Jump to content

Xer0

Members
  • Posts

    19
  • Joined

  • Last visited

Reputation

0 Neutral

Profile Information

  • Location
    Redmond, Wa
  1. Thanks to MrCharlie, I was able to rid myself of PUP.Optional.Conduit.A https://forums.malwarebytes.org/index.php?/topic/154932-pupoptionalconduita-cant-remove/page-2#entry867014 While I will take full responsibility for the infection (using uTorrent, visiting mature sites), I was disappointed that Avast Free was unable to even find PUP.Optional.Conduit.A with a boot-time scan. Along with modifying my web surfing habits, it would seem to be prudent to finally step up and pay for a good AV product or suite (including firewall). Ideally, I want an AV tool, form filler (I currently have LastPass free but I want RoboForm). Extra 'bonuses' would be licenses for my Android phone & tablet (1 of each). I have 1 Win 7 PC. I have read AV Comparatives reviews in the past but I am not current with the 'best' product. Kaspersky seems to have a good reputation. I have heard that the Wilders Security forum has good, independent advice but thought I would check here first.
  2. the ComboFix log ComboFix 14-08-15.01 - JOHN 08/14/2014 16:22:49.1.8 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6135.3673 [GMT -7:00]Running from: c:\users\JOHN\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\JOHN\AppData\Local\Temp\_MEI49882\_ctypes.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\_elementtree.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\_hashlib.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\_multiprocessing.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\_socket.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\_ssl.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\hashobjs_ext.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\pyexpat.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\pysqlite2._sqlite.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\python27.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\pythoncom27.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\PyWinTypes27.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\select.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\unicodedata.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32api.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32com.shell.shell.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32crypt.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32event.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32file.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32gui.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32inet.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32pdh.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32pipe.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32process.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32profile.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32security.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\win32ts.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\windows._lib_cacheinvalidation.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._animate.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._controls_.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._core_.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._gdi_.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._html2.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._misc_.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._windows_.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wx._wizard.pydc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxbase294u_net_vc90.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxbase294u_vc90.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxmsw294u_adv_vc90.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxmsw294u_core_vc90.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxmsw294u_html_vc90.dllc:\users\JOHN\AppData\Local\Temp\_MEI49882\wxmsw294u_webview_vc90.dllc:\users\JOHN\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dllI:\autorun.inf..((((((((((((((((((((((((( Files Created from 2014-07-14 to 2014-08-14 )))))))))))))))))))))))))))))))..2014-08-12 21:59 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll2014-08-12 21:59 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe2014-08-12 21:59 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll2014-08-12 21:59 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe2014-08-12 21:59 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll2014-08-12 21:59 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll2014-08-12 21:59 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe2014-08-12 21:59 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe2014-08-12 21:15 . 2014-08-12 21:15 -------- d-----w- C:\FRST2014-08-12 01:13 . 2014-08-12 01:14 -------- d-----w- c:\users\JOHN\AppData\Roaming\uTorrent2014-08-12 01:11 . 2014-08-12 01:36 30312 ----a-w- c:\windows\system32\drivers\TrueSight.sys2014-08-12 01:01 . 2014-08-12 01:11 -------- d-----w- c:\programdata\RogueKiller2014-08-08 21:54 . 2014-08-08 21:54 -------- d-----w- c:\programdata\Oracle2014-08-08 21:54 . 2014-08-08 21:54 -------- d-----w- c:\program files (x86)\Common Files\Java2014-08-08 21:54 . 2014-08-08 21:54 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-08-08 21:54 . 2014-08-08 21:54 -------- d-----w- c:\program files (x86)\Java2014-08-06 01:55 . 2014-08-06 01:55 -------- d-sh--w- c:\windows\system32\%APPDATA%2014-08-06 01:46 . 2014-08-06 01:46 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll2014-08-05 17:20 . 2014-08-05 17:20 227728 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll2014-08-05 04:37 . 2014-08-05 04:37 -------- d-----w- c:\users\JOHN\AppData\Local\VirtualStore2014-08-05 04:35 . 2014-08-05 04:15 24064 ----a-w- c:\windows\zoek-delete.exe2014-08-05 04:35 . 2014-08-14 23:29 -------- d-----w- c:\users\JOHN\AppData\Local\Temp2014-08-04 20:50 . 2014-08-05 04:40 -------- d-----w- c:\program files\HitmanPro2014-08-04 20:26 . 