rogetsh2

Dear Kevin, I have done the steps above and the computer seems to be working great! The bleeping computer link came right up, with very little delay. It has just been miserably slow until now, in every respect. I will print out that page and go over it with him. I set his MBAM to Threat Scan every day. I thank you so much for your help. Case closed! Sincerely, Laura

Dear Kevin, Yes, my weekend has been great, thank you. I am quite blessed. Thank you so much for all the time and care you have devoted to this mess. My dad gets a LOT of malware, and I am really hoping that Premium MBAM will prevent this is the future, as I have been using it for years and have never had an issue, but I also haven't clicked every link on the internet. He only had the free version until lately. On my computer, in MBAM, if I go to History, I can sort the application logs by date/type/etc. I tried to do the same on his computer, under Quarantine, to see the most recent ones, but when I click the column header, it doesn't do anything. I do not have anything under Quarantine on my computer, so I can't try it, but it seems like it should sort them. That is kind of annoying me, but maybe that is just the way it is. The last reboot took three minutes. YAY, as you predicted! I think that is pretty good for his computer, since it is kind of old. In Task Manager, his cpu is down to 3-5%, and RAM 800MB, from ( cpu 30-100%, RAM 1-1.5 GB). Maybe the boogers are nearly cleaned out? Do we not care about the other things in Rogue Killer? I guess it is crying wolf? Please find the logs below: RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Roger [Administrator]Mode : Delete -- Date : 11/16/2014 14:44:56 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uglorpow -> Deleted[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uglorpow -> Deleted[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug -> Deleted[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\?etadpug -> Deleted[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Not selected [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.SearchPage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0) ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\Carbonite Upgrade Check -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> Deleted ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST3160812AS +++++--- User ---[MBR] 1399b4f86eee5621dcbc6604b7b7784b[bSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 MBUser = LL1 ... OKUser = LL2 ... OK ============================================RKreport_SCN_11162014_125849.log Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/16/2014Scan Time: 2:49:24 PMLogfile: mbam.txtAdministrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.16.05Rootkit Database: v2014.11.12.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Enabled OS: Windows Vista Service Pack 2CPU: x86File System: NTFSUser: Roger Scan Type: Threat ScanResult: CompletedObjects Scanned: 319007Time Elapsed: 21 min, 44 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Sat Nov 01 03:53:23 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 01 03:59:07 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sun Nov 16 15:49:18 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 16 15:55:53 2014 Return code: 0 (0x0)

Dear Kevin, Please find the GMER log attached. When Rogue Killer scan finished, it loaded a website about removing trojan zeroaccess Sirefef variant with Rogue Killer, but I did not do what it said to do. I do not know if I can post urls, but I will try, in case it could give you some insight. http://www.adlice.com/zeroaccess-removal-with-roguekiller/ Please find the text of Rogue Killer log below: RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Roger [Administrator]Mode : Scan -- Date : 11/16/2014 12:58:49 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 17 ¤¤¤[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uglorpow (\??\C:\Users\Roger\AppData\Local\Temp\uglorpow.sys) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uglorpow (\??\C:\Users\Roger\AppData\Local\Temp\uglorpow.sys) -> Found[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug ("C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\?ﯹ๛\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" <) -> Found[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\?etadpug ("C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\?ﯹ๛\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" <) -> Found[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.HomePage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Found [PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found [PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found [PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found ¤¤¤ Tasks : 1 ¤¤¤[suspicious.Path] \\Carbonite Upgrade Check -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> Found ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST3160812AS +++++--- User ---[MBR] 1399b4f86eee5621dcbc6604b7b7784b[bSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 MBUser = LL1 ... OKUser = LL2 ... OK I hope your weekend has been pleasant.Thank you,Lauraark.txt

Dear Kevin, Here are the requested files. ESET only found one thing. The computer is still stupid slow. My Dad wants to turn on his gadgets again. Is that wise? Thank you, Laura ESET SCAN.txt Fixlog.txt

Dear Kevin, Please find the logs you requested attached. Weirdly, as I was staring off into space, waiting for FRST, wondering about the first person to ever decide to raid a beehive, the computer we are trying to fix skipped one minute, twice, but is still 30 seconds behind my computer, more or less. It stayed on a certain time for more than one minute, and then skipped a minute to catch up, but didn't quite make it. Both computers are syncing with the same time server. Maybe it was just because FRST was scanning, but thought you should know. Hope the logs are full of good news. Thank you, Laura Addition.txt FRST.txt

