Solved Updateflashplayer.exe virus?

I

ian day

Posts: 26   +0
Hi I opened a link from my wife's email account that said she had a claim going through the courts.
unfortunately I now know that it was a stupid thing to do even though the alarm bells were ringing as I clicked on it.
now I get pop ups telling me that updater wants to make changes to my computer all the time even after I have uninstalled adobe flash player and its driving me mad eight at the last count please help[
 
Sorry its saying its a flash player updater with different numbers after it all the time finishing with exe.
I have bit defender installed and have ran loads of scans but still getting these pop ups
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Here are the logs

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.10.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
ian :: IAN-HP [administrator]
10/02/2014 23:39:27
mbam-log-2014-02-10 (23-39-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288093
Time elapsed: 25 minute(s), 5 second(s)
Memory Processes Detected: 6
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 8656 -> Delete on reboot.
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 7272 -> Delete on reboot.
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 4628 -> Delete on reboot.
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 9460 -> Delete on reboot.
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 6596 -> Delete on reboot.
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> 8492 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKCU\Software\InstalledBrowserExtensions\installdaddy (PUP.Optional.CrossRider.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload (PUP.Optional.1ClickMovieDownloader.A) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Tiesn (Trojan.Zbot.FBD) -> Data: C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Conduit.A) -> Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) Good: () -> Quarantined and repaired successfully.
Folders Detected: 21
C:\Program Files (x86)\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\Logs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\dialogs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\rep (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\CT3319613 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\1clickmoviedownloader.com (PUP.Optional.1ClickMovieDownloader.A) -> Quarantined and deleted successfully.
Files Detected: 139
C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exe (Trojan.Zbot.FBD) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\ian\Desktop\Windows_Vista_Ultimate_Key_100%_working_(by_Abhishek_Rana).exe (PUP.Optional.OneClickDownloader.A) -> Quarantined and deleted successfully.
C:\Users\ian\Desktop\ZipExtractorSetup.exe (PUP.Optional.JumpyApps.A) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe (PUP.Optional.JumpyApps.A) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\nsb51BD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\nsw7767.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_05ee7c49.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_07a81421.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_0d4080c6.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_128620c5.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_147b6803.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_2727d376.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_2746b2a3.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_2a28d4f1.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_58d70c36.exe (Trojan.Agent.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_6f7a9357.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_9c5e1ef2.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a34b78a0.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a34c81cb.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_aa4f667d.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_d6a9ecbb.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_dcb0ce97.exe (Trojan.Zbot.FBD) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\Temp\nsr28AB\SpSetup.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\dkoxequh.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\lcrqiwxj.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\lntdoxpp.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\mpujwrnx.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\rjikpkbi.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\slaoojwc.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\wkcvgfkt.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\wlspgvrn.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\xerpumow.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\xrepfxln.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\dkoxequh.exe (Spyware.Zbot.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\lcrqiwxj.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\lntdoxpp.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\mpujwrnx.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\rjikpkbi.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\slaoojwc.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\wkcvgfkt.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\wlspgvrn.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\xerpumow.exe (Trojan.Inject.ED) -> Quarantined and deleted successfully.
C:\Users\ian\AppData\Local\xrepfxln.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\Temporary Internet Files\Content.IE5\6AD9QS5J\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\Temporary Internet Files\Content.IE5\GPMQEJCI\InstallConverter_TSV2426PT.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\Temporary Internet Files\Content.IE5\NA8QUT67\Player_Setup[1].exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\Temporary Internet Files\Content.IE5\RLJ1GQ43\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\ian\Local Settings\Temporary Internet Files\Content.IE5\SM5X5B4O\Player_Setup[1].exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\Torntv 2-codedownloader.job (PUP.Optional.TornTV.A) -> Delete on reboot.
C:\Windows\Tasks\Torntv 2-enabler.job (PUP.Optional.TornTV.A) -> Delete on reboot.
C:\Windows\Tasks\Torntv 2-updater.job (PUP.Optional.TornTV.A) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 1224523755.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 1758381885.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 2323830538.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 2655840328.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 331575522.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 761532076.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Windows\Tasks\Security Center Update - 812332827.job (Trojan.Agent.RvGen) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\EULA.txt (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll (PUP.Optional.SearchProtect.A) -> Delete on reboot.
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\1ClickMovieDownloader v7-chromeinstaller-dev.job (PUP.Optional.1ClickMovieDownloader.A) -> Delete on reboot.
C:\Windows\Tasks\1ClickMovieDownloader v7-codedownloader.job (PUP.Optional.1ClickMovieDownloader.A) -> Delete on reboot.
C:\Windows\Tasks\1ClickMovieDownloader v7-enabler.job (PUP.Optional.1ClickMovieDownloader.A) -> Delete on reboot.
C:\Windows\Tasks\1ClickMovieDownloader v7-firefoxinstaller.job (PUP.Optional.1ClickMovieDownloader.A) -> Delete on reboot.
C:\Windows\Tasks\1ClickMovieDownloader v7-updater.job (PUP.Optional.1ClickMovieDownloader.A) -> Delete on reboot.
C:\Users\ian\AppData\Local\Temp\CT3319613\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\1clickmoviedownloader.com\MODOextsetup.exe (PUP.Optional.1ClickMovieDownloader.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\1clickmoviedownloader.com\MovieDownloader.exe (PUP.Optional.1ClickMovieDownloader.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\1clickmoviedownloader.com\uninst.exe (PUP.Optional.1ClickMovieDownloader.A) -> Quarantined and deleted successfully.
(end)



DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2
Run by ian at 0:12:43 on 2014-02-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6100.3964 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\windows\SysWOW64\ezSharedSvcHost.exe
c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe
c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe
C:\Program Files (x86)\PasswordBox\pbbtnService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
c:\Program Files\MiricsFlexiTV\Driver\MSiBdaDemodWrapper.exe
C:\windows\system32\taskhost.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\RunDll32.exe
C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTHtml.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
C:\windows\SysWOW64\RunDll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll
uRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
uRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
uRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
uRun: [MyDriveConnect.exe] "C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe"
uRun: [xbcbbdhb] "C:\Users\ian\AppData\Local\cffoxkmm.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [PivotSoftware] "C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" -delay=10
mRun: [DT HPO] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPO
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Magic Desktop for HP notification] "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe"
dRun: [Bitdefender Wallet Agent] "C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
dRun: [Bitdefender Wallet] "C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [Bitdefender Wallet Application Agent] "C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe"
StartupFolder: C:\Users\ian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\ian\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.25/RemoteWeb.cab
DPF: {542CB1D4-810D-4864-8F91-D530B50E89AE} - hxxp://192.168.0.25/Components.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.25/VideoViewer.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{5D6C7040-453D-47F0-85FF-B83056551CBB} : DHCPNameServer = 194.168.4.100 194.168.8.100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
mASetup: {438363A8-F486-4C37-834C-4955773CB3D3} - msiexec /fu {438363A8-F486-4C37-834C-4955773CB3D3} /qn
x64-mStart Page = about:blank
x64-BHO: Bitdefender Wallet : {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [HPSYSDRV] C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE
x64-Run: [Bdagent] "C:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;C:\windows\System32\drivers\avc3.sys [2013-8-31 893440]
R0 gzflt;gzflt;C:\windows\System32\drivers\gzflt.sys [2013-8-31 150256]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-8-31 93600]
R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-8-31 103504]
R1 BDVEDISK;BDVEDISK;C:\windows\System32\drivers\bdvedisk.sys [2013-8-31 76944]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-8-31 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-6 236544]
R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.EXE [2013-12-16 193696]
R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ezSharedSvc;Easybits Services for Windows;C:\windows\System32\ezSharedSvcHost.exe --> C:\windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-8-31 2439272]
R2 msi2500scan;msi2500scan;C:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe [2011-12-16 229376]
R2 MSiDVBT;MSiDVBT;C:\Program Files\MiricsFlexiTV\DVBT\DVBservice.exe [2011-12-16 2715648]
R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2013-11-1 67584]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2013-8-31 1134584]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-8-31 109360]
R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-8-31 94624]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [2013-10-16 67320]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-2-23 95760]
R3 avchv;avchv Function Driver;C:\windows\System32\drivers\avchv.sys [2013-8-31 261056]
R3 avckf;avckf;C:\windows\System32\drivers\avckf.sys [2013-8-31 635392]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\windows\System32\drivers\bcbtums.sys [2012-4-1 163368]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\windows\System32\drivers\btwampfl.sys [2013-8-31 594472]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2013-8-31 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 MSi2500BDA;AVerMsiBDA service;C:\windows\System32\drivers\AVerMsiBDA.sys [2011-12-16 228352]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\windows\System32\drivers\RtsPStor.sys [2012-3-3 343144]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-9-9 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-9-26 409408]
S2 CLKMSVC10_38F51D56;CyberLink Product - 2013/08/30 22:36:19;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE [2013-12-16 247968]
S3 bdfwfpf_pc;bdfwfpf_pc;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-8-31 121928]
S3 BDSandBox;BDSandBox;C:\windows\System32\drivers\bdsandbox.sys [2013-8-31 82824]
S3 BR_MCU;br_mcu2usb.sys USB Driver;C:\windows\System32\drivers\br_mcu2usb.sys [2009-12-8 23552]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-1-1 111616]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-1 1255736]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [2013-8-31 77632]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-02-10 23:34:13 -------- d-----w- C:\Users\ian\AppData\Local\SearchProtect
2014-02-10 22:58:20 -------- d-----w- C:\Users\ian\AppData\Roaming\Iqicymlo
2014-02-10 22:44:39 -------- d-----w- C:\Users\ian\AppData\Roaming\Baxypub
2014-02-10 21:13:39 -------- d-----w- C:\Users\ian\AppData\Roaming\Wyzapei
2014-02-10 16:06:11 143360 ----a-w- C:\Users\ian\AppData\Local\cffoxkmm.exe
2014-02-10 14:51:06 -------- d-----w- C:\Users\ian\AppData\Roaming\Yvagcify
2014-02-10 14:47:33 126265 ----a-w- C:\Users\ian\AppData\Local\omvaaqtq.exe
2014-02-10 10:43:20 -------- d-----w- C:\Users\ian\AppData\Roaming\Wetaup
2014-02-10 10:38:14 126265 ----a-w- C:\Users\ian\AppData\Local\iltjspig.exe
2014-02-10 06:43:28 126265 ----a-w- C:\Users\ian\AppData\Local\doavscfh.exe
2014-02-10 02:35:24 126265 ----a-w- C:\Users\ian\AppData\Local\bdgcidkd.exe
2014-02-09 22:40:27 126265 ----a-w- C:\Users\ian\AppData\Local\cbdmebgj.exe
2014-02-09 06:39:12 -------- d-----w- C:\Users\ian\AppData\Roaming\Afybir
2014-02-09 02:44:06 -------- d-----w- C:\Users\ian\AppData\Roaming\Abidva
2014-02-09 01:12:31 -------- d-----w- C:\Users\ian\AppData\Roaming\Aksawa
2014-02-08 23:37:25 90112 ----a-w- C:\Users\ian\AppData\Local\gtadbiof.exe
2014-02-08 23:24:24 90112 ----a-w- C:\Users\ian\AppData\Local\hsswacxt.exe
2014-02-08 23:11:23 90112 ----a-w- C:\Users\ian\AppData\Local\hcfjownm.exe
2014-02-08 22:58:22 90112 ----a-w- C:\Users\ian\AppData\Local\flchicob.exe
2014-02-08 22:45:07 90112 ----a-w- C:\Users\ian\AppData\Local\nkbppbcb.exe
2014-02-08 21:52:41 90112 ----a-w- C:\Users\ian\AppData\Local\xhsucbxm.exe
2014-02-08 21:39:40 90112 ----a-w- C:\Users\ian\AppData\Local\xobgcvmx.exe
2014-02-08 21:26:39 90112 ----a-w- C:\Users\ian\AppData\Local\upeqgtan.exe
2014-02-08 21:13:27 90112 ----a-w- C:\Users\ian\AppData\Local\eafcpgkr.exe
2014-02-08 19:42:17 90112 ----a-w- C:\Users\ian\AppData\Local\fqehtdip.exe
2014-02-08 19:29:17 90112 ----a-w- C:\Users\ian\AppData\Local\lemotnld.exe
2014-02-08 19:16:16 90112 ----a-w- C:\Users\ian\AppData\Local\pudlxtxg.exe
2014-02-08 19:03:15 90112 ----a-w- C:\Users\ian\AppData\Local\dnmfqofh.exe
2014-02-08 18:50:14 90112 ----a-w- C:\Users\ian\AppData\Local\jgoptgtf.exe
2014-02-08 18:37:13 90112 ----a-w- C:\Users\ian\AppData\Local\mnfkcvrx.exe
2014-02-08 14:46:13 -------- d-----w- C:\Users\ian\AppData\Roaming\Obykbiwa
2014-02-07 22:50:42 -------- d-----w- C:\Users\ian\AppData\Roaming\Ydveos
2014-02-07 18:41:44 -------- d-----w- C:\Users\ian\AppData\Roaming\Ocugorg
2014-02-07 07:45:02 -------- d-----w- C:\Users\ian\AppData\Roaming\Reweyfv
2014-02-07 03:40:03 -------- d-----w- C:\Users\ian\AppData\Roaming\Qoviekba
2014-02-06 23:01:46 -------- d-----w- C:\Users\ian\AppData\Roaming\Idydufmi
2014-01-14 22:49:31 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
2014-01-14 22:49:31 255552 ------w- C:\windows\System32\drivers\mcdbus.sys
2014-01-14 22:49:31 -------- d-----w- C:\Program Files (x86)\MagicDisc
2014-01-14 22:24:16 -------- d-----w- C:\Users\ian\AppData\Local\Cool_Mirage
.
==================== Find3M ====================
.
2014-01-27 14:08:06 893440 ------w- C:\windows\System32\drivers\avc3.sys
2014-01-27 14:08:03 635392 ----a-w- C:\windows\System32\drivers\avckf.sys
2013-12-18 21:09:39 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ------w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ------w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-13 12:05:20 82824 ----a-w- C:\windows\System32\drivers\bdsandbox.sys
2013-11-13 12:05:19 34384 ----a-w- C:\windows\System32\bdsandboxuh.dll
2013-11-13 12:05:17 84848 ----a-w- C:\windows\System32\bdsandboxuiskin.dll
2013-11-13 12:05:16 74512 ----a-w- C:\windows\SysWow64\bdsandboxuiskin32.dll
2013-11-13 12:05:16 74512 ----a-w- C:\windows\System32\bdsandboxuiskin32.dll
.
============= FINISH: 0:13:38.83 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 30/08/2013 23:31:47
System Uptime: 11/02/2014 00:09:33 (0 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2ADC
Processor: Intel(R) Core(TM) i7-2600S CPU @ 2.80GHz | | 2801/29285mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1851 GiB total, 1715.067 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.386 GiB free.
E: is CDROM ()
F: is Removable
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP46: 06/02/2014 21:43:15 - Installed Java 7 Update 51
RP47: 10/02/2014 16:25:44 - Removed Norton Online Backup
.
==== Installed Programs ======================
.
7-Data Recovery Suite version 2.2
Adobe Reader XI (11.0.06)
Alpha Updater V3
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
µTorrent
Bing Bar
Bitdefender Total Security
Blio
Broadcom Bluetooth Software
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DirectX for Managed Code Update (Summer 2004)
Facebook
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.2.3
HP Auto
HP Calendar
HP Clock
HP Customer Experience Enhancements
HP LinkUp
HP Magic Canvas
HP My Display
HP Notes
HP Odometer
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Remote Solution
HP RSS
HP Setup
HP Support Information
HP TouchSmart Background - Beats
HP TouchSmart RecipeBox
HP Update
HydraVision
I.R.I.S. OCR
IDT Audio
Intel(R) Management Engine Components
IP Camera Viewer 1.0
IrfanView (remove only)
Java 7 Update 51
Java Auto Updater
Junk Mail filter update
LabelPrint
Magic ISO Maker v5.4 (build 0239)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Metric Converter
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Mathematics
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Maintenance Service
Mozilla Thunderbird 17.0.8 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MyDriveConnect 3.3.0.1318
opensource
PDF Complete Corporate Edition
Pivot Pro Plugin
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Power2Go
Real Alternative 2.0.2
Realtek PCIE Card Reader
Recovery Manager
Remote Graphics Receiver
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Skype™ 5.10
TSHostedAppLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Visual Studio C++ 10.0 Runtime
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.00 (64-bit)
WinZip 16.0
Xilisoft ISO Burner
.
==== Event Viewer Messages From Past Week ========
.
10/02/2014 19:57:37, Error: bowser [8003] - The master browser has received a server announcement from the computer JOANNE-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}. The master browser is stopping or an election is being forced.
10/02/2014 14:28:51, Error: bowser [8003] - The master browser has received a server announcement from the computer GUISEPPI that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}. The master browser is stopping or an election is being forced.
10/02/2014 14:14:24, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.2. The computer with the IP address 192.168.0.20 did not allow the name to be claimed by this computer.
09/02/2014 05:01:40, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 252.
.
==== End Of File ===========================
 
You're very seriously infected.