2010-08-30 15:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll2014-07-23 11:02 . 2014-06-09 08:41 180136 ----a-w- c:\windows\system32\drivers\idmwfp.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-08-14 23:29 . 2014-06-30 05:15 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-08-13 22:18 . 2012-03-29 23:41 699568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-08-13 22:18 . 2011-05-16 18:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-08-12 22:01 . 2011-01-03 20:50 99218768 ----a-w- c:\windows\system32\MRT.exe2014-07-23 17:52 . 2011-01-03 20:52 270496 ------w- c:\windows\system32\MpSigStub.exe2014-07-04 18:21 . 2013-01-21 21:18 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-07-04 18:21 . 2014-07-04 18:21 43152 ----a-w- c:\windows\avastSS.scr2014-07-04 18:21 . 2014-04-23 16:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-07-04 18:21 . 2013-12-30 16:33 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys2014-07-04 18:21 . 2013-03-06 20:01 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-07-04 18:21 . 2013-03-06 20:01 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-07-04 18:21 . 2013-01-21 21:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-07-04 18:21 . 2013-01-21 21:18 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-07-04 18:21 . 2013-01-21 21:18 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys2014-07-04 18:21 . 2011-01-21 13:20 307344 ----a-w- c:\windows\system32\aswBoot.exe2014-06-18 02:18 . 2014-07-10 16:34 692736 ----a-w- c:\windows\system32\osk.exe2014-06-18 01:51 . 2014-07-10 16:34 646144 ----a-w- c:\windows\SysWow64\osk.exe2014-06-06 10:10 . 2014-07-10 16:34 624128 ----a-w- c:\windows\system32\qedit.dll2014-06-06 09:44 . 2014-07-10 16:34 509440 ----a-w- c:\windows\SysWow64\qedit.dll2014-06-05 14:45 . 2014-07-10 16:33 1460736 ----a-w- c:\windows\system32\lsasrv.dll2014-06-05 14:26 . 2014-07-10 16:33 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-06-05 14:25 . 2014-07-10 16:33 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2014-05-30 08:08 . 2014-07-10 16:34 210944 ----a-w- c:\windows\system32\wdigest.dll2014-05-30 08:08 . 2014-07-10 16:33 86528 ----a-w- c:\windows\system32\TSpkg.dll2014-05-30 08:08 . 2014-07-10 16:34 340992 ----a-w- c:\windows\system32\schannel.dll2014-05-30 08:08 . 2014-07-10 16:34 314880 ----a-w- c:\windows\system32\msv1_0.dll2014-05-30 08:08 . 2014-07-10 16:33 307200 ----a-w- c:\windows\system32\ncrypt.dll2014-05-30 08:08 . 2014-07-10 16:34 728064 ----a-w- c:\windows\system32\kerberos.dll2014-05-30 08:08 . 2014-07-10 16:33 22016 ----a-w- c:\windows\system32\credssp.dll2014-05-30 07:52 . 2014-07-10 16:33 172032 ----a-w- c:\windows\SysWow64\wdigest.dll2014-05-30 07:52 . 2014-07-10 16:33 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll2014-05-30 07:52 . 2014-07-10 16:34 247808 ----a-w- c:\windows\SysWow64\schannel.dll2014-05-30 07:52 . 2014-07-10 16:33 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll2014-05-30 07:52 . 2014-07-10 16:34 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll2014-05-30 07:52 . 2014-07-10 16:34 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-05-30 07:52 . 2014-07-10 16:33 17408 ----a-w- c:\windows\SysWow64\credssp.dll2014-05-30 06:45 . 2014-07-10 16:34 497152 ----a-w- c:\windows\system32\drivers\afd.sys2014-05-29 23:07 . 2014-06-14 23:53 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll2014-05-29 23:07 . 2013-11-10 19:17 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll2014-05-29 23:07 . 2014-06-14 23:53 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll2014-05-29 23:07 . 2013-11-10 19:17 1279480 ----a-w- c:\windows\system32\nvspcap64.dll2014-05-20 02:44 . 2014-06-14 23:56 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll2014-05-20 02:44 . 2014-06-14 23:56 895776 ----a-w- c:\windows\system32\NvIFR64.dll2014-05-20 02:44 . 2014-06-14 23:56 892704 ----a-w- c:\windows\system32\NvFBC64.dll2014-05-20 02:44 . 2014-06-14 23:56 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll2014-05-20 02:44 . 2014-06-14 23:56 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll2014-05-20 02:44 . 2014-06-14 23:56 31520 ----a-w- c:\windows\system32\nvhdap64.dll2014-05-20 02:44 . 2014-06-14 23:56 31387936 ----a-w- c:\windows\system32\nvoglv64.dll2014-05-20 02:44 . 2014-06-14 23:56 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll2014-05-20 02:44 . 2014-06-14 23:56 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys2014-05-20 02:44 . 2014-06-14 23:56 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll2014-05-20 02:44 . 2014-06-14 23:56 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll2014-05-20 02:44 . 2014-06-14 23:56 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys2014-05-20 02:44 . 2014-06-14 23:56 11599072 ----a-w- c:\windows\system32\nvopencl.dll2014-05-20 02:44 . 2014-06-14 23:56 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll2014-05-20 02:44 . 2014-06-14 23:56 3141976 ----a-w- c:\windows\system32\nvcuvid.dll2014-05-20 02:44 . 2014-06-14 23:56 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll2014-05-20 02:44 . 2014-06-14 23:56 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll2014-05-20 02:44 . 2014-06-14 23:56 25256224 ----a-w- c:\windows\system32\nvcompiler.dll2014-05-20 02:44 . 2014-06-14 23:56 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll2014-05-20 02:44 . 2014-06-14 23:56 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll2014-05-20 02:44 . 2014-06-14 23:56 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll2014-05-20 02:44 . 2014-06-14 23:56 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll2014-05-20 02:44 . 2014-06-14 23:56 11644928 ----a-w- c:\windows\system32\nvcuda.dll2014-05-20 02:44 . 2012-10-11 04:23 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll2014-05-20 02:44 . 2012-10-11 04:22 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll2014-05-20 02:44 . 2012-02-10 05:43 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll2014-05-20 02:44 . 2010-07-10 13:38 3109248 ----a-w- c:\windows\system32\nvapi64.dll2014-05-20 02:44 . 