Jump to content

jaiz

Honorary Members
  • Posts

    134
  • Joined

  • Last visited

Everything posted by jaiz

  1. I right clicked but didn't find the option you spoke of. The only thing I see is modify, modify binary data, and delete. With modify binary date is shows value data 0 0 0 0
  2. I browsed to that key but the only thing contained in it is (Default) REG_SZ
  3. I think I'll use one of your guys' lines to me 'Are you still here with us?' Haha
  4. Hope this one works http://www74.zippyshare.com/v/44548506/file.html
  5. Hopefully you can download these http://ul.to/k7foh56f http://ul.to/i5dq2vru http://ul.to/9fpj1f3x
  6. I downloaded and installed avast, it was all up to date and I did a full system scan and no viruses were found.
  7. It seems that the issue I'm having is being misinterpreted or not fully understood. With everything we have done, Microsoft Security Essentials has not been able to be properly installed as whenever I've tried to install I get an error. All this time I have had no anti-virus protection because of the issue with MSE. That is basically the reason why I posted this thread.
  8. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-08-2013 02 Ran by Jeremy at 2013-08-23 00:24:22 Run:3 Running from C:\Users\Jeremy\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** DeleteJunctionsInDirectory: C:\ProgramData\Microsoft\Microsoft Antimalware DeleteJunctionsInDirectory: C:\program files\windows defender DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x] HKCU\...\Run: [EV_Autowatcher_Download-Carbon0x] - C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe [x] HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) R0 10354613; C:\Windows\System32\DRIVERS\10354613.sys [460888 2013-07-02] (Kaspersky Lab ZAO) R0 24441005; C:\Windows\System32\DRIVERS\24441005.sys [460888 2013-07-01] (Kaspersky Lab ZAO) Task: {177EF570-739F-4316-8415-AE1C70CFA817} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {21B71444-CDB3-4008-A554-6E002191A0FE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {2360DA8A-09B0-4CB1-8985-08142FBC4C3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {42465A7E-4F7E-4B09-9468-2C715E22E77F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {61662508-FD9B-4527-B1E0-022DC2836D7C} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {735C4EF9-8FD8-40C6-A8FB-AEA0F5D6B6D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {A4799F67-7709-457F-BF9D-9285A45CAD90} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {EDA65AB4-11B7-444C-B343-C066822192CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {F0C206AF-FA61-4EC6-A7BE-55B4B143622E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ***************** "C:\ProgramData\Microsoft\Microsoft Antimalware" => Deleting reparse point and unlocking started. "C:\ProgramData\Microsoft\Microsoft Antimalware" => Deleting reparse point and unlocking completed. "C:\program files\windows defender" => Deleting reparse point and unlocking started. "C:\program files\windows defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Microsoft Security Client" => Not Found HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\MSC => Value not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\EV_Autowatcher_Download-Carbon0x => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value not found. 10354613 => Service not found. 24441005 => Service not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{177EF570-739F-4316-8415-AE1C70CFA817} => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21B71444-CDB3-4008-A554-6E002191A0FE} => Key not found. C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2360DA8A-09B0-4CB1-8985-08142FBC4C3A} => Key not found. C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42465A7E-4F7E-4B09-9468-2C715E22E77F} => Key not found. C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61662508-FD9B-4527-B1E0-022DC2836D7C} => Key not found. C:\Windows\System32\Tasks\Go for FilesUpdate not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Go for FilesUpdate => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{735C4EF9-8FD8-40C6-A8FB-AEA0F5D6B6D1} => Key not found. C:\Windows\System32\Tasks\CCleanerSkipUAC not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4799F67-7709-457F-BF9D-9285A45CAD90} => Key not found. C:\Windows\System32\Tasks\Microsoft\Windows Defender\MpIdleTask not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MpIdleTask => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EDA65AB4-11B7-444C-B343-C066822192CD} => Key not found. C:\Windows\System32\Tasks\Adobe Flash Player Updater not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C206AF-FA61-4EC6-A7BE-55B4B143622E} => Key not found. C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Key not found. C:\Windows\Tasks\Adobe Flash Player Updater.job not found. C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job not found. C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job not found. ==== End of Fixlog ====
  9. I searched for erunt through the start menu and didn't find anything. I searched my comp and I see an Erunt folder in the windows folder on my C drive. In it contains a folder called JRT, and I see one .exe file (ERDNT.exe) I ran it as administrator and it appears to be the right file. I just wanted to check with you to make sure it's the right file and it's safe to do so.
  10. Ok I overlooked the post as it's still there. I'm sorry for all this complication, but I'm still not understanding how to access the ERUNT. You said to right click the ERUNT, but I don't know what to right click, and where to go to right click. I know where backup and restore is, but don't know where the ERUNT is. That's what I was trying to figure out.
  11. I'm really not following. Didn't you have a whole post giving me further instruction that started with the erunt thing? How do I access erunt?
  12. MiniToolBox by Farbar Version: 13-07-2013 Ran by Jeremy (administrator) on 16-08-2013 at 03:14:47 Running from "C:\Users\Jeremy\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek PCIe GBE Family Controller = Local Area Connection (Connected) Dell Wireless 1502 802.11b/g/n = Wireless Network Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Jeremy-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cable.rcn.com Wireless LAN adapter Wireless Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Dell Wireless 1502 802.11b/g/n Physical Address. . . . . . . . . : 64-27-37-60-AF-DE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : cable.rcn.com Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : D0-67-E5-2C-81-65 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c04e:9d:9236:e247%11(Preferred) IPv4 Address. . . . . . . . . . . : 64.121.251.77(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.240.0 Lease Obtained. . . . . . . . . . : Friday, August 16, 2013 1:47:23 AM Lease Expires . . . . . . . . . . : Friday, August 23, 2013 1:47:23 AM Default Gateway . . . . . . . . . : 64.121.240.1 DHCP Server . . . . . . . . . . . : 208.58.240.81 DHCPv6 IAID . . . . . . . . . . . : 248539109 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-AB-A3-90-D0-67-E5-2C-81-65 DNS Servers . . . . . . . . . . . : 208.59.247.45 208.59.247.46 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Reusable ISATAP Interface {366321F1-0DD8-44C8-A286-5A70D9DCBD6F}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Reusable ISATAP Interface {5BE18EE5-CD32-4479-9F99-F1DD4CDD84A7}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Reusable ISATAP Interface {AB1AD069-2408-4C51-AAB6-9DD8C659A4B0}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : cable.rcn.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Reusable Microsoft 6To4 Adapter: Connection-specific DNS Suffix . : cable.rcn.com Description . . . . . . . . . . . : Microsoft 6to4 Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2002:4079:fb4d::4079:fb4d(Preferred) Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 208.59.247.45 208.59.247.46 NetBIOS over Tcpip. . . . . . . . : Disabled Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:3ce2:2365:bf86:4b2(Preferred) Link-local IPv6 Address . . . . . : fe80::3ce2:2365:bf86:4b2%16(Preferred) Default Gateway . . . . . . . . . : NetBIOS over Tcpip. . . . . . . . : Disabled Server: ns2.dns.rcn.net Address: 208.59.247.45 Name: google.com Addresses: 2607:f8b0:4006:803::1007 207.172.195.230 207.172.195.212 207.172.195.229 207.172.195.218 207.172.195.249 207.172.195.227 207.172.195.208 207.172.195.219 207.172.195.216 207.172.195.240 207.172.195.245 207.172.195.241 207.172.195.238 207.172.195.223 207.172.195.234 207.172.195.251 Pinging google.com [207.172.195.245] with 32 bytes of data: Reply from 207.172.195.245: bytes=32 time=7ms TTL=62 Reply from 207.172.195.245: bytes=32 time=7ms TTL=62 Ping statistics for 207.172.195.245: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 7ms, Maximum = 7ms, Average = 7ms Server: ns2.dns.rcn.net Address: 208.59.247.45 Name: yahoo.com Addresses: 98.138.253.109 98.139.183.24 206.190.36.45 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=86ms TTL=51 Reply from 206.190.36.45: bytes=32 time=92ms TTL=51 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 86ms, Maximum = 92ms, Average = 89ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 12...64 27 37 60 af de ......Dell Wireless 1502 802.11b/g/n 11...d0 67 e5 2c 81 65 ......Realtek PCIe GBE Family Controller 1...........................Software Loopback Interface 1 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter #2 16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 64.121.240.1 64.121.251.77 20 64.121.240.0 255.255.240.0 On-link 64.121.251.77 276 64.121.251.77 255.255.255.255 On-link 64.121.251.77 276 64.121.255.255 255.255.255.255 On-link 64.121.251.77 276 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 64.121.251.77 276 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 64.121.251.77 276 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 16 58 2001::/32 On-link 16 306 2001:0:9d38:6abd:3ce2:2365:bf86:4b2/128 On-link 15 1025 2002::/16 On-link 15 281 2002:4079:fb4d::4079:fb4d/128 On-link 11 276 fe80::/64 On-link 16 306 fe80::/64 On-link 16 306 fe80::3ce2:2365:bf86:4b2/128 On-link 11 276 fe80::c04e:9d:9236:e247/128 On-link 1 306 ff00::/8 On-link 16 306 ff00::/8 On-link 11 276 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (08/16/2013 01:51:59 AM) (Source: Microsoft Security Client Setup) (User: Jeremy-PC) Description: HRESULT:0x80070643 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:49:04 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (08/16/2013 01:47:21 AM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/16/2013 01:47:14 AM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/16/2013 01:46:32 AM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/15/2013 10:51:45 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/15/2013 10:51:24 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/15/2013 04:54:53 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/15/2013 04:54:31 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (08/15/2013 00:50:34 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-09 15:23:06.