Jump to content

NJCurmudgeon

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hi Doctor9fan, While I don't use Macrium and I don't recall doing anything similar in May, I do have some backups running in the background - so perhaps that is what caused them? I haven't been on my Malwarebytes accounts dashboard in a long time, so it is possible these were being created all along and I just wasn't aware. I deleted the two unknowns and will see if they return and if there is any coincidence with the backups. Thanks!
  2. Hi Porthos, Thanks for your quick reply! I just have the one desktop computer on this subscription and certainly didn't add any devices in May. Thanks also for confirming the drives are not a factor. I suspect it may be safe to just delete the other two, but obviously I wanted to make sure I wasn't missing something before doing so. I will contact support as you suggest - there is something disconcerting about a an anti-malware service possibly having been hacked! Thanks again.
  3. I had to reset my password recently due to an unauthorized attempt at signing into my account. I hadn't been on the account dashboard for a long time, and was surprised to find the warning, "You are currently using more devices than your license is registered for." When I click on "Manage Devices," I see my current computer named with the correct registration date. However, there are two other device entries with no names and registration dates of May 6 and May 20, 20201. Considering there was apparently an unauthorized attempt to access my account, I am concerned that these two other devices may be someone else having hacked into the account. I have two external hard-drives, but I had them long before May of this year and I don't remember including them in my subscription since anything that goes on them passes through the protected computer first. However, I am holding off deactivating the other two devices until I am sure they are not legitimate. Is there a way of telling what those two devices are when there is no name? The hard-drives are named, so if they somehow got onto the subscription, wouldn't their names be visible too? Any advice appreciated! Thanks!
  4. I re-installed MalwareBytes as you described and so far is seems to be back to normal. I am going to give it 24 hours and make sure. I once had a virus that managed to keep turning off all my anti-virus software! So I just want to be sure that's not the case here before "closing" this thread. Thanks for the help and I will let you know if it still looks good tomorrow...
  5. No difference. MalwareBytes is still "Unable to access update server" and 'Real-Time Protection' is at "No Protection."
  6. Hi TwinHeadedEagle, Logs attached... Thanks. AdwCleanerS1.txt Fixlog.txt
  7. Thanks for the reply. Here are both the txt files as attachments. Addition.txt FRST.txt
  8. It dawned on me recently that I hadn't been seeing the MalwareBytes regular scan window popping up as I used to. When I checked on the 'dashboard,' I discovered that the 'Real-Time Protection' was off and the 'Database Version' was showing "Unable to Access Update Server." Clicking the 'update now' and 'Fix Now' does nothing. I posted this problem to another general help board on here and they suggested bumping it to this forum, suggesting that there may be a minor PUP infection. The MaywareBytes scan came up clean, so there do not appear to be any unresolved issues and I believe my firewall is not blocking anything. I have noticed the occasional internet "Not Responding" hangups, normally only for a few seconds. I am not sure if this is related or a problem with my internet provider, but I figured I ought to mention it in case it is a clue. I have run the FRST scans and am copying and pasting the results below. Thanks in advance for any assistance! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01 Ran by Gordon (administrator) on CHARLIEBROWN on 18-08-2014 14:18:55 Running from C:\Users\Gordon\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe () C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbvista.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Gordon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2014-04-18] (Carbonite, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [432784 2011-10-24] (Stardock Corporation) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: F - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {4af0d826-8795-11e1-a4d4-848f69c65052} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {4fbe6b53-8675-11e1-9856-848f69c65052} - E:\LaunchU3.exe -a HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {6161d1cf-cbd8-11e1-8bb2-848f69c65052} - "F:\WD SmartWare.