Dear Kevin, When I first ran the Windows Repair Tool, it stopped on #19, saying that it tried to start 4 times and was unable to run. I tried to run it again, and Kaspersky piped up about a trojan w32 (I think), by which I think it meant Windows Repair Tool, and then Kaspersky started deleting stuff, so I stopped the repairs. After disabling Kaspersky, I unchecked 1-18 and ran tasks 19+, so I have a bit of a mess as far as logs. I hope that doesn't mean it didn't do what it needed to do, but if so, I can run it again. Please find the logs attached in 2 parts (I have omitted the log from the scan that I stopped, but I still have it). On reboot after Windows Repair Tool scan, mbam did not start with windows, though that setting was still checked in mbam. This boot took a very long time, maybe 10-15 minutes before I could reconnect with Team Viewer. Also on that same boot, windows security center said, and continues to say, that there is no av running, though kaspersky was running (started with windows) and all protections are enabled. Security center used to say that Kaspersky was doing antivirus. I hope that doesn't mean Kaspersky isn't working. I rebooted again to see if mbam would start with windows, and mbam did, but Kaspersky didn't that time. When I started Kaspersky manually, I got a message from UAC asking whether I wanted to allow it. It usually doesn't do that. I was unable to reboot it again to see if it would start on its own, because my Dad needed to use the computer. The computer seems to be running a little better, but it is hard to tell since I'm not sitting in front of it. I do not know how to know that more empirically than what I see in task manager. Do I need to run the Windows Repair again, start to finish, or do you have what you need? Thank you ever so much, Laura _Windows_Repair_Log.txt _Windows_Repair_Log.txt

Nothing detected by MBAM Threat scan /w rootkit scan. ADWCleaner log follows: # AdwCleaner v4.100 - Report created 08/11/2014 at 21:41:44 # DB v2014-11-07.1 # Updated 08/11/2014 by Xplode # Operating System : Windows Vista Home Basic Service Pack 2 (32 bits) # Username : Roger - ROGER-PC # Running from : C:\Users\Roger\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Program Files\Viewpoint ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes \AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup \Installed Components\{03F998B2-0E00-11D3-A498- 00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup \Installed Components\{1B00725B-C455-4DE6-BFB6- AD540AD427CD} Key Deleted : HKLM\SOFTWARE\MozillaPlugins \@viewpoint.com/VMP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00 -11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455 -4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6 -45E3-9182-3BC2664199F7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3 -49AD-8B9E-E82E48AE5DF6} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568 -4EFA-863B-B03A2B16EB5C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92 -47BC-920B-77BCDBDBCB6A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25- A70F-4373-95EF-3A1DB6040B3A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0- D65A-465C-B8EE-A5F8E008D6DF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C- 464C-4F29-BFB2-DE9C458535AE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6- 991C-4626-9E26-B12EB4D89C04} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8 -4885-9CCB-78FF483041AA} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78- 736E-4E8A-996C-4A80FC0396FB} Key Deleted : HKCU\Software\Microsoft\Internet Explorer \SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992} Key Deleted : HKCU\Software\Microsoft\Internet Explorer \SearchScopes\{B0858340-28FA-480A-BEB5-13A8B58D854B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer \SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer \SearchScopes\{9D4A53EC-0005-4263-BBA7-9DEF04D96ADA} Key Deleted : HKLM\SOFTWARE\MetaStream Key Deleted : HKLM\SOFTWARE\Viewpoint Key Deleted : HKLM\SOFTWARE\Microsoft\Windows \CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKCU\Software\Microsoft\Windows \CurrentVersion\App Management\ARPCache \ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT \CurrentVersion\Image File Execution Options \GoogleUpdate.exe ***** [ Browsers ] ***** -\\ Internet Explorer v9.0.8112.16584 -\\ Google Chrome v38.0.2125.111 [C:\Users\Roger\AppData\Local\Google\Chrome\User Data \Default\Web Data] - Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms} [C:\Users\Roger\AppData\Local\Google\Chrome\User Data \Default\Web Data] - Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms} ************************* AdwCleaner[R0].txt - [7281 octets] - [01/11/2014 00:11:46] AdwCleaner[R1].txt - [985 octets] - [01/11/2014 08:58:14] AdwCleaner[R2].txt - [3678 octets] - [08/11/2014 21:27:05] AdwCleaner[s0].txt - [7495 octets] - [01/11/2014 00:16:26] AdwCleaner[s1].txt - [1040 octets] - [01/11/2014 09:00:42] AdwCleaner[s2].txt - [3656 octets] - [08/11/2014 21:41:44] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [3716 octets] ########## On reboot after adwcleaner scan, a popup from viewpoint media player appeared. I did not click it. JRT deleted a few things, see log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows Vista Home Basic x86 Ran by Roger on Sat 11/08/2014 at 22:03:45.08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Program Files \produtools_manuals_2.1_b" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Scan was completed on Sat 11/08/2014 at 22:09:12.79 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Then I realized I hadn't run JRT as admin, so i repeated it, as admin. Nothing found. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.7 (11.08.2014:1) OS: Windows Vista Home Basic x86 Ran by Roger on Sat 11/08/2014 at 22:12:57.02 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ Scan was completed on Sat 11/08/2014 at 22:18:22.91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~ ESET Online found nothing. I did not scan archives, because your instructions did not say to check that box. While re-enabling AV protection after ESET scan, I realized that MBAM's scan schedule had been cleared. I am unsure whether that is normal, but I recreated the scheduled scans and updates. I might add that my father's first complaint was that his Windows Gadgets had stopped working. The sidebar loaded but each gadget was empty and said only "Service Unavailable." According to task manager, the sidebar was using 400mb ram, which seems like a lot, so I disabled it. If I knew how, I would remove it completely. I've told him before they're not safe. Anyway, 400mb seems like a lot. The machine seems to be fairly busily munching along on some instructions, though it is hard to gauge how it is doing over team viewer, because I can't hear it, and team viewer can be slow. Still, in task mgr, the cpu jumps wildly from 10-90% usage, ram 1.09 GB (out of 2), so I take it the computer is occupied, but I don't know why. I suspect bad magic. I do so thank you for your help, Laura

Dear Kevin, I was able to start ComboFix over TeamViewer, but could not see it, as after the blue screen popped up saying it was creating a restore point, it terminated the Teamviewer connection. On my end, TeamViewer indicated that TV was not running on his computer for about an hour, so I assume it was scanning and rebooting over that time. I am glad it worked with TV, at any rate. When I was able to reconnect to it, I was greeted by the ComboFix log. Please find ComboFix.txt attached. Thank you so much, Laura ComboFix.txt

Dear Kevin, I am unsure whether you are re-quoting the peer-to-peer warning because this computer has peer-to-peer programs, or just in case I missed it on the other page. I do not see any software I recognize as peer-to-peer in Control Panel>Add/Remove Programs. If you see that it does, I will gladly remove anything you indicate. I have attached the fixlog.txt. Before I run ComboFix, having read its warning page, I have a question. I am doing these fixes over remote desktop software, because my father lives five or six hours away. Can I run ComboFix by closing all programs EXCEPT Team Viewer, or do I need to stop Team Viewer and get someone who is physically there to run ComboFix? It will be several hours before I can continue, as I have to go to work, Thank you so much for your help, LH Fixlog.txt

Dear Sirs, I am trying to clean up my father's computer, remotely, and have encountered trojan.0access. This computer does have premium mbam, though before today, it was the free version, so no scheduled scans. I read in a 0access cleanup thread on this site that there are specific steps to be taken and that the trojan can persist. I have run several mbam (and eset online and adwcleaner) scans in the last 24 hours, removing 6-50 bad guys per scan, before mbam found 0access. The last mbam scan found no threats, but the computer is still dreadfully slow, compared to normal for this machine, and I do not think it is clean. I have read the 'I'm Infected' thread and am here posting the logs requested. Please advise as to how to remove this threat, and whether it is true that a 0access backdoor requires reformat/reinstallation of windows, or replacement of the computer. Many Thanks, LH >>>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014 Ran by Roger (administrator) on ROGER-PC on 01-11-2014 15:28:57Running from C:\Users\Roger\DownloadsLoaded Profile: Roger (Available profiles: Roger)Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\SLsvc.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE(McAfee, Inc.) C:\Windows\System32\mfevtps.exe(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe(SigmaTel, Inc.) C:\Windows\sttray.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Windows\System32\wuauclt.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolsoftware.exe(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolupdates.exe(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\waol.exe(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\shellmon.exe(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)HKLM\...\Run: [brMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.)HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupHKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitHKLM\...\Run: [iSUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)HKLM\...\Run: [sigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-26] (Google Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7a\AOL.EXE [72296 2014-08-19] (AOL Inc.)HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Policies\Explorer: [HideSCAHealth] 1Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnkShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.comHKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}SearchScopes: HKLM - {9D4A53EC-0005-4263-BBA7-9DEF04D96ADA} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieSearchScopes: HKCU - DefaultScope {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieSearchScopes: HKCU - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111203&iesrc={referrer:source}SearchScopes: HKCU - {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ieBHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtensionFF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.comFF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.comFF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.comFF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-20]FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-20]FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No FileCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()CHR Plugin: (Norton Confidential) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No FileCHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No FileCHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Profile: C:\Users\Roger\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-19]CHR Extension: (Kaspersky URL Advisor) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-20]CHR Extension: (Safe Money) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-09-20]CHR Extension: (Virtual Keyboard) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-09-20]CHR Extension: (Kaspersky Protection) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-06-08]CHR Extension: (Google Wallet) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]CHR Extension: (Anti-Banner) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-09-20]CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-08-18] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-24] (SUPERAntiSpyware.com) [File not signed]R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-01-15] (Apple, Inc.) [File not signed]R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2013-09-20] (McAfee, Inc.)S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\???\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-20] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-20] (Kaspersky Lab ZAO)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-01] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [127992 2012-07-17] (McAfee, Inc.)R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2013-09-20] (McAfee, Inc.)R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-07-17] (McAfee, Inc.)R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]S3 catchme; \??\C:\ComboFix\catchme.sys [X]S3 IpInIp; system32\DRIVERS\ipinip.sys [X]U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 15:28 - 2014-11-01 15:29 - 00023130 _____ () C:\Users\Roger\Downloads\FRST.txt2014-11-01 15:28 - 2014-11-01 15:29 - 00000000 ____D () C:\FRST2014-11-01 15:27 - 2014-11-01 15:27 - 00180829 _____ () C:\Users\Roger\Downloads\2DE2.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00163877 _____ () C:\Users\Roger\Downloads\2DC0.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00150485 _____ () C:\Users\Roger\Downloads\2F21.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00129050 _____ () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.html2014-11-01 15:27 - 2014-11-01 15:27 - 00127639 _____ () C:\Users\Roger\Downloads\2DF3.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00113588 _____ () C:\Users\Roger\Downloads\2DB0.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00079618 _____ () C:\Users\Roger\Downloads\2E04.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00056879 _____ () C:\Users\Roger\Downloads\2DAF.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00045223 _____ () C:\Users\Roger\Downloads\2E67.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00030267 _____ () C:\Users\Roger\Downloads\2E24.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00025421 _____ () C:\Users\Roger\Downloads\2DD1.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00012576 _____ () C:\Users\Roger\Downloads\2E36.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00009336 _____ () C:\Users\Roger\Downloads\2EA9.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00008051 _____ () C:\Users\Roger\Downloads\2E78.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007306 _____ () C:\Users\Roger\Downloads\2E35.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F54.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F43.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F42.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F31.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F01.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00006287 _____ () C:\Users\Roger\Downloads\2E88.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00005869 _____ () C:\Users\Roger\Downloads\2E57.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00004077 _____ () C:\Users\Roger\Downloads\2EBA.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00004071 _____ () C:\Users\Roger\Downloads\2EEF.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00003017 _____ () C:\Users\Roger\Downloads\2EDE.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002923 _____ () C:\Users\Roger\Downloads\2F00.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002715 _____ () C:\Users\Roger\Downloads\2E25.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00002207 _____ () C:\Users\Roger\Downloads\2DE1.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00001201 _____ () C:\Users\Roger\Downloads\2ECD.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00001042 _____ () C:\Users\Roger\Downloads\3040.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000729 _____ () C:\Users\Roger\Downloads\2ECC.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000558 _____ () C:\Users\Roger\Downloads\2EBB.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000225 _____ () C:\Users\Roger\Downloads\2EDD.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000203 _____ () C:\Users\Roger\Downloads\2F55.