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.888 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.841 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.795 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.872 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958) 64 Bit HP CIO Components Installer (Version: 7.2.8) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AAMS Auto Audio Mastering System V2.5 Adobe AIR (Version: 2.6.0.19140) Adobe AIR (Version: 3.6.0.6090) Adobe Audition 1.5 (Version: 1.5) Adobe Audition 3.0 (Version: 3.0) Adobe Audition 3.0 Vista Compatibility Adobe Community Help (Version: 3.5.23) Adobe Flash Player 11 ActiveX (Version: 11.7.700.202) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Photoshop CS5.1 (Version: 12.1) Adobe Premiere Elements 10 (Version: 10.0) Adobe Premiere Elements 10 Content (Version: 10.0) Adobe Premiere Elements 10 Content 1 (Version: 10.0) Adobe Premiere Elements 10 Content 2 (Version: 10.0) Adobe Premiere Elements 10 Content 3 (Version: 10.0) Adobe Premiere Elements 10 HD Content 1 (Version: 10.0) Adobe Premiere Elements 10 HD Content 2 (Version: 10.0) Adobe Premiere Elements 10 HD Content 3 (Version: 10.0) Adobe Reader X (10.1.7) (Version: 10.1.7) AIM for Windows AIPL WarmTone DX v2.2 Antares Autotune VST v5.09 Antares Microphone Modeler - ZONE Apple Application Support (Version: 2.3.4) Apple Software Update (Version: 2.1.3.127) ASIO4ALL (Version: 2.10) Audacity 2.0.3 (Version: 2.0.3) Blaine's Alias Title (Version: 1.0.1) Blaine's Bloom/Negative Effects (Version: 1.1.0) Blaine's Cartoonify Effects (Version: 1.0.1) Blaine's Color Fade Effects (Version: 1.0.1) Blaine's Contrast Effects (Version: 1.0.1) Blaine's Custom Dreamy Look Title (Version: 2.0.1) Blaine's Custom Speed Effects (Version: 2.0.1) Blaine's Film Looks Effects (Version: 1.0.1) Blaine's Letterbox Effects (Version: 1.0.3) Blaine's Pixelate Effects (Version: 1.0.2) Blaine's TV Signal Effects (Version: 1.0.0) CameraHelperMsi (Version: 13.31.1038.0) Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide (Version: 1.0.0.7) Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11) Canon Utilities ImageBrowser EX (Version: 1.1.1.19) Canon Utilities PhotoStitch (Version: 3.1.23.47) CCleaner (Version: 4.03) CDBurnerXP (Version: 4.4.1.3099) ClickFix Lite for Adobe Audition version 3.04 (remove only) Conexant HD Audio (Version: 8.50.4.0) ContaCam (Version: 4.0.5) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.45.2.0287) Dell Edoc Viewer (Version: 1.0.0) Dropbox (Version: 2.0.22) Elements 10 Organizer (Version: 10.0) erLT (Version: 1.20.138.34) EULAlyzer 2.2 (Version: 2.2.0) Facebook Video Calling 1.2.0.159 (Version: 1.2.159) FastStone Capture 6.8 (Version: 6.8) FileZilla Client 3.7.1 (Version: 3.7.1) foobar2000 v1.1.10 (Version: 1.1.10) Free MIDI to MP3 Converter 1.0 FreeUndelete 2.1.36867.1 (Version: 2.1.36867.1) GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1) GetDataBack for NTFS (Version: 4.24.000) Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.21.153) HandBrake 0.9.5 (Version: 0.9.5) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) Intel® Processor Graphics (Version: 9.17.10.2932) Intel® SDK for OpenCL - CPU Only Runtime Package (Version: 2.0.0.37149) IrfanView (remove only) (Version: 4.32) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) JDownloader 0.9 (Version: 0.9) Junk Mail filter update (Version: 15.4.3502.0922) K-Lite Codec Pack 8.2.0 (Standard) (Version: 8.2.0) Logitech Webcam Software (Version: 2.30) LWS Facebook (Version: 13.31.1038.0) LWS Gallery (Version: 13.31.1038.0) LWS Help_main (Version: 13.31.1044.0) LWS Launcher (Version: 13.31.1038.0) LWS Motion Detection (Version: 13.30.1395.0) LWS Pictures And Video (Version: 13.31.1038.0) LWS Twitter (Version: 13.30.1346.0) LWS Video Mask Maker (Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (Version: 13.31.1038.0) LWS WLM Plugin (Version: 1.30.1201.0) LWS YouTube Plugin (Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Silverlight (Version: 4.1.10329.0) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft SkyDrive (Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) MixMeister Studio 7.2.2 Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0) Moyea FLV to Video Converter Pro version 1.29.2.11 Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0) Network64 (Version: 130.0.572.000) Network64 (Version: 140.0.221.000) OCR Software by I.R.I.S. 13.0 (Version: 13.0) OLYMPUS Master 2 (Version: 1.0.13) PDF Settings CS5 (Version: 10.0) Picasa 3 (Version: 3.9) PlayReady PC Runtime x86 (Version: 1.3.0) PRE10STI64Installer (Version: 1.0) QuickTime (Version: 7.72.80.56) QuickTime (Version: 7.74.80.86) Rapture 1.2.2 (Version: 18.0) Sandboxie 4.04 (64-bit) (Version: 4.04) Share YouTube Videos version 1 (Version: 1) Simple Search-Replace (Version: 1.08.0000) Skype™ 6.1 (Version: 6.1.129) SmartSound Common Data (Version: 1.1.0) SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001) SmartSound Sonicfire Pro 5 (Version: 5.7.1) SONAR X2 Producer x64 (Version: 19.0) SpywareBlaster 5.0 (Version: 5.0.0) SUPERAntiSpyware (Version: 5.6.1014) Thread Manager 2.4.0.0 (Version: 2.4.0.0) Tube Increaser version 5.0.0 (Version: 5.0.0) Universal Audio v4.4.0 Native Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VLC media player 2.0.6 (Version: 2.0.6) Waves Complete V9r1 (Version: 9.0.1) Waves Mercury Bundle (Version: 5.0) Waves SSL Collection v1.2 Windows Installer Clean Up (Version: 3.00.00.0000) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) Windows Media Encoder 9 Series x64 Edition Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809) WinRAR 4.20 (32-bit) (Version: 4.20.0) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 32% Total physical RAM: 6056.63 MB Available physical RAM: 4060.45 MB Total Pagefile: 12111.44 MB Available Pagefile: 10069.48 MB Total Virtual: 4095.88 MB Available Virtual: 3969.16 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:335.03 GB) NTFS 2 Drive d: (Files) (Fixed) (Total:931.51 GB) (Free:228.34 GB) NTFS 3 Drive e: (Media) (Fixed) (Total:931.51 GB) (Free:56.78 GB) NTFS 4 Drive f: (Backup) (Fixed) (Total:2794.52 GB) (Free:1137.41 GB) NTFS ========================= Users: ======================================== User accounts for \\JEREMY-PC Administrator Guest Jeremy ========================= Minidump Files ================================== No minidump file found **** End of log ****
  13. Farbar Service Scanner Version: 14-08-2013 01 Ran by Jeremy (administrator) on 16-08-2013 at 03:11:48 Running from "C:\Users\Jeremy\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log **** Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-08-2013 Ran by Jeremy (administrator) on 16-08-2013 03:24:16 Running from C:\Users\Jeremy\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dropbox, Inc.) C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (MPC-HC Team) C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x] HKCU\...\Run: [EV_Autowatcher_Download-Carbon0x] - C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe [x] HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]107.6.133.8,23.23.180.210 FireFox: ======== FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default FF NewTab: about:blank FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jeremy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jeremy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: iMacros for Firefox - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} FF Extension: DownloadHelper - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: goParentFolder - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\goParentFolder@alice.xpi FF Extension: showParentFolder - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\showParentFolder@alice.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u00C3\u201A\u00E2\u201E\u00A2 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Extension: (Easy Auto Refresh) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\2.9_0 CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Nanny for Google Chrome ) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0 CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (iMacros for Chrome) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0 CHR Extension: (Website Blocker (Beta)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.4_0 CHR Extension: (Better Pop Up Blocker) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0 CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx ==================== Services (Whitelisted) ================= S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-20] (Adobe Systems) S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC) S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x] S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x] S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x] ==================== Drivers (Whitelisted) ==================== R0 10354613; C:\Windows\System32\DRIVERS\10354613.sys [460888 2013-07-02] (Kaspersky Lab ZAO) R0 24441005; C:\Windows\System32\DRIVERS\24441005.sys [460888 2013-07-01] (Kaspersky Lab ZAO) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-03] (DT Soft Ltd) S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc) R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U3 DfSdkS; S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] S3 pfc; system32\drivers\pfc.