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gordon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKCU - {2A681AE8-57FA-4E7B-BD6D-B4D64FEF394C} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11 SearchScopes: HKCU - {36F8C66D-CBB2-48E9-8DBB-0BAECE7C7548} URL = https://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {654BF0E1-811E-4C0B-A0BE-F907E977FFCB} URL = https://delicious.com/search?p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default FF DefaultSearchEngine: Wikipedia (en) FF SelectedSearchEngine: Wikipedia (en) FF Homepage: hxxp://www.symbaloo.com/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Extension: Weather Now - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\a000b6@wips.com [2014-05-10] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\donottrackplus@abine.com [2014-07-12] FF Extension: MaskMe - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\idme@abine.com [2014-03-04] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-12-06] FF Extension: Email Extractor - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\emailExtractor@penzil.com.xpi [2014-01-22] FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\firefox1@myibay.com.xpi [2012-07-13] FF Extension: Webmail Ad Blocker - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\gmailnoads@mywebber.com.xpi [2012-04-13] FF Extension: Greenhouse - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\jid1-IqdNyIAxnc724Q@jetpack.xpi [2014-07-24] FF Extension: Weather Watcher Live - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\weatherwatcherlive@singerscreations.com.xpi [2014-05-09] FF Extension: X-notifier - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-04-13] FF Extension: AniWeather - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013-10-26] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-04-16] FF Extension: Adblock Plus - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-13] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-14] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) S4 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed] R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital ) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital) R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital ) R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed] R2 WindowBlinds; C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe [337144 2009-06-04] (Stardock Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () S1 fanio; C:\Windows\SysWOW64\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed] R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69184 2011-09-05] (Fresco Logic) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-06] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 ALSysIO; \??\C:\Users\Gordon\AppData\Local\Temp\ALSysIO64.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 14:18 - 2014-08-18 14:19 - 00029818 _____ () C:\Users\Gordon\Desktop\FRST.txt 2014-08-18 14:18 - 2014-08-18 14:19 - 00000000 ____D () C:\FRST 2014-08-18 14:18 - 2014-08-18 14:18 - 02101760 _____ (Farbar) C:\Users\Gordon\Desktop\FRST64.exe 2014-08-18 13:50 - 2014-08-18 13:50 - 00005983 _____ () C:\Users\Gordon\Desktop\AdwCleaner[s0].txt 2014-08-18 13:17 - 2014-08-18 13:23 - 00000000 ____D () C:\AdwCleaner 2014-08-18 13:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-18 13:16 - 2014-08-18 13:17 - 01361671 _____ () C:\Users\Gordon\Desktop\adwcleaner_3.307.exe 2014-08-18 12:06 - 2014-08-18 13:41 - 00000112 _____ () C:\Windows\setupact.log 2014-08-18 08:53 - 2014-08-18 08:53 - 00054948 _____ () C:\Users\Gordon\Desktop\zoek-results.txt 2014-08-18 08:34 - 2014-08-18 08:45 - 00054948 _____ () C:\zoek-results.log 2014-08-18 08:31 - 2014-08-18 08:36 - 00000000 ____D () C:\zoek_backup 2014-08-18 08:29 - 2014-08-18 08:29 - 00001902 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-08-18 08:27 - 2014-08-18 08:27 - 01288704 _____ () C:\Users\Gordon\Desktop\zoek.exe 2014-08-17 10:51 - 2014-08-17 10:54 - 00000600 _____ () C:\Users\Gordon\AppData\Roaming\PUTTY.RND 2014-08-17 10:31 - 2014-08-17 10:31 - 06052529 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.3_win32-setup.exe 2014-08-09 16:30 - 2014-08-09 16:31 - 06004615 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\TempDump 2014-07-30 11:35 - 2014-08-17 10:54 - 00000600 _____ () C:\Users\Gordon\AppData\Local\PUTTY.RND 2014-07-29 22:53 - 2014-07-29 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-29 22:52 - 2014-07-29 22:52 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-07-29 22:41 - 2014-07-29 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 22:31 - 2009-03-10 23:25 - 00191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll 2014-07-29 22:31 - 2008-10-20 13:44 - 00237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll 2014-07-29 22:31 - 2008-09-05 08:32 - 00104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll 2014-07-29 22:31 - 2008-08-10 10:39 - 00053248 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxvb.dll 2014-07-29 22:31 - 2007-08-19 09:37 - 00028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe 2014-07-29 22:31 - 2006-03-14 11:48 - 00256512 ____N (MW Graphics) C:\Windows\SysWOW64\mwdlg.dll 2014-07-29 22:31 - 2004-05-14 11:13 - 00056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll 2014-07-29 22:31 - 2004-05-14 09:13 - 00027136 ____N (MW Graphics) C:\Windows\SysWOW64\mwacevb.dll 2014-07-29 22:31 - 2004-03-16 16:47 - 00049152 ____N (MW Graphics) C:\Windows\SysWOW64\mwddsvb.dll 2014-07-29 22:30 - 2014-07-29 22:30 - 00001686 _____ () C:\Users\Gordon\Desktop\RW Image Viewer.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00001656 _____ () C:\Users\Gordon\Desktop\RW_Tools.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RW_Tools 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Rail Utilities 2014-07-29 22:01 - 2014-07-29 22:01 - 05981830 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.1_win32-setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 14:19 - 2014-08-18 14:18 - 00029818 _____ () C:\Users\Gordon\Desktop\FRST.txt 2014-08-18 14:19 - 2014-08-18 14:18 - 00000000 ____D () C:\FRST 2014-08-18 14:18 - 2014-08-18 14:18 - 02101760 _____ (Farbar) C:\Users\Gordon\Desktop\FRST64.exe 2014-08-18 13:59 - 2012-02-01 08:20 - 01330510 _____ () C:\Windows\WindowsUpdate.log 2014-08-18 13:52 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-18 13:52 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-18 13:50 - 2014-08-18 13:50 - 00005983 _____ () C:\Users\Gordon\Desktop\AdwCleaner[s0].txt 2014-08-18 13:50 - 2014-03-31 10:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-18 13:45 - 2012-07-30 10:18 - 00000000 ___RD () C:\Users\Gordon\Dropbox 2014-08-18 13:45 - 2012-07-30 10:15 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Dropbox 2014-08-18 13:44 - 2012-12-06 13:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-18 13:44 - 2012-07-24 11:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-18 13:43 - 2012-07-24 11:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-18 13:43 - 2012-02-01 07:15 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-08-18 13:43 - 2012-02-01 07:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-08-18 13:43 - 2012-02-01 07:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-08-18 13:41 - 2014-08-18 12:06 - 00000112 _____ () C:\Windows\setupact.log 2014-08-18 13:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-18 13:40 - 2010-11-20 23:47 - 00632212 _____ () C:\Windows\PFRO.log 2014-08-18 13:23 - 2014-08-18 13:17 - 00000000 ____D () C:\AdwCleaner 2014-08-18 13:21 - 2012-04-13 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-18 13:17 - 2014-08-18 13:16 - 01361671 _____ () C:\Users\Gordon\Desktop\adwcleaner_3.307.exe 2014-08-18 11:12 - 2013-07-16 19:07 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-18 08:53 - 2014-08-18 08:53 - 00054948 _____ () C:\Users\Gordon\Desktop\zoek-results.txt 2014-08-18 08:45 - 2014-08-18 08:34 - 00054948 _____ () C:\zoek-results.log 2014-08-18 08:36 - 2014-08-18 08:31 - 00000000 ____D () C:\zoek_backup 2014-08-18 08:29 - 2014-08-18 08:29 - 00001902 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-08-18 08:29 - 2013-04-18 18:31 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-08-18 08:27 - 2014-08-18 08:27 - 01288704 _____ () C:\Users\Gordon\Desktop\zoek.exe 2014-08-18 08:19 - 2012-04-15 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Sunbird 2014-08-18 08:10 - 2009-07-14 01:13 - 00780436 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-18 06:01 - 2012-04-14 16:38 - 00000000 ____D () C:\Users\Gordon\AppData\Local\Adobe 2014-08-17 17:17 - 2013-05-21 14:16 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-08-17 11:55 - 2012-04-13 23:03 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\FileZilla 2014-08-17 11:18 - 2012-04-13 