version: 2.0.2.0 - Apple Inc.)
Brother P-touch Address Book 1.1 (HKLM\...\{B2023017-DEE4-44F7-8A71-CA6084BF534C}) (Version: 1.1.2201 - Brother Industries, Ltd.)
Brother P-touch Editor 5.1 (HKLM\...\{39270390-A851-4E4B-94A9-D5C468216ED3}) (Version: 5.1.0300 - Brother Industries, Ltd.)
Brother P-touch Editor Label Collection - Package Shipping [ENU] (HKLM\...\{9C7AEE33-3558-4F35-A7C8-6C19F2D3D665}) (Version: 1.0.001 - Brother Industries, Ltd.)
Brother P-touch Update Software (HKLM\...\{08BAC163-A5E8-4838-90A9-8C9343400579}) (Version: 1.0.0030 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (HKLM\...\InstallShield_{A242CAB2-870C-4AC9-8AFE-34379D9383CD}) (Version: 1.00.0000 - Brother Industries, Ltd.)
Brother QL-Series Software User's Guide (Version: 1.00.0000 - Brother Industries, Ltd.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Cisco Connect (HKLM\...\Cisco Connect) (Version: 1.4.11222.0 - Cisco Consumer Products LLC)
Download Navigator (HKLM\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.30.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free All-In-One Media Player (HKLM\...\Free Media Player_is1) (Version: - Free Software Group)
Free Download Manager 3.9.4 (HKLM\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Officejet 6500 E710n-z Basic Device Software (HKLM\...\{23199BD2-AFD7-450E-ADC8-3E16132F17A2}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Officejet 6500 E710n-z Help (HKLM\...\{EFBC0CB1-AFFD-4E74-ACEF-42099F1D49C3}) (Version: 140.0.2.2 - Hewlett Packard)
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4 - HP)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
iSEEK AnswerWorks English Runtime (HKLM\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Just Great Software EditPad Pro 6 v.6.7.1 (HKLM\...\EditPad Pro 6) (Version: v.6.7.1 - Just Great Software)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Access 2013 - en-us (HKLM\...\AccessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-0000-0000000FF1CE}) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-832620415-3016655454-3292669285-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nuance PaperPort 14 (HKLM\...\{ACE26AE1-75E0-44A3-A178-A8E99C62FBC5}) (Version: 14.1.0001 - Nuance Communications, Inc.)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Paint Shop Pro 7 (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
PaperPort Anywhere 1.1.4310.24706 powered by OfficeDrop (HKLM\...\{52357C6C-FE7F-4E8C-B045-EDE5146A1F9C}) (Version: 1.1.4310.24706 - OfficeDrop)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 14.00.0000 - Nuance Communications, Inc.)
Paragon Backup & Recovery™ 2013 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Quicken 2015 (HKLM\...\{00C2D443-43D9-4550-ABEA-318288E23E57}) (Version: 24.1.4.19 - Intuit)
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RoboForm 7-9-12-2 (All Users) (HKLM\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
Rocketfish USB 3.0 PCI Express Card Driver (HKLM\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.20.0 - Rocketfish) <==== ATTENTION!
Rocketfish USB 3.0 PCI Express Card Driver (Version: 3.0.20.0 - Rocketfish) Hidden <==== ATTENTION!
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
TurboTax 2013 (HKLM\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Virtual Account Numbers (HKLM\...\{DE700910-58F7-4D2E-B7E6-3BA2DA1B6806}) (Version: 4.0.0.2253 - Citi)
Virtual Account Numbers (Version: 1.0.6.0 - Citi) Hidden
Webshots Desktop (HKLM\...\Webshots Desktop_is1) (Version: - AGCM)
Windows Home Server 2011 Connector (HKLM\...\{46DCED50-3A1D-4EF4-94F0-45F2681E3D70}) (Version: 6.1.8800.16400 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{4EDE09DD-0761-4ABF-8DAD-1444A02C54A1}\localserver32 -> C:\Program Files\Brother\Ptedit51\Ptedit51.exe (Brother Industries, Ltd.)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832620415-3016655454-3292669285-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\MIKE\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\FileSyncApi.dll (Microsoft Corporation)
==================== Restore Points =========================
31-01-2015 12:21:57 Windows Update
03-02-2015 12:53:37 Windows Update
05-02-2015 09:59:09 Windows Update
08-02-2015 15:18:04 Windows Update
10-02-2015 22:31:27 Windows Update
11-02-2015 10:51:13 Windows Update
12-02-2015 20:05:52 Installed Paragon Backup & Recovery™ 2013 Free.
12-02-2015 21:31:03 After Roguekiller
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 20:04 - 2015-02-12 23:26 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0167A1C8-F2A4-4F69-B280-895B9E390D32} - System32\Tasks\Microsoft\Windows\Windows Server\RenewClientCertificate => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {11A1EBE4-AA6D-4186-8188-210F5D063EBC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2014-11-04] (Microsoft Corporation)
Task: {211D8211-B8F5-4CE2-9D92-E83F53A74407} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {29CB6EF4-BA06-4259-98DB-7BE3DA8FAD58} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {321C6336-EDAD-4122-B0C4-8908D3AFBCB2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {39CE7188-E003-44E0-A587-91A51CF38524} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4C840BD2-43D7-4204-90E7-180DCB483A3C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {57471239-0A25-43B4-9687-76629F39C366} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {5C4FC67E-99EC-4203-82F1-2B526AEF6FCA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {6375AD51-6473-47C9-B072-4B738EE98BA2} - System32\Tasks\CCleanerSkipUAC => E:\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {6819BA16-686A-464C-B3B3-612C9BA560BC} - System32\Tasks\{A5E51DE5-3A50-4EDD-8A99-AB9FAF43F220} => pcalua.exe -a H:\US\setup.exe -d H:\US