2010-07-10 13:38 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll2014-05-20 01:25 . 2011-04-08 06:19 6769096 ----a-w- c:\windows\system32\nvcpl.dll2014-05-20 01:25 . 2011-04-08 06:19 3514144 ----a-w- c:\windows\system32\nvsvc64.dll2014-05-20 01:25 . 2011-04-08 06:19 927520 ----a-w- c:\windows\system32\nvvsvc.exe2014-05-20 01:25 . 2011-04-08 06:19 387528 ----a-w- c:\windows\system32\nvmctray.dll2014-05-20 01:25 . 2010-07-10 00:27 62808 ----a-w- c:\windows\system32\nvshext.dll2014-05-19 23:10 . 2014-06-14 23:57 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe2014-05-09 14:50 . 2014-05-09 14:50 14936064 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-06-27 24477056]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-17 39408]"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2013-05-20 802136]"Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2012-05-30 1842384].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-01 4085896]"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2014-03-25 1284680]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896].c:\users\JOHN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-7-29 36414496].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2014-5-9 14936064]Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2014-5-9 14936064].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe.R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\C0D5.tmp;c:\windows\SYSNATIVE\C0D5.tmp [x]R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys;c:\windows\SYSNATIVE\Drivers\motoandroid.sys [x]R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys;c:\windows\SYSNATIVE\DRIVERS\EIO64.sys [x]S2 AllShare Framework DMS;AllShare Framework DMS;c:\program files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe;c:\program files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [x]S2 AllShare Play Service;AllShare Play Service;c:\program files\Samsung\AllShare Play\AllShare Play Service.exe;c:\program files\Samsung\AllShare Play\AllShare Play Service.exe [x]S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.03\AsSysCtrlService.exe [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [x]S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [x]S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys;c:\windows\SYSNATIVE\DRIVERS\ae1000w7.sys [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-08-13 22:18 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-08 22:18].2014-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 20:33].2014-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-07 20:33]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-07-04 18:21 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-06-27 21:20 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"AllShare Play"="c:\program files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe" [2013-02-22 407384]"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]"Soluto"="c:\program files\soluto\soluto.exe" [2013-02-20 1278432].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.commLocal Page = c:\windows\system32\blank.htmuInternet Settings,ProxyOverride = 192.168.*.*IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htmIE: Download FLV video content with IDM - c:\program files (x86)\Internet Download Manager\IEGetVL.htmIE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htmIE: LastPass - file://c:\users\JOHN\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - file://c:\users\JOHN\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} -IE: {{40354A83-504E-4611-ACAE-3D137F6F595E} - {40354A83-504E-4611-ACAE-3D137F6F595E} -Trusted Zone: osd.mil\www.dmdcTrusted Zone: suprbay.org\forumTCP: DhcpNameServer = 75.75.75.75 75.75.76.76FF - ProfilePath - c:\users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\1etzilo8.default\FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKCU-Run-IDMan - c:\program files (x86)\Internet Download Manager\IDMan.exeSafeBoot-05727210.sysSafeBoot-39289083.sysHKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exeAddRemove-Yahoo! Companion - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXEAddRemove-Yahoo! Software Update - c:\progra~2\Yahoo!\SOFTWA~1\UNINST~1.EXEAddRemove-Yahoo! Toolbar - c:\progra~2\Yahoo!\Common\UNYT_W~1.EXE...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]"ImagePath"="\??\c:\windows\system32\C0D5.tmp".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"scansk"=hex(0):5d,bc,4f,f1,ac,f7,5e,bb,2d,01,a2,bf,e4,49,9d,7b,d8,3e,a0,68,ee, 07,a9,c7,28,d2,4f,60,b6,e7,35,da,b0,02,fd,7e,9a,ca,d1,29,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]@Denied: (Full) (Everyone)"scansk"=hex(0):ad,b0,d1,a4,a8,29,91,32,55,d1,ee,1a,7c,c6,9d,2f,83,18,c5,0e,ab, bd,f4,c2,41,5a,58,42,14,8f,87,38,80,0e,af,3d,21,99,4f,0f,00,00,00,00,00,00,\.[HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\Wow6432Node\CLSID\{e29598d2-1b54-4292-bd18-29a8f1fb9f40}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000004d"Therad"=dword:0000001d.[HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\Wow6432Node\CLSID\{efaf451c-c7e3-40c9-a64a-ea451fdf3c88}]@Denied: (Full) (Everyone)@Allowed: (Read) (RestrictedCode)"Model"=dword:0000008e"Therad"=dword:00000015"SpecVersion"=dword:00000018"MData"=hex(0):24,66,cb,ff,b0,c8,d2,db,5c,dc,33,1b,33,47,5a,07,9e,db,a3,fd,99, 28,80,4e,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.14".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\ASUS\EPU-6 Engine\SixEngine.exe.**************************************************************************.Completion time: 2014-08-14 16:31:51 - machine was rebootedComboFix-quarantined-files.txt 2014-08-14 23:31.Pre-Run: 80,870,363,136 bytes freePost-Run: 80,385,916,928 bytes free.- - End Of File - - 03FC0C97AD95FA3C3D49970BB9017BA8A36C5E4F47E84449FF07ED3517B43A31
  3. TDSSKiller says No threats found. That feels better. Thanks again for your kind help. One more thing: Do I need to be concerned about HOSTs file(s) and should I get a tool to manage them? One of the scans that I ran the other day mentioned that my HOSTs file was too large to scan (or similar).