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-17 11:18 - 2012-04-13 23:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-17 10:54 - 2014-08-17 10:51 - 00000600 _____ () C:\Users\Gordon\AppData\Roaming\PUTTY.RND 2014-08-17 10:54 - 2014-07-30 11:35 - 00000600 _____ () C:\Users\Gordon\AppData\Local\PUTTY.RND 2014-08-17 10:31 - 2014-08-17 10:31 - 06052529 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.3_win32-setup.exe 2014-08-16 15:20 - 2012-07-30 10:18 - 00001036 _____ () C:\Users\Gordon\Desktop\Dropbox.lnk 2014-08-16 15:20 - 2012-07-30 10:16 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 22:23 - 2014-01-08 06:49 - 00000000 ____D () C:\Users\Gordon\Desktop\Camera Dump 2014-08-09 16:31 - 2014-08-09 16:30 - 06004615 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-07 07:09 - 2012-12-06 14:19 - 00000000 ____D () C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2014-08-04 08:16 - 2012-05-02 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\TempDump 2014-07-29 22:53 - 2014-07-29 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-29 22:53 - 2013-07-17 08:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-07-29 22:53 - 2012-02-01 06:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-29 22:52 - 2014-07-29 22:52 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-07-29 22:41 - 2014-07-29 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 22:30 - 2014-07-29 22:30 - 00001686 _____ () C:\Users\Gordon\Desktop\RW Image Viewer.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00001656 _____ () C:\Users\Gordon\Desktop\RW_Tools.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RW_Tools 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Rail Utilities 2014-07-29 22:01 - 2014-07-29 22:01 - 05981830 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-28 17:10 - 2011-09-23 23:19 - 00000000 ____D () C:\===HISTORY STUFF 2014-07-27 16:13 - 2013-09-26 12:15 - 00000132 _____ () C:\Users\Gordon\AppData\Roaming\Adobe Targa Format CS5 Prefs 2014-07-27 15:45 - 2014-05-18 10:51 - 00000000 ____D () C:\===GBD 2014-07-25 20:20 - 2012-04-13 17:00 - 00000000 ____D () C:\ProgramData\PCDr 2014-07-23 19:41 - 2009-07-14 00:45 - 05879568 _____ () C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\Gordon\CH-Trainer-Keys.dat Some content of TEMP: ==================== C:\Users\Gordon\AppData\Local\Temp\27b61758-b44d-4ef3-8667-5ae192dcfd2e.exe C:\Users\Gordon\AppData\Local\Temp\8f6529f8-7d89-4d75-8e97-1231dfa556df.exe C:\Users\Gordon\AppData\Local\Temp\AAMHelper.exe C:\Users\Gordon\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Gordon\AppData\Local\Temp\BackupSetup.exe C:\Users\Gordon\AppData\Local\Temp\bdfilters.dll C:\Users\Gordon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynwzds.dll C:\Users\Gordon\AppData\Local\Temp\ffmpeg15.exe C:\Users\Gordon\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Gordon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Gordon\AppData\Local\Temp\oi_{6AD70683-9210-4446-B155-35A246F920A5}.exe C:\Users\Gordon\AppData\Local\Temp\ppadsetup.exe C:\Users\Gordon\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe C:\Users\Gordon\AppData\Local\Temp\Quarantine.exe C:\Users\Gordon\AppData\Local\Temp\Retrieve.exe C:\Users\Gordon\AppData\Local\Temp\SCC.dll C:\Users\Gordon\AppData\Local\Temp\SHSetup.exe C:\Users\Gordon\AppData\Local\Temp\soxdec.exe C:\Users\Gordon\AppData\Local\Temp\TrainzPatchInstaller.exe C:\Users\Gordon\AppData\Local\Temp\_is1D77.exe C:\Users\Gordon\AppData\Local\Temp\_isEE2E.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 08:58 ==================== End Of Log ============================ Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01 Ran by Gordon (administrator) on CHARLIEBROWN on 18-08-2014 14:18:55 Running from C:\Users\Gordon\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe () C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\wbvista.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Carbonite, Inc.) C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (Western Digital) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Western Digital ) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (IObit) C:\Program Files (x86)\IObit\Smart Defrag 3\SmartDefrag.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe (SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE () C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Dropbox, Inc.) C:\Users\Gordon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncV1\CoreSync.