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-16 03:14 - 2013-08-16 03:15 - 00038818 _____ C:\Users\Jeremy\Desktop\Result.txt 2013-08-16 03:13 - 2013-08-16 03:14 - 00760937 _____ (Farbar) C:\Users\Jeremy\Desktop\MiniToolBox.exe 2013-08-16 03:11 - 2013-08-16 03:11 - 00001987 _____ C:\Users\Jeremy\Desktop\FSS.txt 2013-08-16 03:09 - 2013-08-16 03:09 - 00004303 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_08162013_030922.txt 2013-08-16 03:07 - 2013-08-16 03:07 - 00357085 _____ (Farbar) C:\Users\Jeremy\Desktop\FSS.exe 2013-08-16 01:51 - 2013-08-16 01:51 - 13813944 _____ (Microsoft Corporation) C:\Users\Jeremy\Desktop\mseinstall.exe 2013-08-16 01:46 - 2013-08-16 01:46 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-16 01:45 - 2013-08-16 01:46 - 04009167 _____ C:\Users\Jeremy\Desktop\ServicesRepair.exe 2013-08-16 01:33 - 2013-08-16 01:33 - 00004270 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_08162013_013356.txt 2013-08-16 01:28 - 2013-08-16 01:30 - 00002122 _____ C:\Users\Jeremy\Desktop\Rkill.txt 2013-08-16 01:28 - 2013-08-16 01:28 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Jeremy\Desktop\rkill.exe 2013-08-15 17:14 - 2013-08-15 22:49 - 00000000 ____D C:\FRST 2013-08-15 17:13 - 2013-08-16 03:12 - 01576058 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe 2013-08-15 09:06 - 2013-08-15 09:06 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Enhanceviews_Autowatcher 2013-08-15 08:36 - 2013-08-15 08:35 - 00000858 _____ C:\Users\Jeremy\Desktop\Sandboxed Web Browser.lnk 2013-08-14 06:42 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 06:42 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 06:42 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 06:42 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 06:42 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 06:42 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 06:42 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 06:42 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 06:42 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 06:42 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 06:42 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 06:42 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 04:20 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 04:20 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 04:20 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 04:20 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 04:20 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 04:20 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 04:20 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 04:20 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 04:20 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 04:20 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 04:20 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 04:20 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 04:20 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 04:20 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 04:20 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 04:20 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 04:19 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 04:19 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 01:56 - 2013-08-13 02:27 - 00000000 ____D C:\Users\Jeremy\Desktop\RAW 2013-08-09 15:25 - 2013-08-09 15:25 - 00027258 _____ C:\ComboFix.txt 2013-08-09 14:42 - 2013-08-09 14:42 - 05102523 ____R (Swearware) C:\Users\Jeremy\Desktop\ComboFix.exe 2013-08-08 14:20 - 2013-08-08 14:20 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2013-08-06 04:02 - 2013-08-06 04:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-06 04:01 - 2013-06-21 21:58 - 00903080 _____ (Oracle Corporation) C:\Users\Jeremy\Downloads\jxpiinstall.exe 2013-08-05 23:15 - 2013-08-05 23:15 - 00002819 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2013-08-05 23:15 - 2013-08-05 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up 2013-08-05 23:13 - 2013-08-05 23:13 - 00003170 _____ C:\Windows\System32\Tasks\{48A5BCF2-4DAF-4CF3-B4AB-1335644D31B7} 2013-08-05 23:13 - 2013-08-05 23:13 - 00000000 ____D C:\Program Files (x86)\MSECACHE 2013-08-01 08:25 - 2013-08-16 03:19 - 00000000 ____D C:\Users\Jeremy\Desktop\msseces.exe 2013-07-30 04:01 - 2013-07-30 04:05 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine 2013-07-27 05:40 - 2013-07-27 05:40 - 00000307 _____ C:\Users\Jeremy\vst_perfect_declipper.ini 2013-07-23 02:41 - 2013-07-23 02:42 - 00392704 _____ (Microsoft Corporation) C:\Windows\system32\MpClient.dll 2013-07-22 23:41 - 2013-08-14 06:38 - 00000000 ____D C:\Windows\system32\MRT 2013-07-20 09:04 - 2013-07-20 09:04 - 03732364 _____ C:\Users\Jeremy\Documents\vlc-record-2013-07-20-09h04m34s-Tape 2.mpeg-.ts 2013-07-19 06:40 - 2013-08-05 02:40 - 00000000 ____D C:\Users\Jeremy\Documents\MelodynePlugin 2013-07-19 06:33 - 2013-07-19 06:33 - 00000000 ____D C:\ProgramData\Temporary 2013-07-19 05:49 - 2013-07-19 05:49 - 00003410 _____ C:\Windows\System32\Tasks\{D772732B-A5AA-4D31-9DA1-B634EED39C1E} ==================== One Month Modified Files and Folders ======= 2013-08-16 03:20 - 2013-08-16 03:20 - 00004337 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_08162013_032021.txt 2013-08-16 03:19 - 2013-08-01 08:25 - 00000000 ____D C:\Users\Jeremy\Desktop\msseces.exe 2013-08-16 03:18 - 2012-11-05 20:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-16 03:15 - 2013-08-16 03:14 - 00038818 _____ C:\Users\Jeremy\Desktop\Result.txt 2013-08-16 03:14 - 2013-08-16 03:13 - 00760937 _____ (Farbar) C:\Users\Jeremy\Desktop\MiniToolBox.exe 2013-08-16 03:12 - 2013-08-15 17:13 - 01576058 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe 2013-08-16 03:11 - 2013-08-16 03:11 - 00001987 _____ C:\Users\Jeremy\Desktop\FSS.txt 2013-08-16 03:09 - 2013-08-16 03:09 - 00004303 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_08162013_030922.txt 2013-08-16 03:07 - 2013-08-16 03:07 - 00357085 _____ (Farbar) C:\Users\Jeremy\Desktop\FSS.exe 2013-08-16 02:49 - 2013-05-10 04:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-16 01:54 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-16 01:54 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-16 01:51 - 2013-08-16 01:51 - 13813944 _____ (Microsoft Corporation) C:\Users\Jeremy\Desktop\mseinstall.exe 2013-08-16 01:51 - 2012-02-03 00:23 - 00002150 _____ C:\Windows\epplauncher.mif 2013-08-16 01:50 - 2012-01-20 18:32 - 01341016 _____ C:\Windows\WindowsUpdate.log 2013-08-16 01:47 - 2012-11-05 20:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-16 01:47 - 2012-02-03 03:34 - 00000000 ___RD C:\Users\Jeremy\Dropbox 2013-08-16 01:47 - 2012-02-03 03:09 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Dropbox 2013-08-16 01:47 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-16 01:47 - 2009-07-14 00:51 - 00072928 _____ C:\Windows\setupact.log 2013-08-16 01:46 - 2013-08-16 01:46 - 00000000 ____D C:\Users\Public\Desktop\CC Support 2013-08-16 01:46 - 2013-08-16 01:45 - 04009167 _____ C:\Users\Jeremy\Desktop\ServicesRepair.exe 2013-08-16 01:33 - 2013-08-16 01:33 - 00004270 _____ C:\Users\Jeremy\Desktop\RKreport[0]_S_08162013_013356.txt 2013-08-16 01:32 - 2012-02-03 05:22 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\foobar2000 2013-08-16 01:30 - 2013-08-16 01:28 - 00002122 _____ C:\Users\Jeremy\Desktop\Rkill.txt 2013-08-16 01:28 - 2013-08-16 01:28 - 01893504 _____ (Bleeping Computer, LLC) C:\Users\Jeremy\Desktop\rkill.exe 2013-08-15 22:49 - 2013-08-15 17:14 - 00000000 ____D C:\FRST\ 2013-08-15 22:49 - 2012-05-26 00:26 - 00000000 ____D C:\Users\Jeremy\AppData\Local\CRE 2013-08-15 22:49 - 2012-02-03 05:04 - 00000524 _____ C:\Users\Jeremy\Desktop\Cue Up.txt 2013-08-15 16:54 - 2010-11-20 23:47 - 00116326 _____ C:\Windows\PFRO.log 2013-08-15 09:06 - 2013-08-15 09:06 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Enhanceviews_Autowatcher 2013-08-15 09:06 - 2013-05-01 05:21 - 00002324 _____ C:\Windows\Sandboxie.ini 2013-08-15 08:35 - 2013-08-15 08:36 - 00000858 _____ C:\Users\Jeremy\Desktop\Sandboxed Web Browser.lnk 2013-08-15 08:34 - 2013-05-14 09:46 - 00000000 ____D C:\Users\Jeremy\Desktop\Market 2013-08-14 22:17 - 2012-02-02 22:22 - 00000000 _RSHD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-14 22:16 - 2012-02-03 03:10 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-08-14 06:42 - 2012-02-03 08:24 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 06:40 - 2009-07-14 01:13 - 00843440 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-14 06:38 - 2013-07-22 23:41 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 06:36 - 2012-02-03 04:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 02:27 - 2013-08-13 01:56 - 00000000 ____D C:\Users\Jeremy\Desktop\RAW 2013-08-10 11:51 - 2012-02-03 04:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc 2013-08-09 15:25 - 2013-08-09 15:25 - 00027258 _____ C:\ComboFix.txt 2013-08-09 15:25 - 2013-06-27 11:12 - 00000000 ____D C:\Qoobox 2013-08-09 15:23 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini 2013-08-09 14:42 - 2013-08-09 14:42 - 05102523 ____R (Swearware) C:\Users\Jeremy\Desktop\ComboFix.exe 2013-08-09 09:55 - 2013-04-15 03:33 - 00000000 ____D C:\Users\Jeremy\AppData\Local\A 2013-08-08 16:16 - 2012-01-20 16:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-08 14:20 - 2013-08-08 14:20 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2013-08-08 14:20 - 2012-02-02 22:30 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Adobe 2013-08-06 04:02 - 2013-08-06 04:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-06 04:02 - 2012-01-20 16:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-05 23:26 - 2012-02-07 05:28 - 00000000 ____D C:\Users\Jeremy\Desktop\WrestlingAudio.com 2013-08-05 23:15 - 2013-08-05 23:15 - 00002819 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2013-08-05 23:15 - 2013-08-05 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up 2013-08-05 23:13 - 2013-08-05 23:13 - 00003170 _____ C:\Windows\System32\Tasks\{48A5BCF2-4DAF-4CF3-B4AB-1335644D31B7} 2013-08-05 23:13 - 2013-08-05 23:13 - 00000000 ____D C:\Program Files (x86)\MSECACHE 2013-08-05 02:40 - 2013-07-19 06:40 - 00000000 ____D C:\Users\Jeremy\Documents\MelodynePlugin 2013-07-30 12:34 - 2012-05-10 08:02 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\FileZilla 2013-07-30 04:05 - 2013-07-30 04:01 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine 2013-07-28 08:23 - 2012-02-03 01:20 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-07-27 05:40 - 2013-07-27 05:40 - 00000307 _____ C:\Users\Jeremy\vst_perfect_declipper.ini 2013-07-27 05:40 - 2012-02-02 22:17 - 00000000 ____D C:\Users\Jeremy 2013-07-26 01:13 - 2013-08-14 06:42 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 01:13 - 2013-08-14 06:42 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 01:13 - 2013-08-14 06:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 01:12 - 2013-08-14 06:42 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-25 23:35 - 2013-08-14 06:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-25 23:13 - 2013-08-14 06:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-25 23:13 - 2013-08-14 06:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-25 23:11 - 2013-08-14 06:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-25 23:11 - 2013-08-14 06:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-25 22:49 - 2013-08-14 06:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-25 22:39 - 2013-08-14 06:42 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-25 22:30 - 2012-12-06 05:09 - 00000132 _____ C:\Users\Jeremy\AppData\Roaming\Adobe AIFF Format CS5 Prefs 2013-07-25 21:59 - 2013-08-14 06:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 10:48 - 2012-10-18 06:18 - 00000000 ____D C:\Windows\pss 2013-07-25 10:48 - 2010-11-21 03:06 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-07-25 10:48 - 2010-11-21 03:06 - 00000000 ____D C:\Windows\system32\winrm 2013-07-25 10:47 - 2013-07-02 14:25 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\DG 2013-07-25 10:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-07-25 05:25 - 2013-08-14 04:20 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 04:57 - 2013-08-14 04:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-23 02:55 - 2012-02-02 22:22 - 00111952 _____ C:\Users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-23 02:45 - 2009-07-14 00:45 - 