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
RogueKiller V8.8.6 [Feb 7 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ian [Admin rights]
Mode : Remove -- Date : 02/11/2014 07:28:50
| ARK || FAK || MBR |
¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] mdhpSUN.exe -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe [7] -> KILLED [TermProc]
[SUSP PATH] emufriu.exe -- C:\Users\ian\AppData\Roaming\Osqyild\emufriu.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : xbcbbdhb ("C:\Users\ian\AppData\Local\cffoxkmm.exe" [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Hovuatebtug (C:\Users\ian\AppData\Roaming\Osqyild\emufriu.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-583008633-2609842834-3559704978-1000\[...]\Run : xbcbbdhb ("C:\Users\ian\AppData\Local\cffoxkmm.exe" [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-583008633-2609842834-3559704978-1000\[...]\Run : Hovuatebtug (C:\Users\ian\AppData\Roaming\Osqyild\emufriu.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : Magic Desktop for HP notification ("C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" [7]) -> DELETED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 19 ¤¤¤
[V1][SUSP PATH] Security Center Update - 1361644785.job : C:\Users\ian\AppData\Roaming\Osqyild\emufriu.exe [-] -> DELETED
[V2][ROGUE ST] 1ClickMovieDownloader v7-chromeinstaller-dev : C:\Program Files (x86)\1ClickMovieDownloader v7\1ClickMovieDownloader v7-chromeinstaller.exe - /installcrx /agentregpath='1ClickMovieDownloader v7' /extensionfilepath='C:\Program Files (x86)\1ClickMovieDownloader v7\49026.crx' /appid=49026 /srcid='000853' /subid='0' /zdata='0' /bic=3D29C8A893AA4887966CDA48D650DA73IE /verifier=4981a68b11281bdc34bd4e50481a82f9 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1389738254 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 /extensionid=dkfhpcpdedpiemffkdjffkikhjdhahkp /extensionversion=1.26.14 /extensionpublickey=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCpQ+mE+i7oAsdaMJtmw3zFelr/N1YAyUNJ48Zp4pXeiSpdhn088V9qvly4YuTivzF5ySxRjo0xKqIGkBSBskfkPT+adtfZ1FUYm8WBC4x1Pecf1yDEsNCesoiYrPF9qs/lYfM9vnTbehfcnRKvLUQuTPiSPsKlvFBFcds6DgXacQIDAQAB /defbro=ie /allusers /allprofiles /crxidfordevinstall=gboiebciadnfkfgldnenkfhdhobgfdpm /crxinstalltype=2 /runfrom='task' /externallog='' [x][x][x][x][x][x][x] -> DELETED
[V2][ROGUE ST] 1ClickMovieDownloader v7-firefoxinstaller : C:\Program Files (x86)\1ClickMovieDownloader v7\1ClickMovieDownloader v7-firefoxinstaller.exe - /installxpi /agentregpath='1ClickMovieDownloader v7' /extensionfilepath='C:\Program Files (x86)\1ClickMovieDownloader v7\49026.xpi' /appid=49026 /srcid='000853' /subid='0' /zdata='0' /bic=3D29C8A893AA4887966CDA48D650DA73IE /verifier=4981a68b11281bdc34bd4e50481a82f9 /installerversion=1_33_153 /installerfullversion=1.33.153.1 /installationtime=1389738254 /statsdomain=hxxp://stats.srvstatsdata.com /errorsdomain=hxxp://errors.srvstatsdata.com /waitforbrowser=300 \\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS723020BLA642 +++++
--- User ---
[MBR] 3bb5a881d09ff6a332bee54157386c8f
[BSP] ca9c2375af42a148a10f4de706c6300d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) +++++
--- User ---
[MBR] ba6dc1a0a2580a541edc1f8f1e1d0154
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 1849 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ USB) HP Officejet Pro 86 USB Device +++++
Error reading User MBR! ([0x15] The device is not ready. )
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )
Finished : << RKreport[0]_D_02112014_072850.txt >>
RKreport[0]_S_02112014_072745.txt
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Farbar Service Scanner Version: 02-02-2014
Ran by ian (administrator) on 11-02-2014 at 18:13:46
Running from "C:\Users\ian\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Farbar Service Scanner Version: 02-02-2014
Ran by ian (administrator) on 11-02-2014 at 19:41:48
Running from "C:\Users\ian\Desktop\far"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by ian (administrator) on IAN-HP on 11-02-2014 20:46:47
Running from C:\Users\ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GXGT01Z
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Processes (Whitelisted) =================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(AMD) C:\windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AMD) C:\windows\system32\atieclxx.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
(EasyBits Software AS) C:\windows\SysWOW64\ezSharedSvcHost.exe
(Mirics Semiconductor) c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe
(Mirics Ltd.) c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Mirics Semiconductor) c:\Program Files\MiricsFlexiTV\Driver\MSiBdaDemodWrapper.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\OSDManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display\DTHtml.exe
(Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\ian\Desktop\far\FSS.exe
(Microsoft Corporation) C:\windows\system32\prevhost.exe
(Microsoft Corporation) C:\windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [BeatsOSDApp] - C:\Program Files\IDT\WDM\beats64.exe [37888 2011-08-24] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-26] (IDT, Inc.)
HKLM\...\Run: [HPSYSDRV] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1737920 2014-01-27] (Bitdefender)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [641664 2012-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2012-02-21] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc)
HKLM-x32\...\Run: [PivotSoftware] - C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [DT HPO] - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2012-04-27] (Portrait Displays, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-06] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-06] (Bitdefender)
HKU\.DEFAULT\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-06] (Bitdefender)
HKU\S-1-5-21-583008633-2609842834-3559704978-1000\...\Run: [Bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [567888 2014-02-06] (Bitdefender)
HKU\S-1-5-21-583008633-2609842834-3559704978-1000\...\Run: [Bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [1001536 2014-02-06] (Bitdefender)
HKU\S-1-5-21-583008633-2609842834-3559704978-1000\...\Run: [Bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe [614232 2014-02-06] (Bitdefender)
HKU\S-1-5-21-583008633-2609842834-3559704978-1000\...\Run: [MyDriveConnect.exe] - C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-1...//www.ebay.co.uk/sch/I.html?_nkw={searchTerms}
SearchScopes: HKLM - {DD3FB35B-F89C-4B31-962F-B603A34C73CC} URL = http://www.amazon.co.uk/s/ref=azs_o...code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-1...//www.ebay.co.uk/sch/I.html?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {DD3FB35B-F89C-4B31-962F-B603A34C73CC} URL = http://www.amazon.co.uk/s/ref=azs_o...code=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-1...//www.ebay.co.uk/sch/I.html?_nkw={searchTerms}
SearchScopes: HKCU - {DD3FB35B-F89C-4B31-962F-B603A34C73CC} URL = http://www.amazon.co.uk/s/ref=azs_o...code=qs&index=aps&field-keywords={searchTerms}
BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\Antispam32\pmbxie.dll (Bitdefender)
BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
DPF: HKLM-x32 {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} http://192.168.0.25/RemoteWeb.cab
DPF: HKLM-x32 {542CB1D4-810D-4864-8F91-D530B50E89AE} http://192.168.0.25/Components.cab
DPF: HKLM-x32 {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} http://192.168.0.25/VideoViewer.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2013-08-31] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\ian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\searchplugins [2014-02-10]
FF Extension: Torntv 3 - C:\Users\ian\AppData\Roaming\Mozilla\Firefox\profiles\extensions\trtv3@trtv.com.xpi [2013-06-30]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-31]
FF HKLM-x32\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\Antispam32\ffpwdman\ []
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-08-31]
==================== Services (Whitelisted) =================
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [77632 2013-12-01] (Bitdefender)
S2 CLKMSVC10_38F51D56; c:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138032 2012-04-27] (Portrait Displays, Inc.)
R2 msi2500scan; c:\Program Files\MiricsFlexiTV\Driver\msi2500scan.exe [229376 2011-12-16] (Mirics Semiconductor)
R2 MSiDVBT; c:\Program Files\MiricsFlexiTV\DVBT\DVBService.exe [2715648 2011-12-16] (Mirics Ltd.)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc)
R2 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [67320 2013-10-16] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1507248 2014-01-27] (Bitdefender)
==================== Drivers (Whitelisted) ====================
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [893440 2014-01-27] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [261056 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [635392 2014-01-27] (BitDefender)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [93600 2013-02-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [103504 2011-11-14] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-09-26] (Bitdefender SRL)
S3 BDSandBox; C:\windows\system32\drivers\bdsandbox.sys [82824 2013-11-13] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\System32\DRIVERS\bdvedisk.sys [76944 2012-04-17] (BitDefender)
S3 BR_MCU; C:\Windows\System32\Drivers\br_mcu2usb.sys [23552 2009-12-08] (Windows (R) Win 7 DDK provider)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [150256 2013-09-26] (BitDefender LLC)
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [91352 2014-02-11] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [119000 2014-02-11] (Malwarebytes Corporation)
R3 MSi2500BDA; C:\Windows\System32\DRIVERS\AVerMsiBDA.sys [228352 2011-12-16] (AVerMedia TECHNOLOGIES, Inc.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [389240 2013-09-26] (BitDefender S.R.L.)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-02-11 20:46 - 2014-02-11 20:46 - 00000000 ____D () C:\FRST
2014-02-11 19:41 - 2014-02-11 19:41 - 00000000 ____D () C:\Users\ian\Desktop\far
2014-02-11 18:13 - 2014-02-11 18:13 - 00001066 _____ () C:\Users\ian\Desktop\FSS.txt
2014-02-11 07:50 - 2014-02-11 17:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-11 07:50 - 2014-02-11 17:41 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-11 07:49 - 2014-02-11 07:49 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-11 07:48 - 2014-02-11 17:40 - 00000000 ____D () C:\Users\ian\Desktop\mbar
2014-02-11 07:48 - 2014-02-11 07:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ian\Desktop\mbar-1.07.0.1009.exe
2014-02-11 07:28 - 2014-02-11 07:45 - 00007584 _____ () C:\Users\ian\Desktop\RKreport[0]_D_02112014_072850.txt
2014-02-11 07:27 - 2014-02-11 07:27 - 00007391 _____ () C:\Users\ian\Desktop\RKreport[0]_S_02112014_072745.txt
2014-02-11 07:24 - 2014-02-11 07:45 - 00000000 ____D () C:\Users\ian\Desktop\RK_Quarantine
2014-02-11 07:22 - 2014-02-11 07:22 - 03809792 _____ () C:\Users\ian\Desktop\RogueKiller.exe
2014-02-11 02:44 - 2014-02-11 18:42 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Osqyild
2014-02-11 02:41 - 2014-02-11 02:41 - 00068921 _____ () C:\Users\ian\AppData\Local\lttfmitj.exe
2014-02-11 00:13 - 2014-02-11 00:13 - 00024590 _____ () C:\Users\ian\Desktop\dds.txt
2014-02-11 00:13 - 2014-02-11 00:13 - 00011296 _____ () C:\Users\ian\Desktop\attach.txt
2014-02-11 00:10 - 2014-02-11 00:10 - 00000385 _____ () C:\Users\ian\AppData\Roaminguser_gensett.xml
2014-02-11 00:08 - 2014-02-11 00:08 - 00688992 _____ (Swearware) C:\Users\ian\Downloads\dds.com
2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Users\ian\AppData\Local\SearchProtect
2014-02-10 22:58 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Iqicymlo
2014-02-10 22:44 - 2014-02-11 00:09 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Baxypub
2014-02-10 21:13 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wyzapei
2014-02-10 16:06 - 2014-02-10 16:06 - 00143360 _____ () C:\Users\ian\AppData\Local\cffoxkmm.exe
2014-02-10 14:51 - 2014-02-10 15:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Yvagcify
2014-02-10 14:47 - 2014-02-10 21:15 - 00126265 _____ () C:\Users\ian\AppData\Local\omvaaqtq.exe
2014-02-10 10:43 - 2014-02-10 21:55 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wetaup
2014-02-10 10:38 - 2014-02-10 21:06 - 00126265 _____ () C:\Users\ian\AppData\Local\iltjspig.exe
2014-02-10 06:43 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\doavscfh.exe
2014-02-10 02:35 - 2014-02-10 17:18 - 00126265 _____ () C:\Users\ian\AppData\Local\bdgcidkd.exe
2014-02-09 22:40 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\cbdmebgj.exe
2014-02-09 06:39 - 2014-02-09 07:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Afybir
2014-02-09 03:53 - 2014-02-09 03:53 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Real
2014-02-09 02:44 - 2014-02-09 03:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Abidva
2014-02-09 01:12 - 2014-02-09 02:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Aksawa
2014-02-08 23:37 - 2014-02-08 23:37 - 00090112 _____ () C:\Users\ian\AppData\Local\gtadbiof.exe
2014-02-08 23:24 - 2014-02-08 23:24 - 00090112 _____ () C:\Users\ian\AppData\Local\hsswacxt.exe
2014-02-08 23:11 - 2014-02-08 23:11 - 00090112 _____ () C:\Users\ian\AppData\Local\hcfjownm.exe
2014-02-08 22:58 - 2014-02-08 22:58 - 00090112 _____ () C:\Users\ian\AppData\Local\flchicob.exe
2014-02-08 22:45 - 2014-02-08 22:45 - 00090112 _____ () C:\Users\ian\AppData\Local\nkbppbcb.exe
2014-02-08 21:52 - 2014-02-08 21:52 - 00090112 _____ () C:\Users\ian\AppData\Local\xhsucbxm.exe
2014-02-08 21:39 - 2014-02-08 21:39 - 00090112 _____ () C:\Users\ian\AppData\Local\xobgcvmx.exe
2014-02-08 21:26 - 2014-02-08 21:26 - 00090112 _____ () C:\Users\ian\AppData\Local\upeqgtan.exe
2014-02-08 21:13 - 2014-02-08 21:13 - 00090112 _____ () C:\Users\ian\AppData\Local\eafcpgkr.exe
2014-02-08 19:42 - 2014-02-08 19:42 - 00090112 _____ () C:\Users\ian\AppData\Local\fqehtdip.exe
2014-02-08 19:29 - 2014-02-08 19:29 - 00090112 _____ () C:\Users\ian\AppData\Local\lemotnld.exe
2014-02-08 19:16 - 2014-02-08 19:16 - 00090112 _____ () C:\Users\ian\AppData\Local\pudlxtxg.exe
2014-02-08 19:03 - 2014-02-08 19:03 - 00090112 _____ () C:\Users\ian\AppData\Local\dnmfqofh.exe
2014-02-08 18:50 - 2014-02-08 18:50 - 00090112 _____ () C:\Users\ian\AppData\Local\jgoptgtf.exe
2014-02-08 18:37 - 2014-02-08 18:37 - 00090112 _____ () C:\Users\ian\AppData\Local\mnfkcvrx.exe
2014-02-08 14:46 - 2014-02-10 16:16 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Obykbiwa
2014-02-07 22:50 - 2014-02-07 23:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ydveos
2014-02-07 18:41 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ocugorg
2014-02-07 07:45 - 2014-02-07 08:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Reweyfv
2014-02-07 03:40 - 2014-02-07 04:01 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Qoviekba
2014-02-06 23:01 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Idydufmi