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Stardock Corporation) C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6629480 2011-04-14] (Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [885760 2011-04-29] () HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [3825176 2012-11-13] (Safer-Networking Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2014-04-18] (Carbonite, Inc.) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X] Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-12] (SUPERAntiSpyware) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\Run: [CursorFX] => C:\Program Files (x86)\Stardock\CursorFX\CursorFX.exe [432784 2011-10-24] (Stardock Corporation) HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: F - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {4af0d826-8795-11e1-a4d4-848f69c65052} - "F:\WD SmartWare.exe" autoplay=true HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {4fbe6b53-8675-11e1-9856-848f69c65052} - E:\LaunchU3.exe -a HKU\S-1-5-21-1594991423-614250932-2423716824-1000\...\MountPoints2: {6161d1cf-cbd8-11e1-8bb2-848f69c65052} - "F:\WD SmartWare.exe" autoplay=true Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Gordon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll () ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Gordon\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Green -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Partial -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: Carbonite.Yellow -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE8MSE HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com SearchScopes: HKCU - {2A681AE8-57FA-4E7B-BD6D-B4D64FEF394C} URL = https://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie11 SearchScopes: HKCU - {36F8C66D-CBB2-48E9-8DBB-0BAECE7C7548} URL = https://www.flickr.com/search/?q={searchTerms} SearchScopes: HKCU - {654BF0E1-811E-4C0B-A0BE-F907E977FFCB} URL = https://delicious.com/search?p={searchTerms} BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: SDHelper -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default FF DefaultSearchEngine: Wikipedia (en) FF SelectedSearchEngine: Wikipedia (en) FF Homepage: hxxp://www.symbaloo.com/ FF Keyword.URL: user_pref("keyword.URL", ""); FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll () FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems) FF Extension: Weather Now - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\a000b6@wips.com [2014-05-10] FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\donottrackplus@abine.com [2014-07-12] FF Extension: MaskMe - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\idme@abine.com [2014-03-04] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\adblockpopups@jessehakanen.net.xpi [2012-12-06] FF Extension: Email Extractor - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\emailExtractor@penzil.com.xpi [2014-01-22] FF Extension: Myibidder (Myibay) Bid Sniper for eBay - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\firefox1@myibay.com.xpi [2012-07-13] FF Extension: Webmail Ad Blocker - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\gmailnoads@mywebber.com.xpi [2012-04-13] FF Extension: Greenhouse - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\jid1-IqdNyIAxnc724Q@jetpack.xpi [2014-07-24] FF Extension: Weather Watcher Live - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\weatherwatcherlive@singerscreations.com.xpi [2014-05-09] FF Extension: X-notifier - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi [2012-04-13] FF Extension: AniWeather - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013-10-26] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-04-16] FF Extension: Adblock Plus - C:\Users\Gordon\AppData\Roaming\Mozilla\Firefox\Profiles\bi0psi6h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-04-13] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-04-14] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com) S4 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [401920 2009-10-23] (Amazon.com) [File not signed] R2 Carbonite-Mirror-Image-Svc; C:\Program Files\Carbonite\Carbonite Mirror Image\CarboniteMirrorImage.exe [6443072 2013-04-18] (Carbonite, Inc.) S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [162816 2011-10-26] (Dell Products, LP.) [File not signed] R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [499200 2010-11-07] (Red Bend Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital ) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital) R2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital ) R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [869376 2010-11-07] (Intel® Corporation) [File not signed] R2 WindowBlinds; C:\Program Files (x86)\Stardock\Object Desktop\WindowBlinds\vistasrv.exe [337144 2009-06-04] (Stardock Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2012-12-21] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14920 2012-12-21] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2012-12-21] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2012-12-21] () S1 fanio; C:\Windows\SysWOW64\drivers\fanio.sys [14464 2007-02-16] (Christian Diefer) [File not signed] R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [69184 2011-09-05] (Fresco Logic) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-06] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () [File not signed] S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () [File not signed] R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.) R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2013-12-24] (IObit) S3 ALSysIO; \??\C:\Users\Gordon\AppData\Local\Temp\ALSysIO64.sys [X] S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 14:18 - 2014-08-18 14:19 - 00029818 _____ () C:\Users\Gordon\Desktop\FRST.txt 2014-08-18 14:18 - 2014-08-18 14:19 - 00000000 ____D () C:\FRST 2014-08-18 14:18 - 2014-08-18 14:18 - 02101760 _____ (Farbar) C:\Users\Gordon\Desktop\FRST64.exe 2014-08-18 13:50 - 2014-08-18 13:50 - 00005983 _____ () C:\Users\Gordon\Desktop\AdwCleaner[s0].txt 2014-08-18 13:17 - 2014-08-18 13:23 - 00000000 ____D () C:\AdwCleaner 2014-08-18 13:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-18 13:16 - 2014-08-18 13:17 - 01361671 _____ () C:\Users\Gordon\Desktop\adwcleaner_3.307.exe 2014-08-18 12:06 - 2014-08-18 13:41 - 00000112 _____ () C:\Windows\setupact.log 2014-08-18 08:53 - 2014-08-18 08:53 - 00054948 _____ () C:\Users\Gordon\Desktop\zoek-results.txt 2014-08-18 08:34 - 2014-08-18 08:45 - 00054948 _____ () C:\zoek-results.log 2014-08-18 08:31 - 2014-08-18 08:36 - 00000000 ____D () C:\zoek_backup 2014-08-18 08:29 - 2014-08-18 08:29 - 00001902 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-08-18 08:27 - 2014-08-18 08:27 - 01288704 _____ () C:\Users\Gordon\Desktop\zoek.exe 2014-08-17 10:51 - 2014-08-17 10:54 - 00000600 _____ () C:\Users\Gordon\AppData\Roaming\PUTTY.RND 2014-08-17 10:31 - 2014-08-17 10:31 - 06052529 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.3_win32-setup.exe 2014-08-09 16:30 - 2014-08-09 16:31 - 06004615 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\TempDump 2014-07-30 11:35 - 2014-08-17 10:54 - 00000600 _____ () C:\Users\Gordon\AppData\Local\PUTTY.RND 2014-07-29 22:53 - 2014-07-29 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-29 22:52 - 2014-07-29 22:52 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-07-29 22:41 - 2014-07-29 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 22:31 - 2009-03-10 23:25 - 00191488 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfx.dll 2014-07-29 22:31 - 2008-10-20 13:44 - 00237056 ____N (MW Publishing) C:\Windows\SysWOW64\mwgfx24.dll 2014-07-29 22:31 - 2008-09-05 08:32 - 00104960 ____N (MW Graphics) C:\Windows\SysWOW64\mwdds.dll 2014-07-29 22:31 - 2008-08-10 10:39 - 00053248 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxvb.dll 2014-07-29 22:31 - 2007-08-19 09:37 - 00028672 ____N (MW Graphics) C:\Windows\SysWOW64\mwgfxcopy.exe 2014-07-29 22:31 - 2006-03-14 11:48 - 00256512 ____N (MW Graphics) C:\Windows\SysWOW64\mwdlg.dll 2014-07-29 22:31 - 2004-05-14 11:13 - 00056832 ____N (MW Graphics) C:\Windows\SysWOW64\mwace.dll 2014-07-29 22:31 - 2004-05-14 09:13 - 00027136 ____N (MW Graphics) C:\Windows\SysWOW64\mwacevb.dll 2014-07-29 22:31 - 2004-03-16 16:47 - 00049152 ____N (MW Graphics) C:\Windows\SysWOW64\mwddsvb.dll 2014-07-29 22:30 - 2014-07-29 22:30 - 00001686 _____ () C:\Users\Gordon\Desktop\RW Image Viewer.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00001656 _____ () C:\Users\Gordon\Desktop\RW_Tools.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RW_Tools 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Rail Utilities 2014-07-29 22:01 - 2014-07-29 22:01 - 05981830 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.1_win32-setup.