04979048 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-23 02:42 - 2013-07-23 02:41 - 00392704 _____ (Microsoft Corporation) C:\Windows\system32\MpClient.dll 2013-07-22 23:40 - 2011-02-10 12:10 - 00823286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-07-21 09:50 - 2012-02-25 05:54 - 00000132 _____ C:\Users\Jeremy\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-07-20 09:04 - 2013-07-20 09:04 - 03732364 _____ C:\Users\Jeremy\Documents\vlc-record-2013-07-20-09h04m34s-Tape 2.mpeg-.ts 2013-07-19 06:33 - 2013-07-19 06:33 - 00000000 ____D C:\ProgramData\Temporary 2013-07-19 05:52 - 2013-06-09 19:21 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-07-19 05:49 - 2013-07-19 05:49 - 00003410 _____ C:\Windows\System32\Tasks\{D772732B-A5AA-4D31-9DA1-B634EED39C1E} 2013-07-18 21:58 - 2013-08-14 04:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-07-18 21:41 - 2013-08-14 04:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-13 20:48 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-08-2013 Ran by Jeremy at 2013-08-16 03:24:35 Running from C:\Users\Jeremy\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) 64 Bit HP CIO Components Installer (Version: 7.2.8) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AAMS Auto Audio Mastering System V2.5 (x32) Adobe AIR (x32 Version: 2.6.0.19140) Adobe AIR (x32 Version: 3.6.0.6090) Adobe Audition 1.5 (x32 Version: 1.5) Adobe Audition 3.0 (x32 Version: 3.0) Adobe Audition 3.0 Vista Compatibility Adobe Community Help (x32 Version: 3.5.23) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Photoshop CS5.1 (x32 Version: 12.1) Adobe Premiere Elements 10 (Version: 10.0) Adobe Premiere Elements 10 Content (x32 Version: 10.0) Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) AIM for Windows (HKCU) AIPL WarmTone DX v2.2 (x32) Antares Autotune VST v5.09 (x32) Antares Microphone Modeler - ZONE (x32) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) ASIO4ALL (x32 Version: 2.10) Audacity 2.0.3 (x32 Version: 2.0.3) Blaine's Alias Title (Version: 1.0.1) Blaine's Bloom/Negative Effects (Version: 1.1.0) Blaine's Cartoonify Effects (Version: 1.0.1) Blaine's Color Fade Effects (Version: 1.0.1) Blaine's Contrast Effects (Version: 1.0.1) Blaine's Custom Dreamy Look Title (Version: 2.0.1) Blaine's Custom Speed Effects (Version: 2.0.1) Blaine's Film Looks Effects (Version: 1.0.1) Blaine's Letterbox Effects (Version: 1.0.3) Blaine's Pixelate Effects (Version: 1.0.2) Blaine's TV Signal Effects (Version: 1.0.0) CameraHelperMsi (x32 Version: 13.31.1038.0) Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide (x32 Version: 1.0.0.7) Canon Utilities CameraWindow DC 8 (x32 Version: 8.7.0.11) Canon Utilities ImageBrowser EX (x32 Version: 1.1.1.19) Canon Utilities PhotoStitch (x32 Version: 3.1.23.47) CDBurnerXP (x32 Version: 4.4.1.3099) ClickFix Lite for Adobe Audition version 3.04 (remove only) (x32) Conexant HD Audio (Version: 8.50.4.0) ContaCam (x32 Version: 4.0.5) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.45.2.0287) Dell Edoc Viewer (Version: 1.0.0) Dropbox (HKCU Version: 2.0.22) eaner (Version: 4.03) Elements 10 Organizer (x32 Version: 10.0) erLT (x32 Version: 1.20.138.34) EULAlyzer 2.2 (x32 Version: 2.2.0) Facebook Video Calling 1.2.0.159 (x32 Version: 1.2.159) FastStone Capture 6.8 (x32 Version: 6.8) FileZilla Client 3.7.1 (x32 Version: 3.7.1) foobar2000 v1.1.10 (x32 Version: 1.1.10) Free MIDI to MP3 Converter 1.0 (x32) FreeUndelete 2.1.36867.1 (x32 Version: 2.1.36867.1) GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1) GetDataBack for NTFS (x32 Version: 4.24.000) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) HandBrake 0.9.5 (x32 Version: 0.9.5) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) Intel® Processor Graphics (x32 Version: 9.17.10.2932) Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) IrfanView (remove only) (x32 Version: 4.32) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JDownloader 0.9 (x32 Version: 0.9) Junk Mail filter update (x32 Version: 15.4.3502.0922) K-Lite Codec Pack 8.2.0 (Standard) (x32 Version: 8.2.0) Logitech Webcam Software (x32 Version: 2.30) LWS Facebook (x32 Version: 13.31.1038.0) LWS Gallery (x32 Version: 13.31.1038.0) LWS Help_main (x32 Version: 13.31.1044.0) LWS Launcher (x32 Version: 13.31.1038.0) LWS Motion Detection (x32 Version: 13.30.1395.0) LWS Pictures And Video (x32 Version: 13.31.1038.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Video Mask Maker (x32 Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (x32 Version: 13.31.1038.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Silverlight (x32 Version: 4.1.10329.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) MixMeister Studio 7.2.2 (x32) Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0) Moyea FLV to Video Converter Pro version 1.29.2.11 (x32) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0) Network64 (Version: 130.0.572.000) Network64 (Version: 140.0.221.000) OCR Software by I.R.I.S. 13.0 (Version: 13.0) OLYMPUS Master 2 (x32 Version: 1.0.13) PDF Settings CS5 (x32 Version: 10.0) Picasa 3 (x32 Version: 3.9) PlayReady PC Runtime x86 (x32 Version: 1.3.0) PRE10STI64Installer (x32 Version: 1.0) QuickTime (x32 Version: 7.72.80.56) QuickTime (x32 Version: 7.74.80.86) Rapture 1.2.2 (x32 Version: 18.0) Sandboxie 4.04 (64-bit) (Version: 4.04) Share YouTube Videos version 1 (x32 Version: 1) Simple Search-Replace (x32 Version: 1.08.0000) Skype™ 6.1 (x32 Version: 6.1.129) SmartSound Common Data (x32 Version: 1.1.0) SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001) SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1) SONAR X2 Producer x64 (x32 Version: 19.0) SpywareBlaster 5.0 (x32 Version: 5.0.0) SUPERAntiSpyware (Version: 5.6.1014) Thread Manager 2.4.0.0 (x32 Version: 2.4.0.0) Tube Increaser version 5.0.0 (x32 Version: 5.0.0) Universal Audio v4.4.0 Native (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office Access 2007 Help (KB963663) (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office Infopath 2007 Help (KB963662) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Help (KB963677) (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Publisher 2007 Help (KB963667) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) VLC media player 2.0.6 (x32 Version: 2.0.6) Waves Complete V9r1 (x32 Version: 9.0.1) Waves Mercury Bundle (x32 Version: 5.0) Waves SSL Collection v1.2 (x32) Windows Installer Clean Up (x32 Version: 3.00.00.0000) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Encoder 9 Series x64 Edition Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809) WinRAR 4.20 (32-bit) (x32 Version: 4.20.0) ==================== Restore Points ========================= 09-08-2013 19:15:03 ComboFix created restore point 13-08-2013 14:06:26 Windows Update 14-08-2013 10:34:19 Windows Update ==================== Hosts content: ========================== 2012-02-03 07:35 - 2013-08-09 15:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {177EF570-739F-4316-8415-AE1C70CFA817} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {21B71444-CDB3-4008-A554-6E002191A0FE} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {2360DA8A-09B0-4CB1-8985-08142FBC4C3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {42465A7E-4F7E-4B09-9468-2C715E22E77F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {61662508-FD9B-4527-B1E0-022DC2836D7C} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {68FD1AED-AB87-4272-804A-71E26C6C771A} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation) Task: {72AC25D4-AFF2-4C7F-83D2-00CCA50383AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation) Task: {735C4EF9-8FD8-40C6-A8FB-AEA0F5D6B6D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {A4799F67-7709-457F-BF9D-9285A45CAD90} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {BCE20BB9-1C2C-4D32-9164-CE7730387B31} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {C0D1F864-CDC5-4232-974C-01C2003C9936} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe No File Task: {EDA65AB4-11B7-444C-B343-C066822192CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {F0C206AF-FA61-4EC6-A7BE-55B4B143622E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/16/2013 01:51:59 AM) (Source: Microsoft Security Client Setup) (User: Jeremy-PC) Description: HRESULT:0x80070643 Description:Cannot complete the Security Essentials installation. An error has prevented the Security Essentials setup wizard from completing successfully. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:51 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:51:49 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/16/2013 01:49:04 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. System errors: ============= Error: (08/16/2013 01:47:21 AM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/16/2013 01:47:14 AM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/16/2013 01:46:32 AM) (Source: DCOM) (User: ) Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/15/2013 10:51:45 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/15/2013 10:51:24 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/15/2013 04:54:53 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/15/2013 04:54:31 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (08/15/2013 00:50:34 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-09 15:23:06.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.888 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.841 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.795 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.872 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 6056.63 MB Available physical RAM: 4074.29 MB Total Pagefile: 12111.44 MB Available Pagefile: 10085.01 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:335.03 GB) NTFS (Disk=1 Partition=3) Drive d: (Files) (Fixed) (Total:931.51 GB) (Free:228.34 GB) NTFS (Disk=0 Partition=1) Drive e: (Media) (Fixed) (Total:931.51 GB) (Free:56.78 GB) NTFS (Disk=2 Partition=1) Drive f: (Backup) (Fixed) (Total:2794.52 GB) (Free:1137.41 GB) NTFS (Disk=4 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 3468B252) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9D4CFAAC) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 34ECB17F) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. ==================== End Of Log ============================