Task: {7244E975-16C3-4AE6-A123-83EE978FC6B6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-05-07] (Google Inc.)
Task: {7AE78857-ECA0-4A65-B1E1-2D4B382B921B} - \Binkiland care No Task File <==== ATTENTION
Task: {81A43B4A-C930-4983-B1E1-81C57B75BEF9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {8CA20816-88DF-4672-A1F8-C6B9196CACF6} - System32\Tasks\Microsoft\Windows\Windows Server\Alert Evaluations => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {9DD9106E-4826-44E4-986A-9757D2769387} - System32\Tasks\Microsoft\Windows\Windows Server\InstallAddIns => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {A35C3A5A-DEA1-4605-8C93-D2D7338C022C} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {A3EBE4CB-C261-45D6-9E53-1510677BEBB3} - System32\Tasks\Microsoft\Windows\Windows Server\UploadCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {B2B3622A-B5D3-4BEE-A001-FFE3F2251B11} - System32\Tasks\Microsoft\Windows\Windows Server\Health Definition Updates => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {BDCFB316-BEC7-44A3-837B-5231A4C5883B} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {D6E868C5-955D-4DA8-9DC2-3D661F778FED} - System32\Tasks\Microsoft\Windows\Windows Server\SaveCEIPData => C:\Program Files\Windows Server\Bin\RunTask.exe [2012-11-02] (Microsoft Corporation)
Task: {D9BAE65F-93C3-4FD2-9982-DC0882A3796B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {DFEFB451-CB4D-40A1-B364-07B8E53A0583} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {EA58D44A-B9D6-4484-96FF-B0B299079E20} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {FED557A7-A5BD-4AE6-B0EF-CEA6418D3984} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {FF9E2AD0-6379-4A02-86D3-2BAC19305C88} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MAIN-MIKE MAIN => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-11-04] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Allway Sync_{406D25DFA39225BDD09522A270BA9096}.job => D:\Allway Sync\Bin\syncappw.exe
Task: C:\Windows\Tasks\Allway Sync_{46FC36D8CE030952E6138290111E83A7}.job => D:\Allway Sync\Bin\syncappw.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-01-11 23:02 - 2014-11-12 15:43 - 00106824 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-08-17 12:44 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-12-15 14:40 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-15 14:40 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-15 14:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-12-15 14:40 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-15 14:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-01-11 22:54 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-01-13 09:03 - 2014-01-07 07:40 - 00039424 _____ () C:\Program Files\Virtual Account Numbers\VANRes.dll
2014-06-06 15:23 - 2014-04-22 20:52 - 00106496 _____ () C:\Program Files\Free Download Manager\fdmumsp.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\MIKE\AppData\Roaming\Webshots\The Webshots Desktop\Webshots Wallpaper.bmp
DNS Servers: 192.168.1.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== Accounts: =============================
Administrator (S-1-5-21-832620415-3016655454-3292669285-500 - Administrator - Disabled)
Guest (S-1-5-21-832620415-3016655454-3292669285-501 - Limited - Enabled)
MIKE (S-1-5-21-832620415-3016655454-3292669285-1000 - Administrator - Enabled) => C:\Users\MIKE
==================== Faulty Device Manager Devices =============
Name: MpKsl1a28ae8c
Description: MpKsl1a28ae8c
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKsl1a28ae8c
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Percentage of memory in use: 40%
Total physical RAM: 3563.96 MB
Available physical RAM: 2123.16 MB
Total Pagefile: 7126.21 MB
Available Pagefile: 5338.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.44 MB
==================== Drives ================================
Drive c: (MAIN) (Fixed) (Total:465.76 GB) (Free:419.4 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PROGRAMS) (Fixed) (Total:232.88 GB) (Free:162.66 GB) NTFS
Drive e: (DATA) (Fixed) (Total:260.81 GB) (Free:223.02 GB) NTFS
Drive f: (MISC) (Fixed) (Total:437.82 GB) (Free:378.9 GB) NTFS
Drive g: (SYNC DATA) (Fixed) (Total:298.01 GB) (Free:65.07 GB) FAT32
Drive I: (USB Drive 1tb) (Fixed) (Total:931.51 GB) (Free:155.95 GB) NTFS
Drive j: (ANCESTRY) (Removable) (Total:29.8 GB) (Free:19.49 GB) FAT32
Drive m: () (Network) (Total:1859.8 GB) (Free:952.85 GB)
Drive n: () (Network) (Total:1859.8 GB) (Free:952.85 GB)
Drive o: () (Network) (Total:1859.8 GB) (Free:952.85 GB)
Drive p: () (Network) (Total:1859.8 GB) (Free:952.85 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AC4DA3CD)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 46F4A2BC)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=260.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=437.8 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 298.1 GB) (Disk ID: 41FFC810)
Partition 1: (Active) - (Size=298.1 GB) - (Type=0C)
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: D97E650A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (Size: 29.8 GB) (Disk ID: 4C5851A6)
Partition 1: (Not Active) - (Size=29.8 GB) - (Type=0C)