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000129 _____ () C:\Users\Roger\Downloads\2EAA.tmp2014-11-01 15:27 - 2014-11-01 15:27 - 00000000 ____D () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum_files2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\ProgramData\Viewpoint2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\Program Files\Viewpoint2014-11-01 13:26 - 2014-11-01 13:37 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7a2014-11-01 13:15 - 2014-11-01 13:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Roger\Downloads\mbam_premium.exe2014-11-01 11:35 - 2014-11-01 11:35 - 01105920 _____ (Farbar) C:\Users\Roger\Downloads\FRST.exe2014-11-01 11:33 - 2014-11-01 11:34 - 14670424 _____ () C:\Users\Roger\Downloads\RogueKiller.exe2014-11-01 11:27 - 2014-11-01 11:28 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Roger\Downloads\tdsskiller.exe2014-11-01 05:16 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-11-01 05:16 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-11-01 05:16 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-11-01 05:16 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-11-01 05:15 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-11-01 05:15 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-11-01 05:15 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-11-01 04:58 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-11-01 04:35 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-11-01 04:22 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-01 03:18 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-01 03:18 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys2014-11-01 02:23 - 2014-08-23 18:23 - 00068878 _____ () C:\Users\Roger\Downloads\Favorite Placesbak20140823.pfc2014-11-01 01:34 - 2014-11-01 01:35 - 04977216 _____ (Piriform Ltd) C:\Users\Roger\Downloads\ccsetup419.exe2014-11-01 01:11 - 2014-11-01 10:00 - 00000000 ____D () C:\AdwCleaner2014-11-01 00:05 - 2014-10-18 10:54 - 01976320 _____ () C:\Users\Roger\Desktop\adwcleaner_4.000.exe2014-10-31 18:03 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-10-31 18:03 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll2014-10-31 18:03 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll2014-10-31 18:03 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-31 18:03 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-10-31 18:03 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-10-31 18:03 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll2014-10-31 18:03 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-10-31 18:03 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll2014-10-31 18:03 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys2014-10-31 18:03 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-10-31 18:03 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll2014-10-31 18:03 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys2014-10-31 18:03 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys2014-10-31 18:03 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll2014-10-31 18:03 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll2014-10-31 18:03 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-10-31 18:03 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll2014-10-31 18:03 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-10-31 18:03 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-31 18:03 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-31 18:03 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll2014-10-31 18:02 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-31 18:02 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-31 18:02 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-31 18:02 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-31 18:02 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-31 18:02 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-31 18:02 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-31 18:02 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-31 18:02 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-31 18:02 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-31 18:02 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-31 18:02 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-31 18:02 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-31 18:02 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-31 18:02 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-31 18:02 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-31 18:01 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys2014-10-31 18:01 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll2014-10-31 18:01 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-10-31 18:01 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-10-31 18:01 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-10-31 18:01 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-10-31 18:01 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-10-31 18:01 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-10-31 18:01 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-10-31 18:00 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-10-31 18:00 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll2014-10-31 18:00 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL2014-10-31 18:00 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll2014-10-31 18:00 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx2014-10-31 18:00 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll2014-10-31 18:00 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL2014-10-31 18:00 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF2014-10-31 18:00 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe2014-10-31 18:00 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe2014-10-31 18:00 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll2014-10-31 18:00 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL2014-10-31 18:00 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll2014-10-31 18:00 