rogetsh2

November 17, 2014

Dear Kevin,

I have done the steps above and the computer seems to be working great! The bleeping computer link came right up, with very little delay. It has just been miserably slow until now, in every respect. I will print out that page and go over it with him. I set his MBAM to Threat Scan every day. I thank you so much for your help. Case closed!

Sincerely,

Laura

November 16, 2014

Dear Kevin,

Yes, my weekend has been great, thank you. I am quite blessed.

Thank you so much for all the time and care you have devoted to this mess. My dad gets a LOT of malware, and I am really hoping that Premium MBAM will prevent this is the future, as I have been using it for years and have never had an issue, but I also haven't clicked every link on the internet. He only had the free version until lately.

On my computer, in MBAM, if I go to History, I can sort the application logs by date/type/etc. I tried to do the same on his computer, under Quarantine, to see the most recent ones, but when I click the column header, it doesn't do anything. I do not have anything under Quarantine on my computer, so I can't try it, but it seems like it should sort them. That is kind of annoying me, but maybe that is just the way it is.

The last reboot took three minutes. YAY, as you predicted! I think that is pretty good for his computer, since it is kind of old. In Task Manager, his cpu is down to 3-5%, and RAM 800MB, from ( cpu 30-100%, RAM 1-1.5 GB). Maybe the boogers are nearly cleaned out? Do we not care about the other things in Rogue Killer? I guess it is crying wolf?

Please find the logs below:

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Roger [Administrator]

Mode : Delete -- Date : 11/16/2014 14:44:56

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤

[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Replaced (explorer.exe)

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uglorpow -> Deleted

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uglorpow -> Deleted

[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug -> Deleted

[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\?etadpug -> Deleted

[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected

[PUM.HomePage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Not selected

[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected

[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected

[PUM.SearchPage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected

[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Not selected

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Replaced (0)

¤¤¤ Tasks : 1 ¤¤¤

[suspicious.Path] \\Carbonite Upgrade Check -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> Deleted

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] 1399b4f86eee5621dcbc6604b7b7784b

[bSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB

2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 MB

User = LL1 ... OK

User = LL2 ... OK

============================================

RKreport_SCN_11162014_125849.log

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/16/2014

Scan Time: 2:49:24 PM

Logfile: mbam.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.16.05

Rootkit Database: v2014.11.12.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows Vista Service Pack 2

CPU: x86

File System: NTFS

User: Roger

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 319007

Time Elapsed: 21 min, 44 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)

Started On Sat Nov 01 03:53:23 2014

Engine: 1.1.11005.0

Signatures: 1.185.2035.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 01 03:59:07 2014

Return code: 0 (0x0)

---------------------------------------------------------------------------------------

Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)

Started On Sun Nov 16 15:49:18 2014

Engine: 1.1.11104.0

Signatures: 1.187.1116.0

Results Summary:

----------------

No infection found.

Microsoft Windows Malicious Software Removal Tool Finished On Sun Nov 16 15:55:53 2014

Return code: 0 (0x0)

November 16, 2014

Dear Kevin,

Please find the GMER log attached.

When Rogue Killer scan finished, it loaded a website about removing trojan zeroaccess Sirefef variant with Rogue Killer, but I did not do what it said to do. I do not know if I can post urls, but I will try, in case it could give you some insight. http://www.adlice.com/zeroaccess-removal-with-roguekiller/

Please find the text of Rogue Killer log below:

RogueKiller V10.0.6.0 [Nov 13 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version

Started in : Normal mode

User : Roger [Administrator]

Mode : Scan -- Date : 11/16/2014 12:58:49

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 17 ¤¤¤

[Hj.RegVal] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows NT\CurrentVersion\Winlogon | Shell : cmd.exe /k start cmd.exe -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uglorpow (\??\C:\Users\Roger\AppData\Local\Temp\uglorpow.sys) -> Found

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uglorpow (\??\C:\Users\Roger\AppData\Local\Temp\uglorpow.sys) -> Found

[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\?etadpug ("C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\?ﯹ๛\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" <) -> Found

[ZeroAccess] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\?etadpug ("C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\?ﯹ๛\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" <) -> Found

[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.aol.com -> Found

[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found

[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\RK_Software_ON_D_1CB6\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] HKEY_USERS\S-1-5-21-192517801-774707061-2340149944-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {645FF040-5081-101B-9F08-00AA002F954E} : 1 -> Found

¤¤¤ Tasks : 1 ¤¤¤

[suspicious.Path] \\Carbonite Upgrade Check -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" /silent -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤

[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] 1399b4f86eee5621dcbc6604b7b7784b

[bSP] 12363dafc8b1110c9583683a9ba0f769 : HP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 112640 | Size: 10240 MB

2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 21084160 | Size: 142291 MB

User = LL1 ... OK

User = LL2 ... OK

I hope your weekend has been pleasant.

Thank you,

Laura

ark.txt

November 13, 2014

Dear Kevin,

Here are the requested files. ESET only found one thing. The computer is still stupid slow. My Dad wants to turn on his gadgets again. Is that wise?