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[USAF83]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-02-2015
Ran by MIKE at 2015-02-13 16:01:08 Run:1
Running from C:\Users\MIKE\Desktop
Loaded Profiles: MIKE (Available profiles: MIKE)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-832620415-3016655454-3292669285-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
S3 catchme; \??\C:\Users\MIKE\AppData\Local\Temp\catchme.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
2014-01-30 23:00 - 2015-01-08 13:56 - 0000590 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
C:\Users\MIKE\AppData\Local\Temp\Quarantine.exe
C:\Users\MIKE\AppData\Local\Temp\sqlite3.dll
Task: {7AE78857-ECA0-4A65-B1E1-2D4B382B921B} - \Binkiland care No Task File <==== ATTENTION
Task: {BDCFB316-BEC7-44A3-837B-5231A4C5883B} - \avaxvyyvyf No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:FD9CE1F3
*****************
"HKU\S-1-5-21-832620415-3016655454-3292669285-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6}" => Key deleted successfully.
HKCR\CLSID\{0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-832620415-3016655454-3292669285-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
catchme => Service deleted successfully.
gdrv => Service deleted successfully.
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => Moved successfully.
C:\Users\MIKE\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\MIKE\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AE78857-ECA0-4A65-B1E1-2D4B382B921B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE78857-ECA0-4A65-B1E1-2D4B382B921B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Binkiland care" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDCFB316-BEC7-44A3-837B-5231A4C5883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDCFB316-BEC7-44A3-837B-5231A4C5883B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
C:\ProgramData\TEMP => ":FD9CE1F3" ADS removed successfully.

 

[Broni]

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[USAF83]

FSS FILE.
Farbar Service Scanner Version: 17-01-2015
Ran by MIKE (administrator) on 13-02-2015 at 17:35:52
Running from "C:\Users\MIKE\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Action Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed

 

[USAF83]

Which or these tools can I run on a regular schedule to keep my computers clean?

 

[Broni]

I'll give you final instructions when I see all logs I asked for (Security Check, Sophos).

 

[USAF83]

I'm waiting on Sophos to finish. Looks like it takes a long time to run.

 

[Broni]

Don't forget Security Check log.

 

[USAF83]

Sophos completed with any threats.
Security check output.
Results of screen317's Security Check version 0.99.96
Windows 7 Service Pack 1 x86 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
CCleaner
Java 64-bit 8 Update 31
Adobe Flash Player 12.0.0.44 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (35.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Spybot Teatimer.exe is disabled!
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

[Broni]

Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

===================================

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[USAF83]

Everything seems to be working fine. I have downloaded the above and will be running it on all my computer. What was the name of the virus that I had?

 

[Broni]

Mostly adware.

Good luck and stay safe

 

[USAF83]

Thank you for all your help. I would have never figured out what was wrong.

 

[Broni]

You're very welcome