  4. I just got a call from my bank alerting me about an unauthorized $49.95 charge for 'Raspberry Ketone weight loss suppolement' from 888-441-2916.com in Miami. Of course, I did not order this stuff and they said that the order will be cancelled and my bank (B of A) told me to call in 2 days if my debit card has been charged. BoA has cancelled my existing card and is sending a new one, so that's all good. The thing that I'm most concerned about is a Trojan/keylogger/rootkit etc. that may have taken up residence on my system. This is my only computer. Is there a good Trojan/keylogger scanner that is free?
  5. How should I run DelFix? Create Registry backup? Maybe I just don't have ComboFix.........
  6. For ComboFix, Windows 7 gives me an error that it cannot find 'ComboFix'. I have both pasted and typed it in the Run box exactly like this: ComboFix /uninstall
  7. screen317 log Results of screen317's Security Check version 0.99.86 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` MVPS Hosts File Java 7 Update 67 Java version out of Date! Adobe Flash Player 14.0.0.145 Adobe Reader XI Mozilla Firefox (31.0) Google Chrome 35.0.1916.153 Google Chrome 36.0.1985.125 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast avastui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 8% ````````````````````End of Log``````````````````````
  8. Scan completed successfully! No malicious item were detected! Thank you, MrC!
  9. Junkware Removal Tool log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.4 (04.06.2014:1)OS: Windows 7 Professional x64Ran by JOHN on Mon 08/11/2014 at 20:35:02.11~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 08/11/2014 at 20:42:37.28End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. AdwCleaner[s2] file, after reboot # AdwCleaner v3.304 - Report created 11/08/2014 at 20:26:43# Updated 08/08/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : JOHN - JOHN-PC# Running from : C:\Users\JOHN\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16561 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\1etzilo8.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}Deleted [search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=Deleted [search Provider] : hxxp://en.softonic.com/s/{searchTerms}Deleted [startup_urls] : hxxp://websearch.exitingsearch.info/?pid=964&r=2014/03/08&hid=2465565078485846288&lg=EN&cc=US&unqvl=50Deleted [Homepage] : hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE6F9A392-1131-4C87-9B19-9FCC2801446A&SSPV=Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck ************************* AdwCleaner[R0].txt - [10732 octets] - [09/03/2014 12:20:09]AdwCleaner[R1].txt - [5387 octets] - [10/03/2014 09:06:21]AdwCleaner[R2].txt - [3009 octets] - [04/08/2014 13:25:57]AdwCleaner[R3].txt - [1535 octets] - [04/08/2014 13:58:14]AdwCleaner[R4].txt - [1636 octets] - [11/08/2014 20:17:53]AdwCleaner[s0].txt - [5477 octets] - [10/03/2014 09:08:00]AdwCleaner[s1].txt - [3436 octets] - [04/08/2014 13:44:53]AdwCleaner[s2].txt - [1933 octets] - [11/08/2014 20:26:43] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1993 octets] ##########
  11. AdwCleaner log (before cleaning) - there is nothing in 'Files / Folders' - ?? No worries, nothing I can't get again if deleted. I will clean, reboot, and then post the AdwCleaner[s0] logfile in a minute. # AdwCleaner v3.304 - Report created 11/08/2014 at 20:17:53# Updated 08/08/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : JOHN - JOHN-PC# Running from : C:\Users\JOHN\Downloads\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16561 -\\ Mozilla Firefox v31.0 (x86 en-US) [ File : C:\Users\JOHN\AppData\Roaming\Mozilla\Firefox\Profiles\1etzilo8.default\prefs.js ] -\\ Google Chrome v36.0.1985.125 [ File : C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\preferences ] Found [startup_urls] : hxxp://websearch.exitingsearch.info/?pid=964&r=2014/03/08&hid=2465565078485846288&lg=EN&cc=US&unqvl=50Found [Homepage] : hxxp://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE6F9A392-1131-4C87-9B19-9FCC2801446A&SSPV=Found [Extension] : eofcbnmajmjmplflapaojjnihcjkigck ************************* AdwCleaner[R0].txt - [10732 octets] - [09/03/2014 12:20:09]AdwCleaner[R1].txt - [5387 octets] - [10/03/2014 09:06:21]AdwCleaner[R2].txt - [3009 octets] - [04/08/2014 13:25:57]AdwCleaner[R3].txt - [1535 octets] - [04/08/2014 13:58:14]AdwCleaner[R4].txt - [1376 octets] - [11/08/2014 20:17:53]AdwCleaner[s0].txt - [5477 octets] - [10/03/2014 09:08:00]AdwCleaner[s1].txt - [3436 octets] - [04/08/2014 13:44:53] ########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [1556 octets] ##########
  12. Farbar Fixlog (I will run AdwCleaner and post the log in a sec) Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-08-2014 01Ran by JOHN at 2014-08-11 20:12:17 Run:1Running from C:\Users\JOHN\Downloads\Farbar FRSTBoot Mode: Normal============================================== Content of fixlist:*****************ShellIconOverlayIdentifiers: IDM Shell Extension -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll No FileSearchScopes: HKCU - DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7VASJ_enUS520SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.co...1I7VASJ_enUS520SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileFilter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No FileFF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\FirefoxFF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-29]CHR Extension: (avast! SafePrice) - C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2014-07-21]C:\Users\JOHN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8v49bf.dllC:\Users\JOHN\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dllAlternateDataStreams: C:\ProgramData\TEMP:07BF512B ***************** "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\IDM Shell Extension" => Key deleted successfully."HKCR\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}" => Key deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => Key deleted successfully."HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully."HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully."HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully."HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found."HKCR\PROTOCOLS\Filter\text/xml" => Key deleted successfully."HKCR\CLSID\{807553E5-5146-11D5-A672-00B0D022E945}" => Key not found.HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\fmconverter@gmail.com => value deleted successfully.C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox => Moved successfully.C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => Moved successfully."C:\Users\JOHN\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8v49bf.dll" => File/Directory not found.C:\Users\JOHN\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully. ==== End of Fixlog ====