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-18 14:19 - 2014-08-18 14:18 - 00029818 _____ () C:\Users\Gordon\Desktop\FRST.txt 2014-08-18 14:19 - 2014-08-18 14:18 - 00000000 ____D () C:\FRST 2014-08-18 14:18 - 2014-08-18 14:18 - 02101760 _____ (Farbar) C:\Users\Gordon\Desktop\FRST64.exe 2014-08-18 13:59 - 2012-02-01 08:20 - 01330510 _____ () C:\Windows\WindowsUpdate.log 2014-08-18 13:52 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-18 13:52 - 2009-07-14 00:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-18 13:50 - 2014-08-18 13:50 - 00005983 _____ () C:\Users\Gordon\Desktop\AdwCleaner[s0].txt 2014-08-18 13:50 - 2014-03-31 10:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-18 13:45 - 2012-07-30 10:18 - 00000000 ___RD () C:\Users\Gordon\Dropbox 2014-08-18 13:45 - 2012-07-30 10:15 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Dropbox 2014-08-18 13:44 - 2012-12-06 13:27 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-08-18 13:44 - 2012-07-24 11:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-18 13:43 - 2012-07-24 11:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-18 13:43 - 2012-02-01 07:15 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-08-18 13:43 - 2012-02-01 07:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-08-18 13:43 - 2012-02-01 07:11 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-08-18 13:41 - 2014-08-18 12:06 - 00000112 _____ () C:\Windows\setupact.log 2014-08-18 13:41 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-18 13:40 - 2010-11-20 23:47 - 00632212 _____ () C:\Windows\PFRO.log 2014-08-18 13:23 - 2014-08-18 13:17 - 00000000 ____D () C:\AdwCleaner 2014-08-18 13:21 - 2012-04-13 17:29 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-18 13:17 - 2014-08-18 13:16 - 01361671 _____ () C:\Users\Gordon\Desktop\adwcleaner_3.307.exe 2014-08-18 11:12 - 2013-07-16 19:07 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-08-18 08:53 - 2014-08-18 08:53 - 00054948 _____ () C:\Users\Gordon\Desktop\zoek-results.txt 2014-08-18 08:45 - 2014-08-18 08:34 - 00054948 _____ () C:\zoek-results.log 2014-08-18 08:36 - 2014-08-18 08:31 - 00000000 ____D () C:\zoek_backup 2014-08-18 08:29 - 2014-08-18 08:29 - 00001902 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-08-18 08:29 - 2014-08-18 08:29 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-08-18 08:29 - 2013-04-18 18:31 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-08-18 08:27 - 2014-08-18 08:27 - 01288704 _____ () C:\Users\Gordon\Desktop\zoek.exe 2014-08-18 08:19 - 2012-04-15 10:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Sunbird 2014-08-18 08:10 - 2009-07-14 01:13 - 00780436 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-18 06:01 - 2012-04-14 16:38 - 00000000 ____D () C:\Users\Gordon\AppData\Local\Adobe 2014-08-17 17:17 - 2013-05-21 14:16 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask 2014-08-17 11:55 - 2012-04-13 23:03 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\FileZilla 2014-08-17 11:18 - 2012-04-13 23:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client 2014-08-17 11:18 - 2012-04-13 23:03 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client 2014-08-17 10:54 - 2014-08-17 10:51 - 00000600 _____ () C:\Users\Gordon\AppData\Roaming\PUTTY.RND 2014-08-17 10:54 - 2014-07-30 11:35 - 00000600 _____ () C:\Users\Gordon\AppData\Local\PUTTY.RND 2014-08-17 10:31 - 2014-08-17 10:31 - 06052529 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.3_win32-setup.exe 2014-08-16 15:20 - 2012-07-30 10:18 - 00001036 _____ () C:\Users\Gordon\Desktop\Dropbox.lnk 2014-08-16 15:20 - 2012-07-30 10:16 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-14 22:23 - 2014-01-08 06:49 - 00000000 ____D () C:\Users\Gordon\Desktop\Camera Dump 2014-08-09 16:31 - 2014-08-09 16:30 - 06004615 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.2_win32-setup.exe 2014-08-07 07:09 - 2012-12-06 14:19 - 00000000 ____D () C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP 2014-08-04 08:16 - 2012-05-02 15:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 14:30 - 2014-07-30 14:30 - 00000000 ____D () C:\TempDump 2014-07-29 22:53 - 2014-07-29 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-29 22:53 - 2013-07-17 08:52 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-07-29 22:53 - 2012-02-01 06:49 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-29 22:52 - 2014-07-29 22:52 - 00151552 _____ () C:\Windows\SysWOW64\nvRegDev.dll 2014-07-29 22:41 - 2014-07-29 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-29 22:30 - 2014-07-29 22:30 - 00001686 _____ () C:\Users\Gordon\Desktop\RW Image Viewer.