2014-02-06 23:01 - 2014-02-06 23:01 - 00012326 _____ () C:\Users\ian\AppData\Local\niomwjlk
2014-02-06 23:00 - 2014-02-06 23:00 - 00068260 _____ () C:\Users\ian\AppData\Local\elieicsp
2014-02-06 22:59 - 2014-02-06 22:59 - 00000000 _____ () C:\Users\ian\AppData\Roaming\SharedSettings.ccs
2014-02-06 22:56 - 2014-02-10 16:54 - 00000000 ____D () C:\Users\ian\Desktop\Pretrial_Notice_Middlesbrough
2014-02-06 21:44 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-02-06 21:43 - 2014-02-06 21:44 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-05 19:20 - 2014-02-11 18:42 - 00000374 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-02-05 19:20 - 2014-02-11 18:42 - 00000372 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-02-05 19:20 - 2014-02-05 19:20 - 00002668 ____N () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv
2014-02-05 19:20 - 2014-02-05 19:20 - 00002666 ____N () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel
2014-02-03 07:23 - 2014-02-03 07:23 - 00135168 ____N () C:\Users\ian\Desktop\Timetables Group A and Group B for L4 BTEC Art & Design 13-14(1).wiz
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\Desktop\Car_Radio_Code_Calculator.eng
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\AppData\Roaming\WinRAR
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-20 08:56 - 2014-01-20 08:56 - 00000000 ____D () C:\Users\ian\Downloads\WinRAR 5.00 Final (x86-x64) Incl Key - SceneDL (PimpRG)
2014-01-19 10:09 - 2014-01-19 10:10 - 00000000 ____D () C:\Users\ian\Downloads\Robot Chicken Star Wars VOSE
2014-01-14 23:05 - 2014-01-14 23:05 - 00001093 _____ () C:\Users\ian\Desktop\Continue Zip Extractor Installation.lnk
2014-01-14 22:50 - 2014-01-14 22:50 - 00000955 _____ () C:\Users\ian\Desktop\MagicDisc.lnk
2014-01-14 22:50 - 2014-01-14 22:50 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-01-14 22:49 - 2014-01-14 22:51 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-01-14 22:49 - 2009-02-24 18:35 - 00255552 ____N (MagicISO, Inc.) C:\windows\system32\Drivers\mcdbus.sys
2014-01-14 22:49 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\windows\SysWOW64\Drivers\mcdbus.sys
2014-01-14 22:24 - 2014-01-14 22:24 - 00004432 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-updater
2014-01-14 22:24 - 2014-01-14 22:24 - 00004374 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-codedownloader
2014-01-14 22:24 - 2014-01-14 22:24 - 00004256 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-enabler
2014-01-14 22:24 - 2014-01-14 22:24 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
2014-01-14 22:24 - 2014-01-14 22:24 - 00000000 ____D () C:\Users\ian\AppData\Local\Cool_Mirage
2014-01-12 14:14 - 2014-01-12 14:14 - 00000000 ____D () C:\Users\ian\Downloads\Last.Stand.2013.D.BDRip.720p-Lum1x-
==================== One Month Modified Files and Folders =======
2014-02-11 20:46 - 2014-02-11 20:46 - 00000000 ____D () C:\FRST
2014-02-11 19:41 - 2014-02-11 19:41 - 00000000 ____D () C:\Users\ian\Desktop\far
2014-02-11 19:29 - 2013-08-30 22:30 - 01865148 _____ () C:\windows\WindowsUpdate.log
2014-02-11 18:42 - 2014-02-11 02:44 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Osqyild
2014-02-11 18:42 - 2014-02-05 19:20 - 00000374 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
2014-02-11 18:42 - 2014-02-05 19:20 - 00000372 _____ () C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
2014-02-11 18:42 - 2013-09-02 09:44 - 00000888 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 18:33 - 2009-07-14 04:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 18:33 - 2009-07-14 04:45 - 00016976 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 18:30 - 2009-07-14 05:13 - 00779724 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-11 18:26 - 2013-08-31 05:38 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-11 18:25 - 2013-11-25 08:25 - 00000196 _____ () C:\windows\Tasks\AutoKMS.job
2014-02-11 18:25 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-11 18:25 - 2009-07-14 04:51 - 00046531 _____ () C:\windows\setupact.log
2014-02-11 18:13 - 2014-02-11 18:13 - 00001066 _____ () C:\Users\ian\Desktop\FSS.txt
2014-02-11 18:07 - 2013-09-02 09:44 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 17:42 - 2014-02-11 07:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-11 17:41 - 2014-02-11 07:50 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-11 17:40 - 2014-02-11 07:48 - 00000000 ____D () C:\Users\ian\Desktop\mbar
2014-02-11 09:43 - 2013-08-31 07:19 - 00003910 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{91E9001D-DC52-425D-879A-BFC499ABD4DB}
2014-02-11 07:49 - 2014-02-11 07:49 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-02-11 07:48 - 2014-02-11 07:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\ian\Desktop\mbar-1.07.0.1009.exe
2014-02-11 07:45 - 2014-02-11 07:28 - 00007584 _____ () C:\Users\ian\Desktop\RKreport[0]_D_02112014_072850.txt
2014-02-11 07:45 - 2014-02-11 07:24 - 00000000 ____D () C:\Users\ian\Desktop\RK_Quarantine
2014-02-11 07:27 - 2014-02-11 07:27 - 00007391 _____ () C:\Users\ian\Desktop\RKreport[0]_S_02112014_072745.txt
2014-02-11 07:22 - 2014-02-11 07:22 - 03809792 _____ () C:\Users\ian\Desktop\RogueKiller.exe
2014-02-11 05:44 - 2013-08-31 07:19 - 00003174 _____ () C:\windows\System32\Tasks\HPCeeScheduleForian
2014-02-11 05:44 - 2013-08-31 07:19 - 00000324 _____ () C:\windows\Tasks\HPCeeScheduleForian.job
2014-02-11 03:02 - 2013-09-02 09:44 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-11 03:02 - 2013-09-02 09:44 - 00003636 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-11 02:41 - 2014-02-11 02:41 - 00068921 _____ () C:\Users\ian\AppData\Local\lttfmitj.exe
2014-02-11 01:50 - 2013-08-31 18:50 - 00003214 _____ () C:\windows\System32\Tasks\HPCeeScheduleForIAN-HP$
2014-02-11 01:50 - 2013-08-31 18:50 - 00000338 _____ () C:\windows\Tasks\HPCeeScheduleForIAN-HP$.job
2014-02-11 00:13 - 2014-02-11 00:13 - 00024590 _____ () C:\Users\ian\Desktop\dds.txt
2014-02-11 00:13 - 2014-02-11 00:13 - 00011296 _____ () C:\Users\ian\Desktop\attach.txt
2014-02-11 00:10 - 2014-02-11 00:10 - 00000385 _____ () C:\Users\ian\AppData\Roaminguser_gensett.xml
2014-02-11 00:09 - 2014-02-10 22:44 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Baxypub
2014-02-11 00:09 - 2010-11-21 03:47 - 00890032 _____ () C:\windows\PFRO.log
2014-02-11 00:08 - 2014-02-11 00:08 - 00688992 _____ (Swearware) C:\Users\ian\Downloads\dds.com
2014-02-10 23:50 - 2013-09-03 20:21 - 00000000 ____D () C:\Users\ian\AppData\Local\CrashDumps
2014-02-10 23:43 - 2013-10-09 18:06 - 00000000 ____D () C:\Users\ian\Documents\Outlook Files
2014-02-10 23:37 - 2013-09-16 08:59 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-10 23:37 - 2013-09-16 08:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Users\ian\AppData\Local\SearchProtect
2014-02-10 23:02 - 2014-02-10 22:58 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Iqicymlo
2014-02-10 23:02 - 2014-02-10 21:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wyzapei
2014-02-10 21:55 - 2014-02-10 10:43 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wetaup
2014-02-10 21:15 - 2014-02-10 14:47 - 00126265 _____ () C:\Users\ian\AppData\Local\omvaaqtq.exe
2014-02-10 21:06 - 2014-02-10 10:38 - 00126265 _____ () C:\Users\ian\AppData\Local\iltjspig.exe
2014-02-10 17:30 - 2014-02-10 06:43 - 00126265 _____ () C:\Users\ian\AppData\Local\doavscfh.exe
2014-02-10 17:30 - 2014-02-09 22:40 - 00126265 _____ () C:\Users\ian\AppData\Local\cbdmebgj.exe
2014-02-10 17:18 - 2014-02-10 02:35 - 00126265 _____ () C:\Users\ian\AppData\Local\bdgcidkd.exe
2014-02-10 16:54 - 2014-02-06 22:56 - 00000000 ____D () C:\Users\ian\Desktop\Pretrial_Notice_Middlesbrough
2014-02-10 16:16 - 2014-02-08 14:46 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Obykbiwa
2014-02-10 16:13 - 2014-02-07 18:41 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ocugorg
2014-02-10 16:13 - 2014-02-06 23:01 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Idydufmi
2014-02-10 16:06 - 2014-02-10 16:06 - 00143360 _____ () C:\Users\ian\AppData\Local\cffoxkmm.exe
2014-02-10 15:00 - 2014-02-10 14:51 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Yvagcify
2014-02-10 11:46 - 2013-09-16 10:18 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-10 11:46 - 2013-09-02 10:12 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-02-09 07:00 - 2014-02-09 06:39 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Afybir
2014-02-09 03:53 - 2014-02-09 03:53 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Real
2014-02-09 03:00 - 2014-02-09 02:44 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Abidva
2014-02-09 02:00 - 2014-02-09 01:12 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Aksawa
2014-02-08 23:37 - 2014-02-08 23:37 - 00090112 _____ () C:\Users\ian\AppData\Local\gtadbiof.exe
2014-02-08 23:24 - 2014-02-08 23:24 - 00090112 _____ () C:\Users\ian\AppData\Local\hsswacxt.exe
2014-02-08 23:11 - 2014-02-08 23:11 - 00090112 _____ () C:\Users\ian\AppData\Local\hcfjownm.exe
2014-02-08 22:58 - 2014-02-08 22:58 - 00090112 _____ () C:\Users\ian\AppData\Local\flchicob.exe
2014-02-08 22:45 - 2014-02-08 22:45 - 00090112 _____ () C:\Users\ian\AppData\Local\nkbppbcb.exe
2014-02-08 21:52 - 2014-02-08 21:52 - 00090112 _____ () C:\Users\ian\AppData\Local\xhsucbxm.exe
2014-02-08 21:39 - 2014-02-08 21:39 - 00090112 _____ () C:\Users\ian\AppData\Local\xobgcvmx.exe
2014-02-08 21:26 - 2014-02-08 21:26 - 00090112 _____ () C:\Users\ian\AppData\Local\upeqgtan.exe
2014-02-08 21:13 - 2014-02-08 21:13 - 00090112 _____ () C:\Users\ian\AppData\Local\eafcpgkr.exe
2014-02-08 19:42 - 2014-02-08 19:42 - 00090112 _____ () C:\Users\ian\AppData\Local\fqehtdip.exe
2014-02-08 19:29 - 2014-02-08 19:29 - 00090112 _____ () C:\Users\ian\AppData\Local\lemotnld.exe
2014-02-08 19:16 - 2014-02-08 19:16 - 00090112 _____ () C:\Users\ian\AppData\Local\pudlxtxg.exe
2014-02-08 19:03 - 2014-02-08 19:03 - 00090112 _____ () C:\Users\ian\AppData\Local\dnmfqofh.exe
2014-02-08 18:50 - 2014-02-08 18:50 - 00090112 _____ () C:\Users\ian\AppData\Local\jgoptgtf.exe
2014-02-08 18:37 - 2014-02-08 18:37 - 00090112 _____ () C:\Users\ian\AppData\Local\mnfkcvrx.exe
2014-02-07 23:00 - 2014-02-07 22:50 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ydveos
2014-02-07 17:51 - 2013-08-31 07:21 - 00109296 _____ () C:\Users\ian\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-07 08:07 - 2013-09-18 22:12 - 00000000 ____D () C:\Users\ian\Downloads\Adobe.CS3.Master.Collection.Corporate
2014-02-07 08:00 - 2014-02-07 07:45 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Reweyfv
2014-02-07 04:01 - 2014-02-07 03:40 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Qoviekba
2014-02-06 23:01 - 2014-02-06 23:01 - 00012326 _____ () C:\Users\ian\AppData\Local\niomwjlk
2014-02-06 23:00 - 2014-02-06 23:00 - 00068260 _____ () C:\Users\ian\AppData\Local\elieicsp
2014-02-06 22:59 - 2014-02-06 22:59 - 00000000 _____ () C:\Users\ian\AppData\Roaming\SharedSettings.ccs
2014-02-06 21:44 - 2014-02-06 21:43 - 00005175 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-06 21:44 - 2013-12-13 20:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-06 21:44 - 2013-09-03 16:59 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-05 19:20 - 2014-02-05 19:20 - 00002668 ____N () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rmv
2014-02-05 19:20 - 2014-02-05 19:20 - 00002666 ____N () C:\windows\System32\Tasks\AVG-Secure-Search-Update_0214b_rel
2014-02-03 23:20 - 2013-12-01 10:04 - 00004332 _____ () C:\windows\AutoKMS.log
2014-02-03 23:20 - 2013-12-01 09:54 - 00000000 ____D () C:\Program Files (x86)\PasswordBox
2014-02-03 23:18 - 2013-08-31 13:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\SoftGrid Client
2014-02-03 07:23 - 2014-02-03 07:23 - 00135168 ____N () C:\Users\ian\Desktop\Timetables Group A and Group B for L4 BTEC Art & Design 13-14(1).wiz
2014-01-27 14:08 - 2013-08-31 19:10 - 00893440 ____N (BitDefender) C:\windows\system32\Drivers\avc3.sys
2014-01-27 14:08 - 2013-08-31 19:10 - 00635392 _____ (BitDefender) C:\windows\system32\Drivers\avckf.sys
2014-01-20 18:34 - 2013-08-31 08:32 - 00000000 ____D () C:\Users\ian\AppData\Roaming\uTorrent
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\Desktop\Car_Radio_Code_Calculator.eng
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\AppData\Roaming\WinRAR
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-01-20 08:57 - 2014-01-20 08:57 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-20 08:56 - 2014-01-20 08:56 - 00000000 ____D () C:\Users\ian\Downloads\WinRAR 5.00 Final (x86-x64) Incl Key - SceneDL (PimpRG)
2014-01-19 14:09 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\system32\NDF
2014-01-19 10:10 - 2014-01-19 10:09 - 00000000 ____D () C:\Users\ian\Downloads\Robot Chicken Star Wars VOSE
2014-01-14 23:05 - 2014-01-14 23:05 - 00001093 _____ () C:\Users\ian\Desktop\Continue Zip Extractor Installation.lnk
2014-01-14 22:51 - 2014-01-14 22:49 - 00000000 ____D () C:\Program Files (x86)\MagicDisc
2014-01-14 22:50 - 2014-01-14 22:50 - 00000955 _____ () C:\Users\ian\Desktop\MagicDisc.lnk
2014-01-14 22:50 - 2014-01-14 22:50 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-01-14 22:50 - 2013-08-31 07:19 - 00000000 ___RD () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-14 22:24 - 2014-01-14 22:24 - 00004432 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-updater
2014-01-14 22:24 - 2014-01-14 22:24 - 00004374 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-codedownloader
2014-01-14 22:24 - 2014-01-14 22:24 - 00004256 ____N () C:\windows\System32\Tasks\1ClickMovieDownloader v7-enabler
2014-01-14 22:24 - 2014-01-14 22:24 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
2014-01-14 22:24 - 2014-01-14 22:24 - 00000000 ____D () C:\Users\ian\AppData\Local\Cool_Mirage
2014-01-12 14:14 - 2014-01-12 14:14 - 00000000 ____D () C:\Users\ian\Downloads\Last.Stand.2013.D.BDRip.720p-Lum1x-
Some content of TEMP:
====================
C:\Users\ian\AppData\Local\Temp\ffmpegcodec.dll
C:\Users\ian\AppData\Local\Temp\ffmpegcodec1.dll
C:\Users\ian\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\ian\AppData\Local\Temp\htmlayout.dll
C:\Users\ian\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ian\AppData\Local\Temp\oi_{742160EE-1377-469E-9979-1A55A6585798}.exe
C:\Users\ian\AppData\Local\Temp\Resource.exe
C:\Users\ian\AppData\Local\Temp\sp58915.exe
C:\Users\ian\AppData\Local\Temp\sp64126.exe
C:\Users\ian\AppData\Local\Temp\uninstall-need4videovc.exe
C:\Users\ian\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\ian\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_3dd39581.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_486705ec.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_7897b9de.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a23bd31a.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_c8d4adca.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_ca61653b.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-10 18:09
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by ian at 2014-02-11 20:47:51
Running from C:\Users\ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1GXGT01Z
Boot Mode: Normal
==========================================================