  13. Of course! Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/11/2014Scan Time: 6:20:19 PMLogfile: MBAM Log 8-11-14 (2).txtAdministrator: Yes Version: 2.00.2.1012Malware Database: v2014.08.11.08Rootkit Database: v2014.08.04.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: JOHN Scan Type: Threat ScanResult: CompletedObjects Scanned: 350425Time Elapsed: 5 min, 25 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 1PUP.Optional.Conduit.A, C:\Users\JOHN\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "homepage": "http://search.conduit.com/?ctid=CT3325283&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPE6F9A392-1131-4C87-9B19-9FCC2801446A&SSPV=",), Replaced,[95033f83abd0da5cc6897a827d873dc3] Physical Sectors: 0(No malicious items detected) (end)
  14. MrCharlie, Thank you for replying so fast! I have done the following: Removed uTorrent Scanned with Malwarebytes 2.0 settings as you advised and Quarantined PUP.Optional.Conduit.A Ran RogueKiller 64 BitHere's the RogueKiller report RogueKiller V9.2.6.0 (x64) [Jul 11 2014] by Adlice Software mail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : JOHN [Admin rights]Mode : Scan -- Date : 08/11/2014 18:39:23 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-965672119-3825489760-2407008530-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND ¤¤¤ Scheduled tasks : 1 ¤¤¤[suspicious.Path] \\4484 -- wscript.exe (C:\Users\JOHN\AppData\Local\Temp\launchie.vbs //B) -> FOUND ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 0 [Too big!] ¤¤¤ ¤¤¤ Antirootkit : 1 (Driver: LOADED) ¤¤¤[Filter(Kernel.Filter)] \Driver\atapi @ Unknown : \Driver\Disk @ \Device\Harddisk0\DR0 (\SystemRoot\System32\drivers\tcpip.sys) ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: INTEL SSDSA2M160G2GC ATA Device +++++--- User ---[MBR] 1d19d22e3c9b5c6d324d1d0cbc702b8a[bSP] 31f277a255a272ddedf455a4854d6955 : Windows Vista/7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152525 MBUser = LL1 ... OKUser = LL2 ... OK +++++ PhysicalDrive1: Seagate FA GoFlex Desk USB Device +++++--- User ---[MBR] c37ba526a926dc4fe02cb793cde2ed99[bSP] 78914e8f886aabada7f1fd55b129aa57 : Empty MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 1907726 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: Seagate FreeAgent USB Device +++++--- User ---[MBR] bb798cef677399346ec60576046ef931[bSP] 95e1d6c49bd9ae92ab83588819cb9af9 : Windows XP MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MBUser = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) ============================================RKreport_SCN_08112014_181832.log
  15. And the Farbar Addition.txt log (I renamed it Addition 8-11-14) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-08-2014 01 Ran by JOHN at 2014-08-11 16:28:34Running from C:\Users\JOHN\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32239 - BitTorrent Inc.)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)AllShare Framework DMS (HKLM\...\{1ABC9BD2-7E06-4D70-929B-AC1B6461A8B2}) (Version: 1.3.06 - Samsung)AllShare Play 1.5.0.1302211905 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1302211905 - Copyright 2013 SAMSUNG)ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)Canon MG5400 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5400_series) (Version: 1.01 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.1 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)Cisco Connect (HKLM-x32\...\Cisco Connect) (Version: 1.3.11069.2 - Cisco Consumer Products LLC)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDropbox (HKCU\...\Dropbox) (Version: 2.10.3 - Dropbox, Inc.)DVD Identifier (HKLM-x32\...\DVD Identifier_is1) (Version: 5.2.0 - Kris Schoofs)EPU-6 Engine (HKLM-x32\...\{56B83336-FBC1-4C46-8613-90A9E3B440D6}) (Version: 1.03.03 - )eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenerLT (x32 Version: 1.20.0137 - Logitech, Inc.) HiddenFormatFactory 3.2.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.2.1.0 - Free Time)Freemake Video Converter version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)Gadwin PrintScreen (HKLM-x32\...\Gadwin PrintScreen) (Version: 4.7 - Gadwin Systems, Inc.)GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 8.5.8.8 - Siber Systems)Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)Google Analytics Opt-out Browser Add-on (HKLM\...\{82B280A2-521E-4D30-AF15-38CD6D5CB629}) (Version: 0.9.6.0 - Google Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)Google Drive (HKLM-x32\...\{75939021-3B68-419D-8DC1-E9823BFF9658}) (Version: 1.16.7009.9618 - Google, Inc.)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGoogle+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) HiddenLastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM-x32\...\{91110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft XML Parser (x32 Version: 8.70.1104.04 - Microsoft Corporation) HiddenMotoHelper MergeModules (x32 Version: 1.0.0 - Motorola) HiddenMotoHelper MergeModules (x32 Version: 1.2.0 - Motorola) HiddenMozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MyDriveConnect 3.3.0.1342 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1342 - TomTom)NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation)NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) HiddenNVIDIA 3D Vision Controller Driver (x32 Version: 280.19 - NVIDIA Corporation) HiddenNVIDIA 3D Vision Controller Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)NVIDIA 3D Vision Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) HiddenNVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) HiddenNVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) HiddenNVIDIA Optimus Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenNVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) HiddenNVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) HiddenPicasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) HiddenReal Alternative 2.0.2 (HKLM-x32\...\RealAlt_is1) (Version: 2.0.2 - )Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.3.650.0 - SAMSUNG Electronics Co., Ltd.)Seagate Dashboard (HKLM-x32\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Seagate Manager Installer (HKLM-x32\...\InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}) (Version: 2.01.0600 - Seagate)Seagate Manager Installer (x32 Version: 2.01.0600 - Seagate) HiddenSHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) HiddenSoluto (HKLM\...\{CECE3070-FF48-47A6-BAF3-52E274EE7EEF}) (Version: 1.3.1156.0 - Soluto)Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)VSO ConvertXToDVD (HKLM-x32\...