  14. I still have the same issue where I can't install microsoft security essentials thus still have no virus protection. RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Jeremy [Admin rights] Mode : Scan -- Date : 08/16/2013 01:33:56 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 22 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : EV_Autowatcher_Download-Carbon0x (C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe [x][x][x]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4055183432-471262313-3685020261-1000\[...]\Run : EV_Autowatcher_Download-Carbon0x (C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe [x][x][x]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 10354613 (C:\Windows\system32\DRIVERS\10354613.sys [7]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 24441005 (C:\Windows\system32\DRIVERS\24441005.sys [7]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 10354613 (C:\Windows\system32\DRIVERS\10354613.sys [7]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 24441005 (C:\Windows\system32\DRIVERS\24441005.sys [7]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 10354613 (C:\Windows\system32\DRIVERS\10354613.sys [7]) -> FOUND [sERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 24441005 (C:\Windows\system32\DRIVERS\24441005.sys [7]) -> FOUND [DNS] HKLM\[...]\CCSet\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (107.6.133.8,23.23.180.210) -> FOUND [DNS] HKLM\[...]\CS001\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (107.6.133.8,23.23.180.210) -> FOUND [DNS] HKLM\[...]\CS002\[...]\{846ee342-7039-11de-9d20-806e6f6e6963} : NameServer (107.6.133.8,23.23.180.210) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] bcc1727eb4d27fb881a41e96255b5396 [bSP] beac72b8fa020a816c05c3802bf54d68 : MBR Code unknown Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] 960ee0263e7e86714a4c1b9dca087975 [bSP] 1a5f2db44097e7f4dc4ae1dda7b13ac3 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15166 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31141888 | Size: 461733 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive2: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] fb6d4d6cac98078e792dd36a5bef8afe [bSP] db4753ad11c4e1c11c05d6019087945e : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[0]_S_08162013_013356.txt >>
  15. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-08-2013 Ran by Jeremy at 2013-08-15 22:49:00 Run:1 Running from C:\Users\Jeremy\Desktop Boot Mode: Normal ============================================== "C:\Program Files\Microsoft Security Client" => Not Found "c:\program files\windows defender" => Deleting reparse point and unlocking started. "c:\program files\windows defender" => Deleting reparse point and unlocking completed. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2 => Key deleted successfully. C:\Windows\SysWOW64\npDeployJava1.dll => Moved successfully. HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2 => Key deleted successfully. C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi => Moved successfully. C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi => Moved successfully. HKLM\Software\Mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} => Value deleted successfully. C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found. C:\Windows\SysWOW64\npdeployJava1.dll not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\egnimkioipookhfihpljiedpgjffibpa => Key deleted successfully. "C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx" => File/Directory not found. HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc => Key deleted successfully. C:\Users\Jeremy\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ====
  16. Wow I'm sorry about that. I had the 8-13 log, but I did as you said. Here are the new log files Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01 Ran by Jeremy (administrator) on 15-08-2013 17:14:53 Running from C:\Users\Jeremy\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Dropbox, Inc.) C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x] HKCU\...\Run: [EV_Autowatcher_Download-Carbon0x] - C:\Users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe [x] HKCU\...\Run: [sandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [759384 2013-07-08] (Sandboxie Holdings, LLC) HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) Startup: C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Jeremy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 Tcpip\..\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: [NameServer]107.6.133.8,23.23.180.210 FireFox: ======== FF ProfilePath: C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default FF NewTab: about:blank FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Jeremy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Jeremy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Jeremy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} FF Extension: iMacros for Firefox - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} FF Extension: BitComet 视频下载器 - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF Extension: DownloadHelper - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: goParentFolder - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\goParentFolder@alice.xpi FF Extension: showParentFolder - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\showParentFolder@alice.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF Extension: No Name - C:\Users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] C:\Program Files\Updater By SweetPacks\Firefox FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File CHR Plugin: (Java Platform SE 6 U33) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.330.3) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u00C3\u201A\u00E2\u201E\u00A2 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Extension: (Easy Auto Refresh) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc\2.9_0 CHR Extension: (YouTube) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Nanny for Google Chrome ) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cljcgchbnolheggdgaeclffeagnnmhno\0.993_0 CHR Extension: (Google Search) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (iMacros for Chrome) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.6_0 CHR Extension: (Website Blocker (Beta)) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.4_0 CHR Extension: (Better Pop Up Blocker) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0 CHR Extension: (Gmail) - C:\Users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [egnimkioipookhfihpljiedpgjffibpa] - C:\Program Files (x86)\MyBrowserCash\MBC_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [nbmafkdmkkckhggblphicnnhlgljnoje] - C:\Program Files (x86)\TornTV.com\torn2_10.crx CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Jeremy\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx ==================== Services (Whitelisted) ================= S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-04-20] (Adobe Systems) S4 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2010-12-28] (www.BitComet.com) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC) S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x] S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [x] S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [x] ==================== Drivers (Whitelisted) ==================== R0 10354613; C:\Windows\System32\DRIVERS\10354613.sys [460888 2013-07-02] (Kaspersky Lab ZAO) R0 24441005; C:\Windows\System32\DRIVERS\24441005.sys [460888 2013-07-01] (Kaspersky Lab ZAO) S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare) R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-02-03] (DT Soft Ltd) S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC) R3 USBMULCD; C:\Windows\System32\drivers\CM10664.sys [1307648 2009-09-30] (C-Media Electronics Inc) R3 VSTWinDriver6; C:\Windows\System32\drivers\VSTwindrvr6.sys [252928 2008-07-03] (Jungo) S3 catchme; \??\C:\ComboFix\catchme.sys [x] U3 DfSdkS; S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] S3 pfc; system32\drivers\pfc.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-15 17:13 - 2013-08-15 17:13 - 01575570 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe 2013-08-15 09:06 - 2013-08-15 09:06 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Enhanceviews_Autowatcher 2013-08-15 08:36 - 2013-08-15 08:35 - 00000858 _____ C:\Users\Jeremy\Desktop\Sandboxed Web Browser.lnk 2013-08-14 06:42 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-14 06:42 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-14 06:42 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-14 06:42 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-14 06:42 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-14 06:42 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-14 06:42 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-14 06:42 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-14 06:42 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-14 06:42 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-14 06:42 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-14 06:42 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-14 06:42 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-14 06:42 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-14 04:20 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-14 04:20 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-14 04:20 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-14 04:20 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-14 04:20 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-14 04:20 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-14 04:20 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-14 04:20 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-14 04:20 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-14 04:20 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-14 04:20 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-14 04:20 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-14 04:20 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-14 04:20 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-14 04:20 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-14 04:20 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-14 04:20 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-14 04:20 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-14 04:20 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-14 04:19 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-14 04:19 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 01:56 - 2013-08-13 02:27 - 00000000 ____D C:\Users\Jeremy\Desktop\RAW 2013-08-09 15:25 - 2013-08-09 15:25 - 00027258 _____ C:\ComboFix.txt 2013-08-09 14:42 - 2013-08-09 14:42 - 05102523 ____R (Swearware) C:\Users\Jeremy\Desktop\ComboFix.exe 2013-08-08 14:20 - 2013-08-08 14:20 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2013-08-06 04:02 - 2013-08-06 04:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-06 04:01 - 2013-06-21 21:58 - 00903080 _____ (Oracle Corporation) C:\Users\Jeremy\Downloads\jxpiinstall.exe 2013-08-05 23:15 - 2013-08-05 23:15 - 00002819 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2013-08-05 23:15 - 2013-08-05 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up 2013-08-05 23:13 - 2013-08-05 23:13 - 00003170 _____ C:\Windows\System32\Tasks\{48A5BCF2-4DAF-4CF3-B4AB-1335644D31B7} 2013-08-05 23:13 - 2013-08-05 23:13 - 00000000 ____D C:\Program Files (x86)\MSECACHE 2013-08-01 08:25 - 2013-08-13 00:38 - 00000000 ____D C:\Users\Jeremy\Desktop\msseces.exe 