==================== Security Center ========================
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
==================== Installed Programs ======================
µTorrent (HKCU Version: 3.3.2.30303 - BitTorrent Inc.)
7-Data Recovery Suite version 2.2 (x32 Version: 2.2 - SharpNight Co,Ltd)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Alpha Updater V3 (x32 Version: 1.0.0 - Novus Systems Ltd)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)
Bitdefender Total Security (Version: 17.16.0.729 - Bitdefender)
Blio (x32 Version: 3.0.9482 - K-NFB Reading Technology, Inc.)
Broadcom Bluetooth Software (Version: 6.5.1.2700 - Broadcom Corporation)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.1.3907 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.1.3907 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.5.3.5017 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.3.5017 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Facebook (x32 Version: 1.1.0004 - Hewlett-Packard)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (x32 Version: 5.1.4245.23508 - Hewlett-Packard)
HP Clock (x32 Version: 5.1.4281.27332 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP LinkUp (x32 Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (x32 Version: 5.1.15.0 - Hewlett-Packard)
HP My Display (x32 Version: 1.10.036 - Portrait Displays, Inc.)
HP Notes (x32 Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (x32 Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Remote Solution (x32 Version: 1.1.16.0 - Hewlett-Packard)
HP Remote Solution (x32 Version: 1.1.16.0 - Hewlett-Packard) Hidden
HP RSS (x32 Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (x32 Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Information (x32 Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (x32 Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (x32 Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HydraVision (x32 Version: 4.2.236.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S. OCR (x32 Version: 12.3.4.0 - HP)
IDT Audio (x32 Version: 1.0.11052.0 - IDT)
Intel(R) Management Engine Components (x32 Version: 8.0.0.1351 - Intel Corporation)
IP Camera Viewer 1.0 (x32 Version: - DeskShare Inc.)
IrfanView (remove only) (x32 Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Magic ISO Maker v5.4 (build 0239) (x32 Version: - )
Magic ISO Maker v5.5 (build 0281) (x32 Version: - )
MagicDisc 2.7.106 (x32 Version: - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (x32 Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Maintenance Service (x32 Version: 17.0.8 - Mozilla)
Mozilla Thunderbird 17.0.8 (x86 en-GB) (x32 Version: 17.0.8 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MyDriveConnect 3.3.0.1318 (x32 Version: 3.3.0.1318 - TomTom)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
PDF Complete Corporate Edition (x32 Version: 4.0.95 - PDF Complete, Inc)
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.6207 - CyberLink Corp.) Hidden
Real Alternative 2.0.2 (x32 Version: 2.0.2 - )
Realtek PCIE Card Reader (x32 Version: 6.1.7601.28099 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.5223 - CyberLink Corp.) Hidden
Remote Graphics Receiver (x32 Version: 5.4.5 - Hewlett-Packard)
SDK (x32 Version: 2.28.007 - Portrait Displays, Inc.) Hidden
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0 - TomTom International B.V.)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
WinZip 16.0 (Version: 16.0.9715 - WinZip Computing, S.L. )
Xilisoft ISO Burner (x32 Version: 1.0.56.1224 - Xilisoft)
==================== Restore Points =========================
10-02-2014 16:25:44 Removed Norton Online Backup
11-02-2014 07:47:35 before antivirus
==================== Hosts content: ==========================
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03A69FE8-2E34-45F9-98C5-7C4C50C92725} - System32\Tasks\Torntv 2-enabler => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe [2013-11-03] (installdaddy) <==== ATTENTION
Task: {19AAB081-0E7D-4318-A490-9F3827EBEF2C} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe [2013-11-03] (installdaddy) <==== ATTENTION
Task: {1FF2E577-D62C-4E42-B667-E0FEA85D204D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-21] (CyberLink)
Task: {22BCB0DF-3279-4E05-AD96-D62350A40476} - System32\Tasks\HPCeeScheduleForian => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {386615C6-3365-40FD-8538-AFA7CD4F7EC0} - System32\Tasks\Torntv 2-updater => C:\Program Files (x86)\Torntv 2\Torntv 2-updater.exe [2013-11-03] (installdaddy) <==== ATTENTION
Task: {394471E4-F325-420E-908D-097DDAECBD78} - System32\Tasks\AutoKMS => C:\windows\AutoKMS.exe
Task: {3C35C101-698F-4856-AE72-04B5244EF8DB} - System32\Tasks\1ClickMovieDownloader v7-enabler => C:\Program Files (x86)\1ClickMovieDownloader v7\1ClickMovieDownloader v7-enabler.exe
Task: {425CEC43-70EA-4CD2-9FCB-FE68D02A5BC8} - System32\Tasks\AVG-Secure-Search-Update_0214b_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {4880D371-07F6-4C55-9783-FFDAABDB81D1} - System32\Tasks\AVG-Secure-Search-Update_0214b_rmv => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_0214b.exe
Task: {6EA2DA9E-8295-4A73-B11E-351E1023D148} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {73AAF876-B4A2-4AC8-B270-71F8A5EBC49D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {8B75F2A1-BAEE-4BD2-843E-E8D00C00D501} - System32\Tasks\1ClickMovieDownloader v7-codedownloader => C:\Program Files (x86)\1ClickMovieDownloader v7\1ClickMovieDownloader v7-codedownloader.exe
Task: {96A0A077-99FB-4B4C-A454-07FEB24B58B3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN313BVK0G => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {A5D7770C-988D-45AC-A38B-19616A080557} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {A69188DD-40E7-4F5C-BA7D-16026556E133} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AAD5215E-4098-4D71-9045-55CEA0544ADF} - System32\Tasks\1ClickMovieDownloader v7-updater => C:\Program Files (x86)\1ClickMovieDownloader v7\1ClickMovieDownloader v7-updater.exe
Task: {CA34C9B7-C61D-43C5-9E7C-C1B9F7033A2B} - System32\Tasks\HPCeeScheduleForIAN-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {D18577FA-0C06-4A4A-B7EF-65AD79D8F2DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {DBF3A4D4-4C72-4C4A-A205-EB7DA134D38C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {FC693B40-D543-4911-86A8-946FD46D5522} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: C:\windows\Tasks\AutoKMS.job => ?
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job => ?
Task: C:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
Task: C:\windows\Tasks\HPCeeScheduleForIAN-HP$.job => ?
Task: C:\windows\Tasks\HPCeeScheduleForian.job => ?
==================== Loaded Modules (whitelisted) =============
2013-08-31 05:39 - 2012-04-27 22:09 - 00075264 ____N () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook64.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-08-31 05:38 - 2012-04-27 22:18 - 00269616 ____N () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dthook.dll
2013-08-31 19:10 - 2013-06-19 11:45 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-08-31 05:38 - 2010-05-13 23:34 - 00674928 _____ () C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpctrl.exe
2012-04-06 05:00 - 2012-04-06 05:00 - 00369152 ____N () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-03-12 22:01 - 2012-03-12 22:01 - 00098304 ____N () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-03-12 22:01 - 2012-03-12 22:01 - 00028672 ____N () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2013-11-01 20:11 - 2013-11-01 20:11 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-08-31 05:39 - 2012-04-27 22:03 - 00073728 ____N () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\msgHook.dll
2013-08-31 19:10 - 2013-06-19 11:44 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\antispam32\txmlutil.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00026520 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00082840 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00337816 ____N () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2013-08-31 05:39 - 2012-01-17 23:21 - 00068104 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\PEGAACPIDLL.dll
2013-08-31 05:39 - 2011-02-15 18:59 - 00015624 _____ () C:\Program Files (x86)\Hewlett-Packard\HP My Display\ACPIDll.dll
2013-08-31 05:38 - 2012-04-27 22:03 - 00180224 _____ () C:\Program Files (x86)\Common Files\Portrait Displays\Shared\PresetsCOM.dll
2013-08-31 05:39 - 2012-04-27 22:03 - 00126976 ____N () C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\DP\DPHelper.exe
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\ian\Desktop\mbam-rules.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\mbar-1.07.0.1009.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\ian\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\ian\Downloads\minecraft_server.1.6.2.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\bdgcidkd.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\cbdmebgj.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\doavscfh.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\iltjspig.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\omvaaqtq.exe:BDU
==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (02/10/2014 11:50:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: qiinect.exe, version: 1792.0.35608.45029, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01c3a44d
Faulting process id: 0x2894
Faulting application start time: 0xqiinect.exe0
Faulting application path: qiinect.exe1
Faulting module path: qiinect.exe2
Report Id: qiinect.exe3
Error: (02/10/2014 11:12:33 PM) (Source: Application Error) (User: )
Description: Faulting application name: qiinect.exe, version: 1792.0.35608.45029, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0053a44d
Faulting process id: 0x234c
Faulting application start time: 0xqiinect.exe0
Faulting application path: qiinect.exe1
Faulting module path: qiinect.exe2
Report Id: qiinect.exe3
Error: (02/10/2014 11:11:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: qiinect.exe, version: 1792.0.35608.45029, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047a44d
Faulting process id: 0x1228
Faulting application start time: 0xqiinect.exe0
Faulting application path: qiinect.exe1
Faulting module path: qiinect.exe2
Report Id: qiinect.exe3
Error: (02/10/2014 03:06:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047a44d
Faulting process id: 0x3a9c
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 01:14:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x003ea44d
Faulting process id: 0x3ea4
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 00:35:54 PM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047a44d
Faulting process id: 0x3358
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 00:14:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0054a44d
Faulting process id: 0xd40
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 00:08:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x01c8a44d
Faulting process id: 0x51a8
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 11:57:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047a44d
Faulting process id: 0x35ec
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3
Error: (02/10/2014 11:48:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: duamk.exe, version: 0.3584.48729.14925, time stamp: 0x52ed2b30
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0047a44d
Faulting process id: 0x147c
Faulting application start time: 0xduamk.exe0
Faulting application path: duamk.exe1
Faulting module path: duamk.exe2
Report Id: duamk.exe3