\{CE1F93C0-4353-4C9D-84DA-AB4E7C63ED32}_is1) (Version: 5.1.0.9 - VSO Software)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.1) (Version: 1.3.2 - Xvid Team)Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )Yahoo! Internet Mail (HKLM-x32\...\Yahoo! Mail) (Version: - )Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - Yahoo! Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {18381615-9468-D082-4386-49E985889A47} No FileCustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {41069CC1-9468-D082-970C-77B085889A47} No FileCustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-965672119-3825489760-2407008530-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JOHN\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 24-07-2014 00:20:42 Windows Update01-08-2014 21:18:15 Windows Update04-08-2014 20:51:50 Checkpoint by HitmanPro04-08-2014 20:53:54 Checkpoint by HitmanPro04-08-2014 20:54:20 Checkpoint by HitmanPro04-08-2014 20:54:34 Checkpoint by HitmanPro05-08-2014 03:26:21 Checkpoint by HitmanPro05-08-2014 04:17:24 zoek.exe restore point05-08-2014 04:40:47 Checkpoint by HitmanPro06-08-2014 01:49:50 Windows Update08-08-2014 21:54:14 Installed Java 7 Update 67 ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 19:34 - 2013-03-06 09:09 - 00444231 ____R C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost127.0.0.1 www.007guard.com127.0.0.1 007guard.com127.0.0.1 008i.com127.0.0.1 www.008k.com127.0.0.1 008k.com127.0.0.1 www.00hq.com127.0.0.1 00hq.com127.0.0.1 010402.com127.0.0.1 www.032439.com127.0.0.1 032439.com127.0.0.1 www.0scan.com127.0.0.1 0scan.com127.0.0.1 www.1000gratisproben.com127.0.0.1 1000gratisproben.com127.0.0.1 1001namen.com127.0.0.1 www.1001namen.com127.0.0.1 100888290cs.com127.0.0.1 www.100888290cs.com127.0.0.1 www.100sexlinks.com127.0.0.1 100sexlinks.com127.0.0.1 www.10sek.com127.0.0.1 10sek.com127.0.0.1 www.1-2005-search.com127.0.0.1 1-2005-search.com127.0.0.1 www.123fporn.info127.0.0.1 123fporn.info127.0.0.1 123haustiereundmehr.com127.0.0.1 www.123haustiereundmehr.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {03E11141-ED31-46BD-AC2C-20D77A3BDFA4} - System32\Tasks\4484 => Wscript.exe C:\Users\JOHN\AppData\Local\Temp\launchie.vbs //BTask: {05EC7723-A1F3-4BD6-847F-2789A3A27EDA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)Task: {103E7D85-8FC3-4663-B4D2-5AFEB4EEC87F} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exeTask: {150E44F4-1857-40B7-98AF-5CBFAB9DDA4B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12] (Google Inc.)Task: {2994DFA6-C230-4FC1-A91B-E82D4BCA8933} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMJJKMKMLMGMNMKJNJCNJMJMNJMMCNLMMMKMOJCNHMIMJMJJCNOMJMOMNMPMJMNMLJLJKJHMJJJNJICMJMCNOMPMCNNMFMHMCNPMCNIMJMPMPMFMJMCNOMCNIMJMPMPMCNNMJNPICMLMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMFLALHLBLJNKJCMJNNICMJNDJCMKJBJ"Task: {30D965BE-22DE-4441-AA38-CB21BC6C076F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-04] (AVAST Software)Task: {3DDA23FF-BC81-4318-93FA-EC09425ACEAF} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {58AAE59C-F34E-4B47-89D3-F5ABF30C68DF} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)Task: {5A6E291D-27AA-4CE8-A952-CFCCE601D447} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {5E34BA29-C1AB-4A56-89F3-4C96D7F3F22E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)Task: {654279D9-4784-422C-9BD5-F55E6A4A9C4C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {86C9F64A-F193-4090-8747-B6F0FEAB4804} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)Task: {8D955749-83F3-4286-A048-3F75559207E3} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe [2009-12-01] (ASUSTeK Computer Inc.)Task: {8F3AD9CF-E23C-4AC5-9A9E-69192373B84F} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)Task: {A123E9E1-1F98-47A4-A84E-28A5918534F6} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exeTask: {A2DE398B-34CA-422B-A26F-7A8C7087D477} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)Task: {B04F4AB5-782A-4ADD-B78A-81890DF26DDF} - System32\Tasks\Soluto-Diagnostics => C:\ProgramData\Soluto\Diag\SolutoDiag.exe [2012-12-20] (Soluto)Task: {BB3ABCAD-F085-4E39-B510-110E3F9E38F6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)Task: {C778DAF5-49ED-4927-97FE-6A3E42348BE7} - System32\Tasks\0 => Iexplore.exe Task: {F7C4704D-57CD-4C58-86B5-0E5046D9AD5F} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-13 12:03 - 2014-02-13 12:03 - 03666944 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\f3837ad1049de107ef9c6d31ec36d5a7\PCGPreCompiled.ni.dll2014-02-13 12:04 - 2014-02-13 12:04 - 00266752 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\73516670e482de187c8e82fa369dc72f\PCGAppControlPluginLoader.ni.dll2013-02-20 16:28 - 2013-02-20 16:28 - 00091192 _____ () C:\Program Files\Soluto\PCGDllExportInspector.dll2013-02-20 16:28 - 2013-02-20 16:28 - 00055352 ____R () C:\Program Files\Soluto\PCGDeviceScanLib.dll2013-02-20 16:28 - 2013-02-20 16:28 - 00091192 _____ () c:\program files\soluto\PCGDllExportInspector.dll2011-07-12 10:50 - 2011-02-28 08:39 - 00211456 _____ () C:\Program Files (x86)\IZArc\IZArcCM64.dll2013-02-19 09:12 - 2013-02-21 20:06 - 01226752 _____ () C:\Program Files\Samsung\AllShare Play\SecLibJNI.dll2014-08-04 21:37 - 2014-08-04 21:37 - 00515584 ____N () C:\Users\JOHN\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll2013-02-19 09:12 - 2013-02-21 20:06 - 00011264 _____ () C:\Program Files\Samsung\AllShare Play\JniSys.dll2012-10-23 10:10 - 2012-10-23 10:10 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\64bit\JNIInterface.dll2012-10-22 21:02 - 2012-10-22 21:02 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\64bit\ASFAPI.dll2012-10-23 10:09 - 2012-10-23 10:09 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\64bit\MediaDB_Manager.dll2012-08-21 20:06 - 2012-08-21 20:06 - 00030720 _____ () C:\Windows\system32\MediaDB64.dll2012-10-05 18:27 - 2012-10-05 18:27 - 00905216 _____ () C:\Windows\system32\ContentDirectoryPresenter64.dll2012-10-23 10:10 - 2012-10-23 10:10 - 00522240 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\64bit\DMS_Manager.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00049152 _____ () C:\Windows\system32\boost_date_time-vc90-mt-1_47.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00016896 _____ () C:\Windows\system32\boost_system-vc90-mt-1_47.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00058880 _____ () C:\Windows\system32\boost_thread-vc90-mt-1_47.