2013-07-30 04:01 - 2013-07-30 04:05 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine 2013-07-27 05:40 - 2013-07-27 05:40 - 00000307 _____ C:\Users\Jeremy\vst_perfect_declipper.ini 2013-07-23 02:41 - 2013-07-23 02:42 - 00392704 _____ (Microsoft Corporation) C:\Windows\system32\MpClient.dll 2013-07-22 23:41 - 2013-08-14 06:38 - 00000000 ____D C:\Windows\system32\MRT 2013-07-20 09:04 - 2013-07-20 09:04 - 03732364 _____ C:\Users\Jeremy\Documents\vlc-record-2013-07-20-09h04m34s-Tape 2.mpeg-.ts 2013-07-19 06:40 - 2013-08-05 02:40 - 00000000 ____D C:\Users\Jeremy\Documents\MelodynePlugin 2013-07-19 06:33 - 2013-07-19 06:33 - 00000000 ____D C:\ProgramData\Temporary 2013-07-19 05:49 - 2013-07-19 05:49 - 00003410 _____ C:\Windows\System32\Tasks\{D772732B-A5AA-4D31-9DA1-B634EED39C1E} 2013-07-16 00:48 - 2013-07-16 01:01 - 1183654580 _____ C:\Users\Jeremy\Desktop\Hiccup Fun.m2t ==================== One Month Modified Files and Folders ======= 2013-08-15 17:14 - 2013-08-15 17:14 - 00000000 ____D C:\FRST 2013-08-15 17:13 - 2013-08-15 17:13 - 01575570 _____ (Farbar) C:\Users\Jeremy\Desktop\FRST64.exe 2013-08-15 17:02 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-15 17:02 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-15 16:55 - 2012-02-03 03:34 - 00000000 ___RD C:\Users\Jeremy\Dropbox 2013-08-15 16:55 - 2012-02-03 03:09 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Dropbox 2013-08-15 16:54 - 2012-11-05 20:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-15 16:54 - 2010-11-20 23:47 - 00116326 _____ C:\Windows\PFRO.log 2013-08-15 16:54 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-15 16:54 - 2009-07-14 00:51 - 00072816 _____ C:\Windows\setupact.log 2013-08-15 16:53 - 2012-01-20 18:32 - 01321784 _____ C:\Windows\WindowsUpdate.log 2013-08-15 16:49 - 2013-05-10 04:20 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-15 16:18 - 2012-11-05 20:50 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-15 09:06 - 2013-08-15 09:06 - 00000000 ____D C:\Users\Jeremy\AppData\Local\Enhanceviews_Autowatcher 2013-08-15 09:06 - 2013-05-01 05:21 - 00002324 _____ C:\Windows\Sandboxie.ini 2013-08-15 08:35 - 2013-08-15 08:36 - 00000858 _____ C:\Users\Jeremy\Desktop\Sandboxed Web Browser.lnk 2013-08-15 08:34 - 2013-05-14 09:46 - 00000000 ____D C:\Users\Jeremy\Desktop\Market 2013-08-15 08:27 - 2012-02-03 05:22 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\foobar2000 2013-08-14 22:17 - 2012-02-02 22:22 - 00000000 _RSHD C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-14 22:16 - 2012-02-03 03:10 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-08-14 06:42 - 2012-02-03 08:24 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-14 06:40 - 2009-07-14 01:13 - 00843440 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-14 06:38 - 2013-07-22 23:41 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 06:36 - 2012-02-03 04:13 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 16:39 - 2012-02-03 05:04 - 00000524 _____ C:\Users\Jeremy\Desktop\Cue Up.txt 2013-08-13 02:27 - 2013-08-13 01:56 - 00000000 ____D C:\Users\Jeremy\Desktop\RAW 2013-08-13 00:38 - 2013-08-01 08:25 - 00000000 ____D C:\Users\Jeremy\Desktop\msseces.exe 2013-08-10 11:51 - 2012-02-03 04:04 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\vlc 2013-08-09 15:25 - 2013-08-09 15:25 - 00027258 _____ C:\ComboFix.txt 2013-08-09 15:25 - 2013-06-27 11:12 - 00000000 ____D C:\Qoobox 2013-08-09 15:23 - 2009-07-13 22:34 - 00000215 _____ C:\Windows\system.ini 2013-08-09 14:42 - 2013-08-09 14:42 - 05102523 ____R (Swearware) C:\Users\Jeremy\Desktop\ComboFix.exe 2013-08-09 09:55 - 2013-04-15 03:33 - 00000000 ____D C:\Users\Jeremy\AppData\Local\A 2013-08-08 16:16 - 2012-01-20 16:49 - 00000000 ____D C:\Program Files (x86)\Java 2013-08-08 14:20 - 2013-08-08 14:20 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2013-08-08 14:20 - 2012-02-02 22:30 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\Adobe 2013-08-06 04:02 - 2013-08-06 04:02 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-08-06 04:02 - 2013-08-06 04:02 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-08-06 04:02 - 2012-07-09 03:32 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll 2013-08-06 04:02 - 2012-01-20 16:49 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2013-08-05 23:26 - 2012-02-07 05:28 - 00000000 ____D C:\Users\Jeremy\Desktop\WrestlingAudio.com 2013-08-05 23:21 - 2012-02-03 00:23 - 00002150 _____ C:\Windows\epplauncher.mif 2013-08-05 23:15 - 2013-08-05 23:15 - 00002819 _____ C:\Users\Jeremy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk 2013-08-05 23:15 - 2013-08-05 23:15 - 00000000 ____D C:\Program Files (x86)\Windows Installer Clean Up 2013-08-05 23:13 - 2013-08-05 23:13 - 00003170 _____ C:\Windows\System32\Tasks\{48A5BCF2-4DAF-4CF3-B4AB-1335644D31B7} 2013-08-05 23:13 - 2013-08-05 23:13 - 00000000 ____D C:\Program Files (x86)\MSECACHE 2013-08-05 02:40 - 2013-07-19 06:40 - 00000000 ____D C:\Users\Jeremy\Documents\MelodynePlugin 2013-08-01 05:44 - 2013-07-04 21:28 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\BitComet 2013-07-30 12:34 - 2012-05-10 08:02 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\FileZilla 2013-07-30 04:05 - 2013-07-30 04:01 - 00000000 ____D C:\Users\Jeremy\Desktop\RK_Quarantine 2013-07-28 08:23 - 2012-02-03 01:20 - 00000000 ____D C:\Program Files (x86)\JDownloader 2013-07-27 05:40 - 2013-07-27 05:40 - 00000307 _____ C:\Users\Jeremy\vst_perfect_declipper.ini 2013-07-27 05:40 - 2012-02-02 22:17 - 00000000 ____D C:\Users\Jeremy 2013-07-26 01:13 - 2013-08-14 06:42 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-26 01:13 - 2013-08-14 06:42 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-26 01:13 - 2013-08-14 06:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-26 01:12 - 2013-08-14 06:42 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-26 01:12 - 2013-08-14 06:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-07-25 23:35 - 2013-08-14 06:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-25 23:13 - 2013-08-14 06:42 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-25 23:13 - 2013-08-14 06:42 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-07-25 23:12 - 2013-08-14 06:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-25 23:11 - 2013-08-14 06:42 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-25 23:11 - 2013-08-14 06:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-07-25 22:49 - 2013-08-14 06:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-25 22:39 - 2013-08-14 06:42 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-07-25 22:30 - 2012-12-06 05:09 - 00000132 _____ C:\Users\Jeremy\AppData\Roaming\Adobe AIFF Format CS5 Prefs 2013-07-25 21:59 - 2013-08-14 06:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-07-25 10:48 - 2012-10-18 06:18 - 00000000 ____D C:\Windows\pss 2013-07-25 10:48 - 2010-11-21 03:06 - 00000000 ____D C:\Windows\SysWOW64\winrm 2013-07-25 10:48 - 2010-11-21 03:06 - 00000000 ____D C:\Windows\system32\winrm 2013-07-25 10:47 - 2013-07-02 14:25 - 00000000 ____D C:\Users\Jeremy\AppData\Roaming\DG 2013-07-25 10:47 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration 2013-07-25 05:25 - 2013-08-14 04:20 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 04:57 - 2013-08-14 04:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-23 02:55 - 2012-02-02 22:22 - 00111952 _____ C:\Users\Jeremy\AppData\Local\GDIPFONTCACHEV1.DAT 2013-07-23 02:45 - 2009-07-14 00:45 - 04979048 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-23 02:42 - 2013-07-23 02:41 - 00392704 _____ (Microsoft Corporation) C:\Windows\system32\MpClient.dll 2013-07-22 23:40 - 2011-02-10 12:10 - 00823286 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2013-07-21 09:50 - 2012-02-25 05:54 - 00000132 _____ C:\Users\Jeremy\AppData\Roaming\Adobe PNG Format CS5 Prefs 2013-07-20 09:04 - 2013-07-20 09:04 - 03732364 _____ C:\Users\Jeremy\Documents\vlc-record-2013-07-20-09h04m34s-Tape 2.mpeg-.ts 2013-07-19 06:33 - 2013-07-19 06:33 - 00000000 ____D C:\ProgramData\Temporary 2013-07-19 05:52 - 2013-06-09 19:21 - 00000000 ____D C:\Program Files (x86)\VstPlugins 2013-07-19 05:49 - 2013-07-19 05:49 - 00003410 _____ C:\Windows\System32\Tasks\{D772732B-A5AA-4D31-9DA1-B634EED39C1E} 2013-07-18 21:58 - 2013-08-14 04:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-07-18 21:41 - 2013-08-14 04:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-07-16 01:01 - 2013-07-16 00:48 - 1183654580 _____ C:\Users\Jeremy\Desktop\Hiccup Fun.m2t ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-13 20:48 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 01 Ran by Jeremy at 2013-08-15 17:15:29 Running from C:\Users\Jeremy\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Update for Microsoft Office 2007 (KB2508958) (x32) 64 Bit HP CIO Components Installer (Version: 7.2.8) 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) AAMS Auto Audio Mastering System V2.5 (x32) Adobe AIR (x32 Version: 2.6.0.19140) Adobe AIR (x32 Version: 3.6.0.6090) Adobe Audition 1.5 (x32 Version: 1.5) Adobe Audition 3.0 (x32 Version: 3.0) Adobe Audition 3.0 Vista Compatibility Adobe Community Help (x32 Version: 3.5.23) Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.202) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Photoshop CS5.1 (x32 Version: 12.1) Adobe Premiere Elements 10 (Version: 10.0) Adobe Premiere Elements 10 Content (x32 Version: 10.0) Adobe Premiere Elements 10 Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 Content 3 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 1 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 2 (x32 Version: 10.0) Adobe Premiere Elements 10 HD Content 3 (x32 Version: 10.0) Adobe Reader X (10.1.7) (x32 Version: 10.1.7) AIM for Windows (HKCU) AIPL WarmTone DX v2.2 (x32) Antares Autotune VST v5.09 (x32) Antares Microphone Modeler - ZONE (x32) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) ASIO4ALL (x32 Version: 2.10) Audacity 2.0.3 (x32 Version: 2.0.3) BitComet 1.36 64-bit (x32 Version: 1.36) Blaine's Alias Title (Version: 1.0.1) Blaine's Bloom/Negative Effects (Version: 1.1.0) Blaine's Cartoonify Effects (Version: 1.0.1) Blaine's Color Fade Effects (Version: 1.0.1) Blaine's Contrast Effects (Version: 1.0.1) Blaine's Custom Dreamy Look Title (Version: 2.0.1) Blaine's Custom Speed Effects (Version: 2.0.1) Blaine's Film Looks Effects (Version: 1.0.1) Blaine's Letterbox Effects (Version: 1.0.3) Blaine's Pixelate Effects (Version: 1.0.2) Blaine's TV Signal Effects (Version: 1.0.0) CameraHelperMsi (x32 Version: 13.31.1038.0) Canon PowerShot ELPH 110 HS_IXUS 125 HS Camera User Guide (x32 Version: 1.0.0.7) Canon Utilities CameraWindow DC 8 (x32 Version: 8.7.0.11) Canon Utilities ImageBrowser EX (x32 Version: 1.1.1.19) Canon Utilities PhotoStitch (x32 Version: 3.1.23.47) CDBurnerXP (x32 Version: 4.4.1.3099) ClickFix Lite for Adobe Audition version 3.04 (remove only) (x32) Conexant HD Audio (Version: 8.50.4.0) ContaCam (x32 Version: 4.0.5) D3DX10 (x32 Version: 15.4.2368.0902) DAEMON Tools Lite (x32 