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00001656 _____ () C:\Users\Gordon\Desktop\RW_Tools.lnk 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Users\Gordon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RW_Tools 2014-07-29 22:30 - 2014-07-29 22:30 - 00000000 ____D () C:\Rail Utilities 2014-07-29 22:01 - 2014-07-29 22:01 - 05981830 _____ (Tim Kosse) C:\Users\Gordon\Downloads\FileZilla_3.9.0.1_win32-setup.exe 2014-07-28 17:10 - 2011-09-23 23:19 - 00000000 ____D () C:\===HISTORY STUFF 2014-07-27 16:13 - 2013-09-26 12:15 - 00000132 _____ () C:\Users\Gordon\AppData\Roaming\Adobe Targa Format CS5 Prefs 2014-07-27 15:45 - 2014-05-18 10:51 - 00000000 ____D () C:\===GBD 2014-07-25 20:20 - 2012-04-13 17:00 - 00000000 ____D () C:\ProgramData\PCDr 2014-07-23 19:41 - 2009-07-14 00:45 - 05879568 _____ () C:\Windows\system32\FNTCACHE.DAT Files to move or delete: ==================== C:\Users\Gordon\CH-Trainer-Keys.dat Some content of TEMP: ==================== C:\Users\Gordon\AppData\Local\Temp\27b61758-b44d-4ef3-8667-5ae192dcfd2e.exe C:\Users\Gordon\AppData\Local\Temp\8f6529f8-7d89-4d75-8e97-1231dfa556df.exe C:\Users\Gordon\AppData\Local\Temp\AAMHelper.exe C:\Users\Gordon\AppData\Local\Temp\AdobeApplicationManager.exe C:\Users\Gordon\AppData\Local\Temp\BackupSetup.exe C:\Users\Gordon\AppData\Local\Temp\bdfilters.dll C:\Users\Gordon\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpynwzds.dll C:\Users\Gordon\AppData\Local\Temp\ffmpeg15.exe C:\Users\Gordon\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Gordon\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Gordon\AppData\Local\Temp\oi_{6AD70683-9210-4446-B155-35A246F920A5}.exe C:\Users\Gordon\AppData\Local\Temp\ppadsetup.exe C:\Users\Gordon\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe C:\Users\Gordon\AppData\Local\Temp\Quarantine.exe C:\Users\Gordon\AppData\Local\Temp\Retrieve.exe C:\Users\Gordon\AppData\Local\Temp\SCC.dll C:\Users\Gordon\AppData\Local\Temp\SHSetup.exe C:\Users\Gordon\AppData\Local\Temp\soxdec.exe C:\Users\Gordon\AppData\Local\Temp\TrainzPatchInstaller.exe C:\Users\Gordon\AppData\Local\Temp\_is1D77.exe C:\Users\Gordon\AppData\Local\Temp\_isEE2E.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 08:58 ==================== End Of Log ============================
  9. Well, I'm not a hundred percent sure the firewall is allowing full access. How can I tell? I *think* it is, but since I am not able to see the specific paths mentioned, I can't say for sure. That's why I am thinking perhaps I am just not looking in the right place to check? No problem going to other support, but I just want to make sure I have properly ruled out the simpler stuff before wasting more folks' time. Thanks!
  10. Hi daledoc1, Many thanks for your prompt reply. First things first… >>First, please be sure your system date/time are correct. They are correct. >>Then, please be sure that your AV and firewall both give MBAM full permissions. It's possible that your AV or firewall might be treating the new build as a new program and may be blocking it -- the files that need to be excluded can be found HERE. Please post back if you need help with that. I need some help here. I have the built-in Windows firewall. When I go to the settings through Control Panel, I do find a menu to “Allow programs to communicate through Windows Firewall.” MalwareBytes is listed and checked. I don’t see a place to add the paths listed in the link you provided for Windows 7. Is there another method I should be using? >>Also, please check to be sure there are no "Detected Threats" that need to be dealt with first, as this can prevent the program from updating: Click the "Scan" button at the top of the dashboard and verify that there are no detected threats (especially PUPs or PUMs) awaiting your actions. The scan did not turn up anything. I am going to wait on your reply as to the second item. If I rule that out, I would move down to the next suggestions. Again, many thanks!
  11. Greetings, I noticed that my MalwareBytes Premium stopped doing the scheduled scans and when I opened the dashboard discovered Real-Time Protection was off and it could not update the database due to being "Unable to Access Update Server." The "Update Now" link does nothing. I searched around this site and found one thread where the same problem was solved after a scan using Zoek. I performed that scan and am going to attach the result here. If any further info is needed, please let me know. I would greatly appreciate if someone could take a look at it and see if they can help me determine what the problem is and how to fix it. Thanks! zoek-results.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.