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00299520 _____ () C:\Windows\system32\boost_serialization-vc90-mt-1_47.dll2011-04-07 23:19 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2014-07-04 11:21 - 2014-07-04 11:21 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll2014-08-11 11:42 - 2014-08-11 11:42 - 02795520 _____ () C:\Program Files\AVAST Software\Avast\defs\14081101\algo.dll2012-10-22 17:55 - 2012-10-22 17:55 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DMSManager.dll2012-10-05 18:27 - 2012-10-05 18:27 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ContentDirectoryPresenter.dll2012-08-21 20:06 - 2012-08-21 20:06 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMCDP.dll2012-08-21 20:06 - 2012-08-21 20:06 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\FolderCDP.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MetadataFramework.dll2012-08-14 12:13 - 2012-08-14 12:13 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\sqlite3.dll2012-08-14 12:13 - 2012-08-14 12:13 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MoodExtractor.dll2012-08-14 12:43 - 2012-08-14 12:43 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMImgExtractor.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AutoChaptering.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexpat.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoThumb.dll2012-08-14 12:43 - 2012-08-14 12:43 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avcodec-52.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avutil-50.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avformat-52.dll2012-08-14 12:43 - 2012-08-14 12:43 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\swscale-0.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AudioExtractor.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00063488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ID3Driver.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\tag.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libThumbnail.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RichInfoDriver.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoExtractor.dll2012-10-22 17:55 - 2012-10-22 17:55 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ThumbnailMaker.dll2012-10-22 17:55 - 2012-10-22 17:55 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageMagickWrapper.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00133120 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoMetadataDriver.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libKeyFrame.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\SECMetaDriver.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageExtractor.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\photoDriver.dll2012-08-14 12:43 - 2012-08-14 12:43 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexif-12.dll.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\TextExtractor.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\Autobackup.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RosettaAllShare.dll2012-08-21 12:25 - 2012-08-21 12:25 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_serialization-vc90-mt-1_47.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_date_time-vc90-mt-1_47.dll2012-08-21 12:25 - 2012-08-21 12:25 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_system-vc90-mt-1_47.dll2012-08-21 12:26 - 2012-08-21 12:26 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_thread-vc90-mt-1_47.dll2012-08-14 12:42 - 2012-08-14 12:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\us.dll2014-07-04 11:21 - 2014-07-04 11:21 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-08-11 16:08 - 2014-08-11 16:08 - 00098816 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32api.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00110080 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\pywintypes27.dll2014-08-11 16:08 - 2014-08-11 16:08 - 00364544 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\pythoncom27.dll2014-08-11 16:08 - 2014-08-11 16:08 - 00045568 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_socket.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 01160704 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_ssl.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00320512 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32com.shell.shell.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00713216 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_hashlib.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 01175040 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._core_.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00805888 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._gdi_.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00811008 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._windows_.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 01062400 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._controls_.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00735232 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._misc_.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00128512 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_elementtree.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00127488 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\pyexpat.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00557056 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\pysqlite2._sqlite.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00007168 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\hashobjs_ext.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00087552 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_ctypes.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00119808 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32file.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00108544 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32security.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00018432 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32event.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00038912 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32inet.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00070656 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._html2.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00167936 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32gui.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00011264 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32crypt.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00027136 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\_multiprocessing.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00122368 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._wizard.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00010240 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\select.