Version: 4.45.2.0287) Dell Edoc Viewer (Version: 1.0.0) Dropbox (HKCU Version: 2.0.22) eaner (Version: 4.03) Elements 10 Organizer (x32 Version: 10.0) erLT (x32 Version: 1.20.138.34) EULAlyzer 2.2 (x32 Version: 2.2.0) Facebook Video Calling 1.2.0.159 (x32 Version: 1.2.159) FastStone Capture 6.8 (x32 Version: 6.8) FileZilla Client 3.7.1 (x32 Version: 3.7.1) foobar2000 v1.1.10 (x32 Version: 1.1.10) Free MIDI to MP3 Converter 1.0 (x32) FreeUndelete 2.1.36867.1 (x32 Version: 2.1.36867.1) GEAR driver installer for AMD64 and Intel EM64T (Version: 2.003.1) GetDataBack for NTFS (x32 Version: 4.24.000) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) HandBrake 0.9.5 (x32 Version: 0.9.5) HP Imaging Device Functions 13.0 (Version: 13.0) HP Photosmart Essential 3.5 (Version: 3.5) HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (Version: 13.0) HP Smart Web Printing 4.51 (Version: 4.51) HP Solution Center 13.0 (Version: 13.0) Intel® Processor Graphics (x32 Version: 9.17.10.2932) Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) IrfanView (remove only) (x32 Version: 4.32) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) JDownloader 0.9 (x32 Version: 0.9) Junk Mail filter update (x32 Version: 15.4.3502.0922) K-Lite Codec Pack 8.2.0 (Standard) (x32 Version: 8.2.0) Logitech Webcam Software (x32 Version: 2.30) LWS Facebook (x32 Version: 13.31.1038.0) LWS Gallery (x32 Version: 13.31.1038.0) LWS Help_main (x32 Version: 13.31.1044.0) LWS Launcher (x32 Version: 13.31.1038.0) LWS Motion Detection (x32 Version: 13.30.1395.0) LWS Pictures And Video (x32 Version: 13.31.1038.0) LWS Twitter (x32 Version: 13.30.1346.0) LWS Video Mask Maker (x32 Version: 13.30.1379.0) LWS VideoEffects (Version: 13.30.1379.0) LWS Webcam Software (x32 Version: 13.31.1038.0) LWS WLM Plugin (x32 Version: 1.30.1201.0) LWS YouTube Plugin (x32 Version: 13.31.1038.0) Malwarebytes Anti-Malware version 1.70.0.1100 (x32 Version: 1.70.0.1100) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2007 Service Pack 3 (SP3) (x32) Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000) Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32) Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Silverlight (x32 Version: 4.1.10329.0) Microsoft SkyDrive (HKCU Version: 16.4.6013.0910) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000) MixMeister Studio 7.2.2 (x32) Movie Maker 6.0 for Windows 7 (64-bit) (Version: 6.0.0) Moyea FLV to Video Converter Pro version 1.29.2.11 (x32) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSVCRT110_amd64 (Version: 16.4.1109.0912) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0) Network64 (Version: 130.0.572.000) Network64 (Version: 140.0.221.000) OCR Software by I.R.I.S. 13.0 (Version: 13.0) OLYMPUS Master 2 (x32 Version: 1.0.13) PDF Settings CS5 (x32 Version: 10.0) Picasa 3 (x32 Version: 3.9) PlayReady PC Runtime x86 (x32 Version: 1.3.0) PRE10STI64Installer (x32 Version: 1.0) QuickTime (x32 Version: 7.72.80.56) QuickTime (x32 Version: 7.74.80.86) Rapture 1.2.2 (x32 Version: 18.0) Sandboxie 4.04 (64-bit) (Version: 4.04) Share YouTube Videos version 1 (x32 Version: 1) Simple Search-Replace (x32 Version: 1.08.0000) Skype™ 6.1 (x32 Version: 6.1.129) SmartSound Common Data (x32 Version: 1.1.0) SmartSound Premiere Elements 10 x64 Plugin (Version: 5.70.0001) SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1) SONAR X2 Producer x64 (x32 Version: 19.0) SpywareBlaster 5.0 (x32 Version: 5.0.0) SUPERAntiSpyware (Version: 5.6.1014) Thread Manager 2.4.0.0 (x32 Version: 2.4.0.0) Tube Increaser version 5.0.0 (x32 Version: 5.0.0) Universal Audio v4.4.0 Native (x32) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1) Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32) Update for Microsoft Office Access 2007 Help (KB963663) (x32) Update for Microsoft Office Excel 2007 Help (KB963678) (x32) Update for Microsoft Office Infopath 2007 Help (KB963662) (x32) Update for Microsoft Office OneNote 2007 Help (KB963670) (x32) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition (x32) Update for Microsoft Office Outlook 2007 Help (KB963677) (x32) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition (x32) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32) Update for Microsoft Office Publisher 2007 Help (KB963667) (x32) Update for Microsoft Office Script Editor Help (KB963671) (x32) Update for Microsoft Office Word 2007 Help (KB963665) (x32) VLC media player 2.0.6 (x32 Version: 2.0.6) Waves Complete V9r1 (x32 Version: 9.0.1) Waves Mercury Bundle (x32 Version: 5.0) Waves SSL Collection v1.2 (x32) Windows Installer Clean Up (x32 Version: 3.00.00.0000) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3538.0513) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3538.0513) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 16.4.3505.0912) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) Windows Media Encoder 9 Series x64 Edition Windows Media Encoder 9 Series x64 Edition (Version: 10.0.0.3809) WinRAR 4.20 (32-bit) (x32 Version: 4.20.0) ==================== Restore Points ========================= 09-08-2013 19:15:03 ComboFix created restore point 13-08-2013 14:06:26 Windows Update 14-08-2013 10:34:19 Windows Update ==================== Hosts content: ========================== 2012-02-03 07:35 - 2013-08-09 15:23 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {177EF570-739F-4316-8415-AE1C70CFA817} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {2360DA8A-09B0-4CB1-8985-08142FBC4C3A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-05] (Google Inc.) Task: {42465A7E-4F7E-4B09-9468-2C715E22E77F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {61662508-FD9B-4527-B1E0-022DC2836D7C} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe No File Task: {68FD1AED-AB87-4272-804A-71E26C6C771A} - System32\Tasks\Open URL by RoboForm => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation) Task: {72AC25D4-AFF2-4C7F-83D2-00CCA50383AB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation) Task: {735C4EF9-8FD8-40C6-A8FB-AEA0F5D6B6D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd) Task: {76828914-1BE3-4E39-8444-5EFA2535B84C} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {BCE20BB9-1C2C-4D32-9164-CE7730387B31} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation) Task: {C0D1F864-CDC5-4232-974C-01C2003C9936} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe No File Task: {EDA65AB4-11B7-444C-B343-C066822192CD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {EFA5EA25-FBAC-489C-A835-856C61BF56B3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation) Task: {F0C206AF-FA61-4EC6-A7BE-55B4B143622E} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/15/2013 04:56:19 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/15/2013 04:55:04 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/15/2013 04:55:04 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/15/2013 04:55:04 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/15/2013 04:55:04 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"1".Error in manifest or policy file "WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"2" on line WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0"3. Component identity found in manifest does not match the identity of the component requested. Reference is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="AMD64",type="win32",version="1.0.0.0". Definition is WavesQtLibs_4.7.3_Win32_Release,processorArchitecture="x86",type="win32",version="1.0.0.0". Please use sxstrace.exe for detailed diagnosis. Error: (08/14/2013 06:48:16 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/13/2013 04:06:45 PM) (Source: Application Error) (User: ) Description: Faulting application name: Audition.exe, version: 3.0.7283.0, time stamp: 0x470d9498 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id: 0x123c Faulting application start time: 0xAudition.exe0 Faulting application path: Audition.exe1 Faulting module path: Audition.exe2 Report Id: Audition.exe3 Error: (08/13/2013 00:29:36 AM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY) Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (08/12/2013 03:57:19 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 22.0.0.4917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2718c Start Time: 01ce96fa56ecea11 Termination Time: 1664 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: c246b0bc-0324-11e3-a149-d067e52c8165 Error: (08/11/2013 06:14:34 PM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 22.0.0.4917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1f440 Start Time: 01ce96a4e947d299 Termination Time: 117 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: 63bbafc8-02d3-11e3-a149-d067e52c8165 System errors: ============= Error: (08/15/2013 04:54:53 PM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/15/2013 04:54:31 PM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (08/15/2013 01:04:36 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (08/15/2013 00:50:34 PM) (Source: Schannel) (User: NT AUTHORITY) Description: The following fatal alert was generated: 40. The internal error state is 107. Error: (08/15/2013 00:50:34 PM) (Source: Schannel) (User: NT AUTHORITY) Description: An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Error: (08/14/2013 06:46:51 AM) (Source: Service Control Manager) (User: ) Description: The Microsoft Antimalware Service service failed to start due to the following error: %%2 Error: (08/14/2013 06:46:28 AM) (Source: Application Popup) (User: ) Description: \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (08/13/2013 02:50:33 AM) (Source: Disk) (User: ) Description: The device, \Device\Harddisk2\DR2, has a bad block. Error: (08/13/2013 02:50:28 AM) (Source: Disk) (User: ) Description: The device, \Device\Harddisk2\DR2, has a bad block. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-09 15:23:06.934 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.888 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.841 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-08-09 15:23:06.795 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.910 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-06-27 11:19:20.872 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 34% Total physical RAM: 6056.63 MB Available physical RAM: 3949.07 MB Total Pagefile: 12111.44 MB Available Pagefile: 10194.73 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:335.33 GB) NTFS (Disk=1 Partition=3) Drive d: (Files) (Fixed) (Total:931.51 GB) (Free:228.57 GB) NTFS (Disk=0 Partition=1) Drive e: (Media) (Fixed) (Total:931.51 GB) (Free:56.78 GB) NTFS (Disk=2 Partition=1) Drive f: (Backup) (Fixed) (Total:2794.52 GB) (Free:1137.41 GB) NTFS (Disk=4 Partition=1) Drive g: (CANON_DC) (Removable) (Total:14.83 GB) (Free:9.46 GB) FAT32 (Disk=3 Partition=1) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 3468B252) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 9D4CFAAC) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 34ECB17F) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 15 GB) (Disk ID: 00000000) Partition 1: (Not Active) - (Size=15 GB) - (Type=0C) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 4. ==================== End Of Log ============================