System errors:
=============
Error: (02/11/2014 06:25:58 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 18:23:55 on ‎11/‎02/‎2014 was unexpected.
Error: (02/11/2014 04:30:56 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer GUISEPPI
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:20:34 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:19:40 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:15:35 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:13:52 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:12:37 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:06:56 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:05:41 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.
Error: (02/11/2014 10:04:29 AM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer JOANNE-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5D6C7040-453D-47F0-85FF-B83056551CBB}.
The master browser is stopping or an election is being forced.

Microsoft Office Sessions:
=========================
Error: (02/10/2014 11:50:14 PM) (Source: Application Error)(User: )
Description: qiinect.exe1792.0.35608.4502952ed2b30unknown0.0.0.000000000c000000501c3a44d289401cf26b97f216a8dC:\Users\ian\AppData\Roaming\Baxypub\qiinect.exeunknown1551d46b-92ae-11e3-8955-9cb70d8061af
Error: (02/10/2014 11:12:33 PM) (Source: Application Error)(User: )
Description: qiinect.exe1792.0.35608.4502952ed2b30unknown0.0.0.000000000c00000050053a44d234c01cf26b43127c461C:\Users\ian\AppData\Roaming\Baxypub\qiinect.exeunknownd1c3b8df-92a8-11e3-8955-9cb70d8061af
Error: (02/10/2014 11:11:23 PM) (Source: Application Error)(User: )
Description: qiinect.exe1792.0.35608.4502952ed2b30unknown0.0.0.000000000c00000050047a44d122801cf26b40f22ecedC:\Users\ian\AppData\Roaming\Baxypub\qiinect.exeunknowna83ee8ed-92a8-11e3-8955-9cb70d8061af
Error: (02/10/2014 03:06:24 PM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c00000050047a44d3a9c01cf2670455c1939C:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknowne80b186c-9264-11e3-8681-9cb70d8061af
Error: (02/10/2014 01:14:40 PM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c0000005003ea44d3ea401cf26609dbe85afC:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknown4c27ecfd-9255-11e3-8681-9cb70d8061af
Error: (02/10/2014 00:35:54 PM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c00000050047a44d335801cf265b36764ab8C:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknowne1a8aa5b-924f-11e3-8681-9cb70d8061af
Error: (02/10/2014 00:14:48 PM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c00000050054a44dd4001cf26585422d82dC:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknownef10a9a1-924c-11e3-8681-9cb70d8061af
Error: (02/10/2014 00:08:06 PM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c000000501c8a44d51a801cf265767d76a4aC:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknownff72644c-924b-11e3-8681-9cb70d8061af
Error: (02/10/2014 11:57:36 AM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c00000050047a44d35ec01cf2655ef26c7bfC:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknown87effbe3-924a-11e3-8681-9cb70d8061af
Error: (02/10/2014 11:48:58 AM) (Source: Application Error)(User: )
Description: duamk.exe0.3584.48729.1492552ed2b30unknown0.0.0.000000000c00000050047a44d147c01cf2654bd57c714C:\Users\ian\AppData\Roaming\Wetaup\duamk.exeunknown53347056-9249-11e3-8681-9cb70d8061af