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll2014-10-31 18:00 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys2014-10-31 18:00 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys2014-10-31 18:00 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys2014-10-31 18:00 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2014-10-31 18:00 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2014-10-31 17:58 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll2014-10-31 16:53 - 2014-11-01 15:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-10-31 16:52 - 2014-11-01 09:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-10-31 16:52 - 2014-10-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-10-31 16:52 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-10-31 16:52 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-10-31 16:09 - 2014-10-31 16:09 - 00002181 _____ () C:\Users\Roger\Downloads\TrainingWithDrDavidEifrig.ics2014-10-31 13:57 - 2014-10-31 13:57 - 00000000 _____ () C:\Windows\EEventManager.INI2014-10-30 13:56 - 2014-10-30 13:56 - 00554554 _____ () C:\Users\Roger\Documents\CoverLetter-IndBroadway.zip2014-10-30 13:56 - 2014-10-30 13:56 - 00000000 ____D () C:\Users\Roger\Documents\CoverLetter-IndBroadway2014-10-27 21:06 - 2014-10-27 21:07 - 05279866 _____ () C:\Users\Roger\Documents\IMG_0520.mov2014-10-24 10:36 - 2014-10-24 10:36 - 00251599 _____ () C:\Users\Roger\Documents\DSCN1264.zip2014-10-24 10:36 - 2014-10-24 10:36 - 00000000 ____D () C:\Users\Roger\Documents\DSCN12642014-10-23 16:50 - 2014-10-23 16:50 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Leadertech2014-10-23 16:46 - 2014-11-01 14:46 - 00000917 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job2014-10-23 16:46 - 2014-11-01 14:46 - 00000731 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job2014-10-23 16:46 - 2014-10-23 16:46 - 00000000 ____D () C:\Program Files\Common Files\EPSON2014-10-23 16:44 - 2014-10-23 16:44 - 00000159 _____ () C:\Users\Public\Desktop\Epson WF-3640 User’s Guide.url2014-10-23 16:43 - 2014-10-30 13:43 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Epson2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\Program Files\EPSON Software2014-10-23 16:41 - 2014-10-23 16:41 - 00000000 ____D () C:\Program Files\EpsonNet2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll2014-10-23 16:39 - 2014-10-23 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON2014-10-23 16:39 - 2014-10-23 16:44 - 00000000 ____D () C:\Program Files\epson2014-10-23 16:39 - 2014-10-23 16:39 - 00000767 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk2014-10-23 16:39 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll2014-10-23 16:39 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe2014-10-23 16:39 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\system32\twaindsm.dll2014-10-23 16:36 - 2013-10-22 04:04 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLMBKDE.DLL2014-10-23 16:36 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BKDE.DLL2014-10-23 16:36 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL2014-10-23 16:35 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\EPSON2014-10-23 16:33 - 2014-10-23 16:50 - 00000081 _____ () C:\Windows\WF-3640.ini2014-10-22 17:00 - 2014-10-22 17:00 - 00031744 _____ () C:\Users\Roger\Documents\DIRADRS-updatedOct2014.xls2014-10-16 18:03 - 2014-10-16 18:03 - 00000000 _____ () C:\Users\Roger\Downloads\Minecraft_exe.jht790q.partial2014-10-10 22:26 - 2014-10-10 22:26 - 01422871 _____ () C:\Users\Roger\Downloads\October Adens2014-10-10 16:10 - 2014-10-10 16:11 - 00000000 ____D () C:\Users\Roger\Documents\MTGNOTIC_Oct20142014-10-10 16:10 - 2014-10-10 16:10 - 00038714 _____ () C:\Users\Roger\Documents\MTGNOTIC_Oct2014.zip ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 15:23 - 2013-09-20 21:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-11-01 15:23 - 2012-10-11 07:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-01 14:57 - 2012-05-25 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-01 14:07 - 2013-09-20 08:21 - 01222376 _____ () C:\Windows\WindowsUpdate.log2014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A02014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A02014-11-01 13:35 - 2011-07-12 10:57 - 00092990 _____ () C:\install.log2014-11-01 13:34 - 2013-10-14 21:44 - 00000805 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk2014-11-01 13:34 - 2013-10-14 21:44 - 00000749 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk2014-11-01 13:34 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\AOL2014-11-01 13:34 - 2007-05-22 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL2014-11-01 13:33 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aol2014-11-01 13:28 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Local\AOL2014-11-01 13:26 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aolshare2014-11-01 13:26 - 2007-05-22 20:38 - 00000000 ____D () C:\ProgramData\AOL2014-11-01 10:09 - 2006-11-02 06:33 - 00707604 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-01 10:03 - 2014-02-13 06:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job2014-11-01 10:03 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-01 10:02 - 2013-09-20 08:17 - 00013086 _____ () C:\Windows\PFRO.log2014-11-01 10:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\SchCache2014-11-01 10:01 - 2006-11-02 08:58 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-11-01 06:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache2014-11-01 06:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET2014-11-01 05:53 - 2006-11-02 08:44 - 00427712 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-01 03:59 - 2013-08-15 03:11 - 00000000 ____D () C:\Windows\system32\MRT2014-10-31 16:52 - 2013-08-21 15:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Malwarebytes2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-10-28 06:35 - 2009-10-03 01:44 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-27 17:35 - 2012-10-11 07:13 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-23 16:46 - 2013-09-21 18:17 - 00003228 _____ () C:\Windows\setupact.log2014-10-23 16:43 - 2007-05-16 03:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information2014-10-23 16:40 - 2007-05-22 18:21 - 00000000 ____D () C:\Users\Roger2014-10-23 16:39 - 2006-11-02 08:35 - 00000000 ____D () C:\Windows\twain_322014-10-13 07:29 - 2012-11-06 23:11 - 00000000 ____D () C:\Users\Roger\AppData\Local\CrashDumps2014-10-03 10:03 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exeZeroAccess:C:\Users\Roger\AppData\Local\Google\Desktop\InstallZeroAccess:C:\Program Files\Google\Desktop\Install Some content of TEMP:====================C:\Users\Roger\AppData\Local\Temp\AcsInstall.dllC:\Users\Roger\AppData\Local\Temp\Quarantine.exeC:\Users\Roger\AppData\Local\Temp\SHFOLDER.DLLC:\Users\Roger\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signedC:\Windows\system32\winlogon.exe => File is digitally signedC:\Windows\system32\wininit.exe => File is digitally signedC:\Windows\system32\svchost.exe => File is digitally signedC:\Windows\system32\services.exe => File is digitally signedC:\Windows\system32\User32.dll => File is digitally signedC:\Windows\system32\userinit.exe => File is digitally signedC:\Windows\system32\rpcss.dll => File is digitally signedC:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-01 10:09 ==================== End Of Log ============================ >>>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014 Ran by Roger at 2014-11-01 15:31:03Running from C:\Users\Roger\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11 - Innovative Solutions)AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - )AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}) (Version: 1.1.3.26 - Apple Inc.)Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)Brother MFL-Pro Suite MFC-490CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version: - )CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.20 - BVRP Software, Inc)Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)Epson Event Manager (HKLM\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.42.00 - SEIKO EPSON CORPORATION)Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)Epson WF-3640 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )FileOpen Client Installer (HKLM\...\{39468292-5D68-4E93-9E09-5D9D5CA00E7A}) (Version: 3.0.6.878 - FileOpen Systems, Inc.)Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.3.1.518 - Foxit Software Company)Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.25.5 - Google Inc.) HiddenIntel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) HiddenMalwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)Software Updater (HKLM\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)Sonic Activation Module (Version: 1.0 - Sonic Solutions) HiddenswMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenTeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{22A04790-1951-4514-AF1D-BC94B8B63C70}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\MessageProtocolX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{392777B8-79C3-4E1B-8CA2-DB2F9AD4DF37}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\TaskManagerX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4218E1B5-2288-4189-807C-6CFA4C8C629B}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\EventLoggingX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{790ACEF7-453A-4713-99C8-8D09A9B60186}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\CommandLineX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{96F86545-7514-4F4A-98F7-E26B36A9C50A}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\RegistryEditorX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{B8AAE7B6-87D4-4A2A-87E8-E4CAEF111E6D}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LiveConnectRelayX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{DC249AB2-0964-41F7-945F-AFC7039D7BA9}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\FileManagerX.dll (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F13EEFC9-D471-4824-8D54-8FA9F4FF587F}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\DesktopThumbnailX.ocx (Kaseya International Limited)CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F6389D10-3244-4375-808A-1DFBC16317AE}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LocalUsersGroupsX.dll (Kaseya International Limited) ==================== Restore Points ========================= 23-10-2014 02:30:47 Scheduled Checkpoint23-10-2014 20:36:36 Device Driver Package Install: EPSON Printers23-10-2014 20:39:54 Device Driver Package Install: EPSON Imaging devices23-10-2014 20:40:34 Installed EpsonNet Print23-10-2014 20:42:51 Installed FAX Utility25-10-2014 04:00:04 Scheduled Checkpoint26-10-2014 04:00:03 Scheduled Checkpoint27-10-2014 04:00:05 Scheduled Checkpoint28-10-2014 04:00:05 Scheduled Checkpoint29-10-2014 04:00:05 Scheduled Checkpoint30-10-2014 04:00:04 Scheduled Checkpoint31-10-2014 04:00:04 Scheduled Checkpoint01-11-2014 07:03:29 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2006-11-02 06:23 - 2011-12-03 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {01FE05B7-25E9-40FC-9B68-FA17F941F2EE} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exeTask: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMMTask: {347167BF-0C97-4610-ABC8-F005DF21F481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {364405BE-ADD2-4741-9CE3-F599D5F2363E} - System32\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {54E37598-CBA3-447E-B0D2-B386E9D0BB86} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UITask: {7BAE8880-8351-4C00-818D-4FFA16A0F589} - System32\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)Task: {88E3E3DF-C1B1-4C14-ACD1-EADA186FEB28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPagesTask: {A629AA1D-8564-4F43-AEEF-16903D5DBE11} - System32\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXETask: C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXETask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2007-06-07 11:06 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL2012-08-17 21:39 - 2013-09-20 22:03 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7a\zlib.dll2014-08-19 14:34 - 2014-08-19 14:34 - 21151232 _____ () C:\Program Files\AOL Desktop 9.7a\libcef.