  17. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-07-2013 03 Ran by Jeremy at 2013-07-31 01:35:57 Run:3 Running from C:\Users\Jeremy\Desktop Boot Mode: Normal ============================================== "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started. "C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed. "C:\ProgramData\Microsoft\Windows Defender" => Deleting reparse point and unlocking started. "C:\ProgramData\Microsoft\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files (x86)\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files (x86)\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started. "C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed. "C:\Users\Jeremy\Desktop\msseces.exe" => File/Directory not found. HKLM\Software\Classes\CLSID\{750fdf10-2a26-11d1-a3ea-080036587f03}\InprocServer32\\Default => Value was restored successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully. The system needs a manual reboot. ==== End of Fixlog ==== Couldn't find any attached file other than this
  18. Sorry here's the attached file TDSSKiller.2.8.18.0_13.08.2013_00.28.28_log.txt
  19. ComboFix 13-08-09.02 - Jeremy 08/09/2013 15:16:37.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6057.4649 [GMT -4:00] Running from: c:\users\Jeremy\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\UNWISE.EXE . . ((((((((((((((((((((((((( Files Created from 2013-07-09 to 2013-08-09 ))))))))))))))))))))))))))))))) . . 2013-08-09 19:23 . 2013-08-09 19:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-08-09 19:23 . 2013-08-09 19:23 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-09 12:20 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{38ECB14E-679F-4131-BF8A-CB01951E2CD9}\mpengine.dll 2013-08-08 18:20 . 2013-08-08 18:20 -------- d-----w- c:\users\Jeremy\AppData\Roaming\com.adobe.DC3Module.AdobeADC 2013-08-06 08:03 . 2013-08-06 08:03 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-08-06 08:02 . 2013-08-06 08:02 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-08-06 03:15 . 2013-08-06 03:15 3584 ----a-r- c:\users\Jeremy\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe 2013-08-06 03:15 . 2013-08-06 03:15 -------- d-----w- c:\program files (x86)\Windows Installer Clean Up 2013-08-06 03:13 . 2013-08-06 03:13 -------- d-----w- c:\program files (x86)\MSECACHE 2013-08-03 13:41 . 2013-08-03 13:41 -------- d-----w- c:\users\Jeremy\AppData\Local\Enhanceviews_Autowatcher 2013-07-30 08:05 . 2013-07-31 05:36 -------- d-----w- C:\FRST 2013-07-23 06:41 . 2013-07-23 06:42 392704 ----a-w- c:\windows\system32\MpClient.dll 2013-07-23 03:41 . 2013-07-23 03:43 -------- d-----w- c:\windows\system32\MRT 2013-07-22 10:21 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2BD1B85-780A-4105-B6B2-52D9DE70FB97}\mpengine.dll 2013-07-21 03:00 . 2013-07-25 14:47 -------- d-----w- c:\program files (x86)\Share YouTube Videos 2013-07-19 10:33 . 2013-07-19 10:33 -------- d-----w- c:\programdata\Temporary 2013-07-17 02:11 . 2013-07-17 02:10 941720 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0881CEB4-359E-4A9A-8B66-523C5BD30F91}\gapaengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-06 08:02 . 2012-07-09 07:32 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-08-06 08:02 . 2012-01-20 20:49 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-07-14 02:12 . 2013-05-10 08:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-07-14 02:12 . 2013-05-10 08:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-07-03 00:12 . 2013-07-03 02:08 460888 ----a-w- c:\windows\system32\drivers\10354613.sys 2013-07-01 12:13 . 2013-07-01 08:15 460888 ----a-w- c:\windows\system32\drivers\24441005.sys 2013-06-24 04:57 . 2012-02-03 08:13 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-19 01:50 . 2013-06-19 01:50 247216 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2013-06-11 23:43 . 2013-07-10 11:06 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-10 11:06 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:42 . 2013-07-10 11:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-06-11 23:42 . 2013-07-10 11:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-06-11 23:26 . 2013-07-10 11:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-10 11:06 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-10 11:06 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-10 11:06 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-10 11:06 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-10 11:06 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-10 11:06 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-10 11:06 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-06-11 23:25 . 2013-07-10 11:06 526336 ----a-w- c:\windows\system32\ieui.dll 2013-06-11 23:25 . 2013-07-10 11:06 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-06-11 23:25 . 2013-07-10 11:06 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-06-11 23:25 . 2013-07-10 11:06 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-11 23:25 . 2013-07-10 11:06 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-06-11 23:25 . 2013-07-10 11:06 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 22:51 . 2013-07-10 11:06 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-06-11 22:50 . 2013-07-10 11:06 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-06-07 03:22 . 2013-07-10 11:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-06-07 02:37 . 2013-07-10 11:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-06-05 03:34 . 2013-07-10 09:39 3153920 ----a-w- c:\windows\system32\win32k.sys 2013-06-04 06:00 . 2013-07-10 09:39 624128 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 04:53 . 2013-07-10 09:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll 2013-05-14 00:31 . 2012-07-17 19:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-13 05:51 . 2013-06-12 04:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 04:46 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 04:46 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 04:46 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 04:46 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 04:46 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 04:46 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 04:46 43008 ----a-w- c:\windows\SysWow64\certenc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 03:55 220632 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 03:55 220632 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 03:55 220632 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EV_Autowatcher_Download-Carbon0x"="c:\users\Jeremy\Desktop\Market\Enhanceviews Autowatcher v2.44(1).exe" [2013-08-09 1414656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x] R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys;c:\windows\SYSNATIVE\DRIVERS\lvbflt64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] R4 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x] R4 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 10354613;10354613;c:\windows\system32\DRIVERS\10354613.sys;c:\windows\SYSNATIVE\DRIVERS\10354613.sys [x] S0 24441005;24441005;c:\windows\system32\DRIVERS\24441005.sys;c:\windows\SYSNATIVE\DRIVERS\24441005.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x] S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys;c:\windows\SYSNATIVE\drivers\CM10664.sys [x] S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys;c:\windows\SYSNATIVE\drivers\VSTwindrvr6.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-07-31 17:18 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-10 02:12] . 2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 00:50] . 2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-06 00:50] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-11-07 03:55 244696 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-11-07 03:55 244696 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-11-07 03:55 244696 ----a-w- c:\users\Jeremy\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\Jeremy\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 208.59.247.45 208.59.247.46 TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 107.6.133.8,23.23.180.210 FF - ProfilePath - c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - ExtSQL: 2013-06-20 19:58; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF - ExtSQL: 2013-06-28 05:43; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi FF - ExtSQL: 2013-07-04 21:29; {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}; c:\users\Jeremy\AppData\Roaming\Mozilla\Firefox\Profiles\blj3egdu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} FF - ExtSQL: !HIDDEN! 2012-10-08 22:35; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe AddRemove-{D4D7D75D-00A0-CCD9-8303-9D1E2E193749} - c:\progra~3\INSTAL~2\{61B99~1\Setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\00758EC72B59EFF5D819EC24DB5E0AD2\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="SetupResDllMui_EN_US" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\03C60A9B239AB9A4DA7D95727C2B5BED\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="MSESysprep.dll" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\0D59859034059F44AAF172B4652D81DF\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="SqmApi.dll" "ComponentVersion"="6.1.7600.16385" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2DC6F6326F00B564CADAEA2DE5CF6D4D\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="msseooberes.dll.mui_ENUS" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\2EABF86D805AB0B4BBC9E0D503DA8C4E\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="msseooberes.dll" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\3A56E6CFA998ED15E98F3C5501B43C0B\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="SetupRes.dll" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\5F55B9FDC1F01894887AD64EFE382787\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="EppManifestForMse" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\6A122FDB37ECDE6599C1FA78DC746459\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="Setup.exe" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\B0D6949167E131043B11F52470CF8F8E\62B640D98797DC74196ECAC3D1BF3C0D] @DACL=(02 0000) "PatchGUID"="" "MediaCabinet"="" "File"="msseoobe.exe" "ComponentVersion"="4.0.1526.0" "ProductVersion"="4.0.1526" "PatchSize"="0" "PatchAttributes"="0" "PatchSequence"="0" "SharedComponent"="0" "IsFullFile"="0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-09 15:25:09 ComboFix-quarantined-files.txt 2013-08-09 19:25 . Pre-Run: 363,244,957,696 bytes free Post-Run: 366,969,659,392 bytes free . - - End Of File - - FFC91F857DC12661F3D10919A2A97E34 F1BC9A487FAD21118DA4D5B596310BA4
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.