==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 6100.12 MB
Available physical RAM: 3897.27 MB
Total Pagefile: 12198.42 MB
Available Pagefile: 9355.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1851.22 GB) (Free:1714.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:11.58 GB) (Free:1.39 GB) NTFS
Drive f: (INVOICES) (Removable) (Total:1.81 GB) (Free:1.75 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 37D34F25)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)
==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    6.3 KB · Views: 6
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by ian at 2014-02-11 21:21:27 Run:1
Running from C:\Users\ian\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM-x32\...\Run: [] - [X]
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.a...33C5C580A0&q={searchTerms}&SSPV=T21020A_sp_ie
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
2014-02-11 02:44 - 2014-02-11 18:42 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Osqyild
2014-02-11 02:41 - 2014-02-11 02:41 - 00068921 _____ () C:\Users\ian\AppData\Local\lttfmitj.exe
2014-02-10 23:34 - 2014-02-10 23:34 - 00000000 ____D () C:\Users\ian\AppData\Local\SearchProtect
2014-02-10 22:58 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Iqicymlo
2014-02-10 22:44 - 2014-02-11 00:09 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Baxypub
2014-02-10 21:13 - 2014-02-10 23:02 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wyzapei
2014-02-10 16:06 - 2014-02-10 16:06 - 00143360 _____ () C:\Users\ian\AppData\Local\cffoxkmm.exe
2014-02-10 14:51 - 2014-02-10 15:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Yvagcify
2014-02-10 14:47 - 2014-02-10 21:15 - 00126265 _____ () C:\Users\ian\AppData\Local\omvaaqtq.exe
2014-02-10 10:43 - 2014-02-10 21:55 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Wetaup
2014-02-10 10:38 - 2014-02-10 21:06 - 00126265 _____ () C:\Users\ian\AppData\Local\iltjspig.exe
2014-02-10 06:43 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\doavscfh.exe
2014-02-10 02:35 - 2014-02-10 17:18 - 00126265 _____ () C:\Users\ian\AppData\Local\bdgcidkd.exe
2014-02-09 22:40 - 2014-02-10 17:30 - 00126265 _____ () C:\Users\ian\AppData\Local\cbdmebgj.exe
2014-02-09 06:39 - 2014-02-09 07:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Afybir
2014-02-09 02:44 - 2014-02-09 03:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Abidva
2014-02-09 01:12 - 2014-02-09 02:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Aksawa
2014-02-08 23:37 - 2014-02-08 23:37 - 00090112 _____ () C:\Users\ian\AppData\Local\gtadbiof.exe
2014-02-08 23:24 - 2014-02-08 23:24 - 00090112 _____ () C:\Users\ian\AppData\Local\hsswacxt.exe
2014-02-08 23:11 - 2014-02-08 23:11 - 00090112 _____ () C:\Users\ian\AppData\Local\hcfjownm.exe
2014-02-08 22:58 - 2014-02-08 22:58 - 00090112 _____ () C:\Users\ian\AppData\Local\flchicob.exe
2014-02-08 22:45 - 2014-02-08 22:45 - 00090112 _____ () C:\Users\ian\AppData\Local\nkbppbcb.exe
2014-02-08 21:52 - 2014-02-08 21:52 - 00090112 _____ () C:\Users\ian\AppData\Local\xhsucbxm.exe
2014-02-08 21:39 - 2014-02-08 21:39 - 00090112 _____ () C:\Users\ian\AppData\Local\xobgcvmx.exe
2014-02-08 21:26 - 2014-02-08 21:26 - 00090112 _____ () C:\Users\ian\AppData\Local\upeqgtan.exe
2014-02-08 21:13 - 2014-02-08 21:13 - 00090112 _____ () C:\Users\ian\AppData\Local\eafcpgkr.exe
2014-02-08 19:42 - 2014-02-08 19:42 - 00090112 _____ () C:\Users\ian\AppData\Local\fqehtdip.exe
2014-02-08 19:29 - 2014-02-08 19:29 - 00090112 _____ () C:\Users\ian\AppData\Local\lemotnld.exe
2014-02-08 19:16 - 2014-02-08 19:16 - 00090112 _____ () C:\Users\ian\AppData\Local\pudlxtxg.exe
2014-02-08 19:03 - 2014-02-08 19:03 - 00090112 _____ () C:\Users\ian\AppData\Local\dnmfqofh.exe
2014-02-08 18:50 - 2014-02-08 18:50 - 00090112 _____ () C:\Users\ian\AppData\Local\jgoptgtf.exe
2014-02-08 18:37 - 2014-02-08 18:37 - 00090112 _____ () C:\Users\ian\AppData\Local\mnfkcvrx.exe
2014-02-08 14:46 - 2014-02-10 16:16 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Obykbiwa
2014-02-07 22:50 - 2014-02-07 23:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ydveos
2014-02-07 18:41 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Ocugorg
2014-02-07 07:45 - 2014-02-07 08:00 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Reweyfv
2014-02-07 03:40 - 2014-02-07 04:01 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Qoviekba
2014-02-06 23:01 - 2014-02-10 16:13 - 00000000 ____D () C:\Users\ian\AppData\Roaming\Idydufmi
2014-02-06 23:01 - 2014-02-06 23:01 - 00012326 _____ () C:\Users\ian\AppData\Local\niomwjlk
2014-02-06 23:00 - 2014-02-06 23:00 - 00068260 _____ () C:\Users\ian\AppData\Local\elieicsp
C:\Users\ian\AppData\Local\Temp\ffmpegcodec.dll
C:\Users\ian\AppData\Local\Temp\ffmpegcodec1.dll
C:\Users\ian\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\ian\AppData\Local\Temp\htmlayout.dll
C:\Users\ian\AppData\Local\Temp\ntdll_dump.dll
C:\Users\ian\AppData\Local\Temp\oi_{742160EE-1377-469E-9979-1A55A6585798}.exe
C:\Users\ian\AppData\Local\Temp\Resource.exe
C:\Users\ian\AppData\Local\Temp\sp58915.exe
C:\Users\ian\AppData\Local\Temp\sp64126.exe
C:\Users\ian\AppData\Local\Temp\uninstall-need4videovc.exe
C:\Users\ian\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\ian\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_3dd39581.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_486705ec.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_7897b9de.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a23bd31a.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_c8d4adca.exe
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_ca61653b.exe
Task: {03A69FE8-2E34-45F9-98C5-7C4C50C92725} - System32\Tasks\Torntv 2-enabler => C:\Program Files (x86)\Torntv 2\Torntv 2-enabler.exe [2013-11-03] (installdaddy) <==== ATTENTION
Task: {19AAB081-0E7D-4318-A490-9F3827EBEF2C} - System32\Tasks\Torntv 2-codedownloader => C:\Program Files (x86)\Torntv 2\Torntv 2-codedownloader.exe [2013-11-03] (installdaddy) <==== ATTENTION
AlternateDataStreams: C:\Users\ian\Desktop\mbam-rules.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\mbar-1.07.0.1009.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\Minecraft.exe:BDU
AlternateDataStreams: C:\Users\ian\Desktop\RogueKiller.exe:BDU
AlternateDataStreams: C:\Users\ian\Downloads\dds.com:BDU
AlternateDataStreams: C:\Users\ian\Downloads\minecraft_server.1.6.2.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\bdgcidkd.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\cbdmebgj.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\doavscfh.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\iltjspig.exe:BDU
AlternateDataStreams: C:\Users\ian\AppData\Local\omvaaqtq.exe:BDU
*****************
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
C:\Users\ian\AppData\Roaming\Osqyild => Moved successfully.
"C:\Users\ian\AppData\Local\lttfmitj.exe" => File/Directory not found.
C:\Users\ian\AppData\Local\SearchProtect => Moved successfully.
C:\Users\ian\AppData\Roaming\Iqicymlo => Moved successfully.
C:\Users\ian\AppData\Roaming\Baxypub => Moved successfully.
C:\Users\ian\AppData\Roaming\Wyzapei => Moved successfully.
C:\Users\ian\AppData\Local\cffoxkmm.exe => Moved successfully.
C:\Users\ian\AppData\Roaming\Yvagcify => Moved successfully.
C:\Users\ian\AppData\Local\omvaaqtq.exe => Moved successfully.
C:\Users\ian\AppData\Roaming\Wetaup => Moved successfully.
C:\Users\ian\AppData\Local\iltjspig.exe => Moved successfully.
C:\Users\ian\AppData\Local\doavscfh.exe => Moved successfully.
C:\Users\ian\AppData\Local\bdgcidkd.exe => Moved successfully.
C:\Users\ian\AppData\Local\cbdmebgj.exe => Moved successfully.
C:\Users\ian\AppData\Roaming\Afybir => Moved successfully.
C:\Users\ian\AppData\Roaming\Abidva => Moved successfully.
C:\Users\ian\AppData\Roaming\Aksawa => Moved successfully.
C:\Users\ian\AppData\Local\gtadbiof.exe => Moved successfully.
C:\Users\ian\AppData\Local\hsswacxt.exe => Moved successfully.
C:\Users\ian\AppData\Local\hcfjownm.exe => Moved successfully.
C:\Users\ian\AppData\Local\flchicob.exe => Moved successfully.
C:\Users\ian\AppData\Local\nkbppbcb.exe => Moved successfully.
C:\Users\ian\AppData\Local\xhsucbxm.exe => Moved successfully.
C:\Users\ian\AppData\Local\xobgcvmx.exe => Moved successfully.
C:\Users\ian\AppData\Local\upeqgtan.exe => Moved successfully.
C:\Users\ian\AppData\Local\eafcpgkr.exe => Moved successfully.
C:\Users\ian\AppData\Local\fqehtdip.exe => Moved successfully.
C:\Users\ian\AppData\Local\lemotnld.exe => Moved successfully.
C:\Users\ian\AppData\Local\pudlxtxg.exe => Moved successfully.
C:\Users\ian\AppData\Local\dnmfqofh.exe => Moved successfully.
C:\Users\ian\AppData\Local\jgoptgtf.exe => Moved successfully.
C:\Users\ian\AppData\Local\mnfkcvrx.exe => Moved successfully.
C:\Users\ian\AppData\Roaming\Obykbiwa => Moved successfully.
C:\Users\ian\AppData\Roaming\Ydveos => Moved successfully.
C:\Users\ian\AppData\Roaming\Ocugorg => Moved successfully.
C:\Users\ian\AppData\Roaming\Reweyfv => Moved successfully.
C:\Users\ian\AppData\Roaming\Qoviekba => Moved successfully.
C:\Users\ian\AppData\Roaming\Idydufmi => Moved successfully.
C:\Users\ian\AppData\Local\niomwjlk => Moved successfully.
C:\Users\ian\AppData\Local\elieicsp => Moved successfully.
C:\Users\ian\AppData\Local\Temp\ffmpegcodec.dll => Moved successfully.
C:\Users\ian\AppData\Local\Temp\ffmpegcodec1.dll => Moved successfully.
C:\Users\ian\AppData\Local\Temp\HPHelpUpdater.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\htmlayout.dll => Moved successfully.
C:\Users\ian\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
C:\Users\ian\AppData\Local\Temp\oi_{742160EE-1377-469E-9979-1A55A6585798}.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\Resource.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\sp58915.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\uninstall-need4videovc.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UNINSTALL.EXE => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_3dd39581.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_486705ec.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_7897b9de.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_a23bd31a.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_c8d4adca.exe => Moved successfully.
C:\Users\ian\AppData\Local\Temp\UpdateFlashPlayer_ca61653b.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{03A69FE8-2E34-45F9-98C5-7C4C50C92725} => Error deleting key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03A69FE8-2E34-45F9-98C5-7C4C50C92725} => Error deleting key
C:\Windows\System32\Tasks\Torntv 2-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv 2-enabler => Error deleting key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19AAB081-0E7D-4318-A490-9F3827EBEF2C} => Error deleting key
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19AAB081-0E7D-4318-A490-9F3827EBEF2C} => Error deleting key
C:\Windows\System32\Tasks\Torntv 2-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Torntv 2-codedownloader => Error deleting key
C:\Users\ian\Desktop\mbam-rules.exe => ":BDU" ADS removed successfully.
C:\Users\ian\Desktop\mbar-1.07.0.1009.exe => ":BDU" ADS removed successfully.
C:\Users\ian\Desktop\Minecraft.exe => ":BDU" ADS removed successfully.
C:\Users\ian\Desktop\RogueKiller.exe => ":BDU" ADS removed successfully.
C:\Users\ian\Downloads\dds.com => ":BDU" ADS removed successfully.
C:\Users\ian\Downloads\minecraft_server.1.6.2.exe => ":BDU" ADS removed successfully.
"C:\Users\ian\AppData\Local\bdgcidkd.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\cbdmebgj.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\doavscfh.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\iltjspig.exe" => ":BDU" ADS not found.
"C:\Users\ian\AppData\Local\omvaaqtq.exe" => ":BDU" ADS not found.
==== End of Fixlog ====
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
ComboFix 14-02-11.01 - ian 11/02/2014 23:18:08.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6100.3928 [GMT 0:00]
Running from: c:\users\ian\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1377975119.bdinstall.bin
c:\users\ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\qualitink_iels
.
.
((((((((((((((((((((((((( Files Created from 2014-01-11 to 2014-02-11 )))))))))))))))))))))))))))))))
.
.
2014-02-11 23:26 . 2014-02-11 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-11 23:04 . 2014-02-11 23:04 -------- d-----w- c:\users\ian\AppData\Local\ian-day
2014-02-11 20:46 . 2014-02-11 21:21 -------- d-----w- C:\FRST
2014-02-11 07:50 . 2014-02-11 17:42 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-02-11 07:50 . 2014-02-11 17:41 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-02-11 07:49 . 2014-02-11 07:49 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-01-20 08:57 . 2014-01-20 08:57 -------- d-----w- c:\program files\WinRAR
2014-01-14 22:49 . 2014-01-14 22:51 -------- d-----w- c:\program files (x86)\MagicDisc