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00024064 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32pipe.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00686080 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\unicodedata.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00025600 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32pdh.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00525640 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\windows._lib_cacheinvalidation.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00035840 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32process.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00017408 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32profile.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00022528 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\win32ts.pyd2014-08-11 16:08 - 2014-08-11 16:08 - 00078336 _____ () C:\Users\JOHN\AppData\Local\Temp\_MEI51162\wx._animate.pyd2011-05-28 21:10 - 2009-04-22 20:20 - 00179712 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\ASUSSERVICE.DLL2011-05-28 21:10 - 2009-08-27 19:41 - 00565248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\pngio.dll2011-05-28 21:10 - 2009-08-27 19:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\EPU-6 Engine\AsSpindownTimeout.dll2014-07-20 15:10 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll2014-07-20 15:10 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll2014-07-20 15:10 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll2014-07-20 15:10 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll2014-07-20 15:10 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll2014-08-11 16:11 - 2014-08-11 16:11 - 00043008 _____ () c:\users\john\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp8v49bf.dll2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Users\JOHN\appdata\roaming\dropbox\bin\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:07BF512B ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\39289083.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\39289083.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exeMSCONFIG\startupreg: Gadwin PrintScreen => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplashMSCONFIG\startupreg: Google+ Auto Backup => "C:\Users\JOHN\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostartMSCONFIG\startupreg: MaxMenuMgr => "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uiMSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: uTorrent => "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDMSCONFIG\startupreg: Xvid => C:\Program Files (x86)\Xvid\CheckUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (08/11/2014 04:08:26 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 04:08:26 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 03:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: nvstreamsvc.exe, version: 2.1.214.0, time stamp: 0x53809acdFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000005Fault offset: 0x0000000000052fc4Faulting process id: 0xe60Faulting application start time: 0xnvstreamsvc.exe0Faulting application path: nvstreamsvc.exe1Faulting module path: nvstreamsvc.exe2Report Id: nvstreamsvc.exe3 Error: (08/11/2014 03:41:54 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 03:41:54 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 03:36:20 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 03:36:20 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 02:08:00 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 02:08:00 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 00:52:02 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 System errors:=============Error: (08/11/2014 04:08:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The ASDR service failed to start due to the following error: %%2 Error: (08/11/2014 04:07:35 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (08/11/2014 04:06:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:06:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:06:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:06:18 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:01:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (08/11/2014 04:01:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (08/11/2014 04:08:26 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 04:08:26 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 03:42:10 PM) (Source: Application Error) (EventID: 1000) (User: )Description: nvstreamsvc.exe2.1.214.053809acdntdll.dll6.1.7601.18247521eaf24c00000050000000000052fc4e6001cfb5b5752d5a54C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Windows\SYSTEM32\ntdll.dllba463298-21a8-11e4-bc58-bcaec520f832 Error: (08/11/2014 03:41:54 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 03:41:54 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 03:36:20 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 03:36:20 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 02:08:00 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcInit started failed with 0 Error: (08/11/2014 02:08:00 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcMain failed with 0 Error: (08/11/2014 00:52:02 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 CodeIntegrity Errors:=================================== Date: 2013-01-12 19:49:26.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-12 19:49:26.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-12 19:49:26.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-12 19:49:26.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-12 19:49:26.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-12 19:49:26.462 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-08 12:51:19.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-08 12:51:19.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-08 12:51:19.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-01-08 12:51:19.899 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 44%Total physical RAM: 6135.11 MBAvailable physical RAM: 3403.07 MBTotal Pagefile: 12268.41 MBAvailable Pagefile: 8464.74 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.95 GB) (Free:79.32 GB) NTFSDrive g: (FreeAgent GoFlex Drive) (Fixed) (Total:1863.01 GB) (Free:1593.72 GB) NTFSDrive i: (Seagate 1-TB) (Fixed) (Total:931.51 GB) (Free:870.99 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 1F03968E)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 1863 GB) (Disk ID: 9A31F313)Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ========================================================Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 338BB4EE)Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.