Thank you,

Laura

ESET SCAN.txt

Fixlog.txt

November 11, 2014

Dear Kevin,

Please find the logs you requested attached.

Weirdly, as I was staring off into space, waiting for FRST, wondering about the first person to ever decide to raid a beehive, the computer we are trying to fix skipped one minute, twice, but is still 30 seconds behind my computer, more or less. It stayed on a certain time for more than one minute, and then skipped a minute to catch up, but didn't quite make it. Both computers are syncing with the same time server. Maybe it was just because FRST was scanning, but thought you should know. Hope the logs are full of good news.

Thank you,

Laura

Addition.txt

FRST.txt

November 10, 2014

Dear Kevin,

When I first ran the Windows Repair Tool, it stopped on #19, saying that it tried to start 4 times and was unable to run. I tried to run it again, and Kaspersky piped up about a trojan w32 (I think), by which I think it meant Windows Repair Tool, and then Kaspersky started deleting stuff, so I stopped the repairs. After disabling Kaspersky, I unchecked 1-18 and ran tasks 19+, so I have a bit of a mess as far as logs. I hope that doesn't mean it didn't do what it needed to do, but if so, I can run it again. Please find the logs attached in 2 parts (I have omitted the log from the scan that I stopped, but I still have it).

On reboot after Windows Repair Tool scan, mbam did not start with windows, though that setting was still checked in mbam. This boot took a very long time, maybe 10-15 minutes before I could reconnect with Team Viewer. Also on that same boot, windows security center said, and continues to say, that there is no av running, though kaspersky was running (started with windows) and all protections are enabled. Security center used to say that Kaspersky was doing antivirus. I hope that doesn't mean Kaspersky isn't working.

I rebooted again to see if mbam would start with windows, and mbam did, but Kaspersky didn't that time. When I started Kaspersky manually, I got a message from UAC asking whether I wanted to allow it. It usually doesn't do that. I was unable to reboot it again to see if it would start on its own, because my Dad needed to use the computer.

The computer seems to be running a little better, but it is hard to tell since I'm not sitting in front of it. I do not know how to know that more empirically than what I see in task manager.

Do I need to run the Windows Repair again, start to finish, or do you have what you need?

Thank you ever so much,

Laura

_Windows_Repair_Log.txt

November 9, 2014

Nothing detected by MBAM Threat scan /w rootkit scan.

ADWCleaner log follows:

# AdwCleaner v4.100 - Report created 08/11/2014 at

21:41:44

# DB v2014-11-07.1

# Updated 08/11/2014 by Xplode

# Operating System : Windows Vista Home Basic

Service Pack 2 (32 bits)

# Username : Roger - ROGER-PC

# Running from : C:\Users\Roger\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Viewpoint

Folder Deleted : C:\Program Files\Viewpoint

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes

\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup

\Installed Components\{03F998B2-0E00-11D3-A498-

00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup

\Installed Components\{1B00725B-C455-4DE6-BFB6-

AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins

\@viewpoint.com/VMP

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00

-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455

-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13086CD4-88B6

-45E3-9182-3BC2664199F7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1FCD7139-C2A3

-49AD-8B9E-E82E48AE5DF6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{319FCB76-1568

-4EFA-863B-B03A2B16EB5C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4796719D-2B92

-47BC-920B-77BCDBDBCB6A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64A66B25-

A70F-4373-95EF-3A1DB6040B3A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FC5F7E0-

D65A-465C-B8EE-A5F8E008D6DF}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{731D436C-

464C-4F29-BFB2-DE9C458535AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C89C8A6-

991C-4626-9E26-B12EB4D89C04}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEF00686-CAB8

-4885-9CCB-78FF483041AA}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDA55C78-

736E-4E8A-996C-4A80FC0396FB}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer

\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer

\SearchScopes\{B0858340-28FA-480A-BEB5-13A8B58D854B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{597b1823-7ff0-4cd3-8095-9d8cba514992}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer

\SearchScopes\{9D4A53EC-0005-4263-BBA7-9DEF04D96ADA}

Key Deleted : HKLM\SOFTWARE\MetaStream

Key Deleted : HKLM\SOFTWARE\Viewpoint

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows

\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKCU\Software\Microsoft\Windows

\CurrentVersion\App Management\ARPCache

\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT

\CurrentVersion\Image File Execution Options

\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16584

-\\ Google Chrome v38.0.2125.111

[C:\Users\Roger\AppData\Local\Google\Chrome\User Data

\Default\Web Data] - Deleted [search Provider] :

hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Users\Roger\AppData\Local\Google\Chrome\User Data

\Default\Web Data] - Deleted [search Provider] :

hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [7281 octets] - [01/11/2014

00:11:46]

AdwCleaner[R1].txt - [985 octets] - [01/11/2014 08:58:14]

AdwCleaner[R2].txt - [3678 octets] - [08/11/2014

21:27:05]

AdwCleaner[s0].txt - [7495 octets] - [01/11/2014

00:16:26]

AdwCleaner[s1].txt - [1040 octets] - [01/11/2014

09:00:42]

AdwCleaner[s2].txt - [3656 octets] - [08/11/2014

21:41:44]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [3716

octets] ##########

On reboot after adwcleaner scan, a popup from viewpoint

media player appeared. I did not click it.