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7a\libglesv2.dll2014-08-19 14:34 - 2014-08-19 14:34 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7a\libegl.dll2014-10-27 17:35 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-27 17:34 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\Roger\Documents\Carsofthe50'sand60's-2-12.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartupMSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"MSCONFIG\startupreg: dsentu => "C:\Windows\System32\rundll32.exe" "C:\Users\Roger\AppData\Roaming\dsentu.dll",OptimizeMSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exeMSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupMSCONFIG\startupreg: pcwauy => C:\Users\Roger\pcwauy.exe /wMSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottimeMSCONFIG\startupreg: rymuxhuxxick => C:\Users\Roger\rymuxhuxxick.exeMSCONFIG\startupreg: suftattipmih => C:\Users\Roger\suftattipmih.exeMSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeMSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: sylsuwafepuj => C:\Users\Roger\sylsuwafepuj.exeMSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hideMSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe ========================= Accounts: ========================== Administrator (S-1-5-21-192517801-774707061-2340149944-500 - Administrator - Disabled)Guest (S-1-5-21-192517801-774707061-2340149944-501 - Limited - Disabled)Roger (S-1-5-21-192517801-774707061-2340149944-1000 - Administrator - Enabled) => C:\Users\Roger ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Transactions.Bridge.Dtc, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 03:58:41 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (11/01/2014 03:58:39 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (10/31/2014 11:09:52 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:50:38 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:37:08 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:28:48 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c System errors:=============Error: (11/01/2014 10:05:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86 Error: (11/01/2014 10:03:20 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 10:03:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: SASKUTIL Error: (11/01/2014 10:03:17 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 10:01:05 AM) (Source: LSM) (EventID: 1048) (User: )Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.. Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: IPsec Policy AgentBase Filtering Engine%%1290 Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Base Filtering Engine%%1290 Error: (11/01/2014 09:54:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Security Center%%1314 Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: Windows FirewallBase Filtering Engine%%1290 Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Base Filtering Engine%%1290 Microsoft Office Sessions:=========================Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Transactions.Bridge.Dtc, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 05:54:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.. Error: (11/01/2014 03:58:41 AM) (Source: Perflib) (EventID: 1008) (User: )Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4 Error: (11/01/2014 03:58:39 AM) (Source: Perflib) (EventID: 1010) (User: )Description: EmdCacheC:\Windows\system32\emdmgmt.dll4 Error: (10/31/2014 11:09:52 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:50:38 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:37:08 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c Error: (10/31/2014 10:28:48 PM) (Source: EventSystem) (EventID: 4609) (User: )Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c CodeIntegrity Errors:=================================== Date: 2014-11-01 15:30:23.015 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:22.574 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:21.999 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:30:21.468 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:38.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.930 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.477 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:37.028 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:35.775 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system. Date: 2014-11-01 15:29:35.336 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Pentium® D CPU 3.00GHzPercentage of memory in use: 69%Total physical RAM: 2045.21 MBAvailable physical RAM: 628.52 MBTotal Pagefile: 4323.69 MBAvailable Pagefile: 2023.97 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1881.93 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:138.96 GB) (Free:68.08 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:6.33 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 48000000)Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)Partition 3: (Active) - (Size=139 GB) - (Type=07 NTFS) ==================== End Of Log ============================