2014-01-14 22:49 . 2009-02-24 18:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2014-01-14 22:49 . 2009-02-24 18:35 255552 ------w- c:\windows\system32\drivers\mcdbus.sys
2014-01-14 22:24 . 2014-01-14 22:24 -------- d-----w- c:\users\ian\AppData\Local\Cool_Mirage
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-27 14:08 . 2013-08-31 19:10 893440 ------w- c:\windows\system32\drivers\avc3.sys
2014-01-27 14:08 . 2013-08-31 19:10 635392 ----a-w- c:\windows\system32\drivers\avckf.sys
2013-12-21 23:06 . 2013-12-21 23:06 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-21 23:06 . 2013-12-21 23:06 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-21 23:06 . 2013-12-21 23:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-21 23:06 . 2013-12-21 23:06 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-21 23:06 . 2013-12-21 23:06 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-21 23:06 . 2013-12-21 23:06 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-21 23:06 . 2013-12-21 23:06 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-21 23:06 . 2013-12-21 23:06 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-21 23:06 . 2013-12-21 23:06 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-21 23:06 . 2013-12-21 23:06 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-21 23:06 . 2013-12-21 23:06 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-21 23:06 . 2013-12-21 23:06 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-21 23:06 . 2013-12-21 23:06 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-21 23:06 . 2013-12-21 23:06 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-21 23:06 . 2013-12-21 23:06 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-21 23:06 . 2013-12-21 23:06 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-21 23:06 . 2013-12-21 23:06 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-21 23:06 . 2013-12-21 23:06 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-21 23:06 . 2013-12-21 23:06 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-21 23:06 . 2013-12-21 23:06 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-21 23:06 . 2013-12-21 23:06 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-21 23:06 . 2013-12-21 23:06 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-21 23:06 . 2013-12-21 23:06 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-21 23:06 . 2013-12-21 23:06 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-21 23:06 . 2013-12-21 23:06 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-21 23:06 . 2013-12-21 23:06 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 23:06 . 2013-12-21 23:06 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-21 23:06 . 2013-12-21 23:06 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-21 23:06 . 2013-12-21 23:06 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-21 23:06 . 2013-12-21 23:06 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-21 23:06 . 2013-12-21 23:06 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-21 23:06 . 2013-12-21 23:06 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-21 23:06 . 2013-12-21 23:06 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-21 23:06 . 2013-12-21 23:06 413696 ----a-w- c:\windows\system32\html.iec
2013-12-21 23:06 . 2013-12-21 23:06 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-21 23:06 . 2013-12-21 23:06 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-21 23:06 . 2013-12-21 23:06 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-21 23:06 . 2013-12-21 23:06 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-21 23:06 . 2013-12-21 23:06 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-21 23:06 . 2013-12-21 23:06 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-21 23:06 . 2013-12-21 23:06 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-21 23:06 . 2013-12-21 23:06 235520 ----a-w- c:\windows\system32\url.dll
2013-12-21 23:06 . 2013-12-21 23:06 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-21 23:06 . 2013-12-21 23:06 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-21 23:06 . 2013-12-21 23:06 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-21 23:06 . 2013-12-21 23:06 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-21 23:06 . 2013-12-21 23:06 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-21 23:06 . 2013-12-21 23:06 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-21 23:06 . 2013-12-21 23:06 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-21 23:06 . 2013-12-21 23:06 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-21 23:06 . 2013-12-21 23:06 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-21 23:06 . 2013-12-21 23:06 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-21 23:06 . 2013-12-21 23:06 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-21 23:06 . 2013-12-21 23:06 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-21 23:06 . 2013-12-21 23:06 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-21 23:06 . 2013-12-21 23:06 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-21 23:06 . 2013-12-21 23:06 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-21 23:06 . 2013-12-21 23:06 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-21 23:06 . 2013-12-21 23:06 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-21 23:02 . 2013-09-01 15:41 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 21:09 . 2013-12-13 20:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-14 11:49 . 2013-12-14 11:49 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-12-14 11:46 . 2013-12-14 11:46 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-12-10 11:07 . 2013-12-10 11:07 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-12-10 11:06 . 2013-12-10 11:06 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-11-26 11:54 . 2014-01-01 14:02 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2014-01-01 14:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2014-01-01 14:02 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2014-01-01 14:02 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2014-01-01 14:02 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2014-01-01 14:02 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2014-01-01 14:02 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2014-01-01 14:02 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2014-01-01 14:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2014-01-01 14:02 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2014-01-01 14:02 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2014-01-01 14:02 111616 ------w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2014-01-01 14:02 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2014-01-01 14:02 218624 ------w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2014-01-01 14:01 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2014-01-01 14:02 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2014-01-01 14:01 4243968 ------w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2014-01-01 14:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2014-01-01 14:01 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2014-01-01 14:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2014-01-01 14:01 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2014-01-01 14:01 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2014-01-01 14:02 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2014-01-01 14:02 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-12 16:27 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 16:27 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-02-06 567888]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-02-06 1001536]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-02-06 614232]
"MyDriveConnect.exe"="c:\program files (x86)\MyDrive Connect\MyDriveConnect.exe" [2013-10-21 473496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2012-02-21 61112]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2012-04-04 684024]
"PivotSoftware"="c:\program files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe" [2010-05-13 110192]
"DT HPO"="c:\program files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe" [2012-04-27 121648]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-02-06 567888]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-02-06 1001536]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-02-06 614232]
.
c:\users\ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2014-1-14 576000]
Monitor Ink Alerts - HP Officejet Pro 8600.lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet Pro 8600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN313BVK0G05KC;CONNECTION=USB;MONITOR=1; [2009-7-13 45568]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/08/30 22:36;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys;c:\windows\SYSNATIVE\DRIVERS\avckf.sys [x]
R3 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [x]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys;c:\windows\SYSNATIVE\drivers\bdsandbox.sys [x]
R3 BR_MCU;br_mcu2usb.sys USB Driver;c:\windows\system32\Drivers\br_mcu2usb.sys;c:\windows\SYSNATIVE\Drivers\br_mcu2usb.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys;c:\windows\SYSNATIVE\DRIVERS\avc3.sys [x]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys;c:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [x]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x]
S1 BDVEDISK;BDVEDISK;c:\windows\system32\DRIVERS\bdvedisk.sys;c:\windows\SYSNATIVE\DRIVERS\bdvedisk.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 msi2500scan;msi2500scan;c:\program files\MiricsFlexiTV\Driver\msi2500scan.exe;c:\program files\MiricsFlexiTV\Driver\msi2500scan.exe [x]
S2 MSiDVBT;MSiDVBT;c:\program files\MiricsFlexiTV\DVBT\DVBService.exe;c:\program files\MiricsFlexiTV\DVBT\DVBService.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe;c:\program files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 SafeBox;SafeBox;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe;c:\program files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys;c:\windows\SYSNATIVE\DRIVERS\avchv.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MSi2500BDA;AVerMsiBDA service;c:\windows\system32\DRIVERS\AVerMsiBDA.sys;c:\windows\SYSNATIVE\DRIVERS\AVerMsiBDA.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Contents of the 'Scheduled Tasks' folder
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\AVG-Secure-Search-Update_0214b_rel.job
c:\windows\Tasks\AVG-Secure-Search-Update_0214b_rmv.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForIAN-HP$.job
c:\windows\Tasks\HPCeeScheduleForian.job
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1]
@="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}"
[HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}]
2013-07-08 14:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2]
@="{342DAA0B-D796-460D-8566-901E08A1CCAD}"
[HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}]
2013-07-08 14:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3]
@="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}"
[HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}]
2013-07-08 14:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4]
@="{33816773-98AE-4723-ADE0-EBE54C8B5A67}"
[HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}]
2013-07-08 14:59 206352 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-08-24 37888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-09-26 1424896]
"HPSYSDRV"="c:\program files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE" [2008-11-20 62768]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-01-27 1737920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-28 21720]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: google.co.uk\www
Trusted Zone: google.com\www
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {46D8BEE7-0B27-4466-ABA2-A5F1E157971C} - hxxp://192.168.0.25/RemoteWeb.cab
DPF: {542CB1D4-810D-4864-8F91-D530B50E89AE} - hxxp://192.168.0.25/Components.cab
DPF: {5FFDFC21-AE40-4C7C-955C-415A1ACE01C8} - hxxp://192.168.0.25/VideoViewer.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{438363A8-F486-4C37-834C-4955773CB3D3} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-02-11 23:29:20
ComboFix-quarantined-files.txt 2014-02-11 23:29
.
Pre-Run: 1,887,572,705,280 bytes free
Post-Run: 1,893,919,416,320 bytes free
.
- - End Of File - - 23A7B06FAEDD8DF29C0FF72C85837F8C
 
Looks good.

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
For some reason I don't seen to be able to open them its asking what programme do I want to open them with
 
You must log in or register to reply here.

Similar threads

Cal Jeffrey
Once again the FCC votes 3-2 to reinstitute Title II net neutrality rules
2
Replies
26
Views
912
Puiu
Puiu
Cal Jeffrey
Comcast becomes the latest ISP caught providing false coverage data to the FCC
Replies
11
Views
637
rsmith222
R
Cal Jeffrey
Microsoft's GPT-powered Bing Chat will call you a liar if you try to prove it is vulnerable
Replies
19
Views
1K
Gastec
Gastec

Latest posts

Back