JRT deleted a few things, see log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.7 (11.08.2014:1)

OS: Windows Vista Home Basic x86

Ran by Roger on Sat 11/08/2014 at 22:03:45.08

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"

Successfully deleted: [Folder] "C:\Program Files

\produtools_manuals_2.1_b"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

Scan was completed on Sat 11/08/2014 at 22:09:12.79

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

Then I realized I hadn't run JRT as admin, so i repeated

it, as admin. Nothing found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.7 (11.08.2014:1)

OS: Windows Vista Home Basic x86

Ran by Roger on Sat 11/08/2014 at 22:12:57.02

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

Scan was completed on Sat 11/08/2014 at 22:18:22.91

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~

ESET Online found nothing. I did not scan archives,

because your instructions did not say to check that box.

While re-enabling AV protection after ESET scan, I

realized that MBAM's scan schedule had been cleared. I am

unsure whether that is normal, but I recreated the

scheduled scans and updates.

I might add that my father's first complaint was that his Windows Gadgets had stopped working. The sidebar loaded but each gadget was empty and said only "Service Unavailable." According to task manager, the sidebar was using 400mb ram, which seems like a lot, so I disabled it. If I knew how, I would remove it completely. I've told him before they're not safe. Anyway, 400mb seems like a lot.

The machine seems to be fairly busily munching along on some instructions, though it is hard to gauge how it is

doing over team viewer, because I can't hear it, and team viewer can be slow. Still, in task mgr, the cpu jumps

wildly from 10-90% usage, ram 1.09 GB (out of 2), so I take it the computer is occupied, but I don't know why. I suspect bad magic.

I do so thank you for your help,

Laura

November 6, 2014

Dear Kevin,

I was able to start ComboFix over TeamViewer, but could not see it, as after the blue screen popped up saying it was creating a restore point, it terminated the Teamviewer connection. On my end, TeamViewer indicated that TV was not running on his computer for about an hour, so I assume it was scanning and rebooting over that time. I am glad it worked with TV, at any rate. When I was able to reconnect to it, I was greeted by the ComboFix log.

Please find ComboFix.txt attached.

Thank you so much,

Laura

ComboFix.txt

November 3, 2014

Dear Kevin,

I am unsure whether you are re-quoting the peer-to-peer warning because this computer has peer-to-peer programs, or just in case I missed it on the other page. I do not see any software I recognize as peer-to-peer in Control Panel>Add/Remove Programs. If you see that it does, I will gladly remove anything you indicate.

I have attached the fixlog.txt.

Before I run ComboFix, having read its warning page, I have a question. I am doing these fixes over remote desktop software, because my father lives five or six hours away. Can I run ComboFix by closing all programs EXCEPT Team Viewer, or do I need to stop Team Viewer and get someone who is physically there to run ComboFix?

It will be several hours before I can continue, as I have to go to work,

Thank you so much for your help,

LH

Fixlog.txt

November 1, 2014

Dear Sirs,

I am trying to clean up my father's computer, remotely, and have encountered trojan.0access. This computer does have premium mbam, though before today, it was the free version, so no scheduled scans. I read in a 0access cleanup thread on this site that there are specific steps to be taken and that the trojan can persist. I have run several mbam (and eset online and adwcleaner) scans in the last 24 hours, removing 6-50 bad guys per scan, before mbam found 0access. The last mbam scan found no threats, but the computer is still dreadfully slow, compared to normal for this machine, and I do not think it is clean. I have read the 'I'm Infected' thread and am here posting the logs requested. Please advise as to how to remove this threat, and whether it is true that a 0access backdoor requires reformat/reinstallation of windows, or replacement of the computer.

Many Thanks,

LH

>>>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-11-2014

Ran by Roger (administrator) on ROGER-PC on 01-11-2014 15:28:57

Running from C:\Users\Roger\Downloads

Loaded Profile: Roger (Available profiles: Roger)

Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: English (United States)

Internet Explorer Version 9

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

(Apple, Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe

(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\tv_w32.exe

(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

(Nuance Communications, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\Event Manager\EEventManager.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files\EPSON Software\FAX Utility\FUFAXSTM.exe

(SigmaTel, Inc.) C:\Windows\sttray.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(AOL Inc.) C:\Program Files\Common Files\aol\acs\AOLacsd.exe

(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolsoftware.exe

(AOL Inc.) C:\Program Files\Common Files\aol\1179885413\ee\aolupdates.exe

(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\waol.exe

(AOL Inc.) C:\Program Files\AOL Desktop 9.7a\shellmon.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Desktop.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [151552 2006-09-29] (Intel Corporation)

HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)

HKLM\...\Run: [sSBkgdUpdate] => C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)

HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [29984 2007-10-11] (Nuance Communications, Inc.)

HKLM\...\Run: [indexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [46368 2007-10-11] (Nuance Communications, Inc.)

HKLM\...\Run: [PPort11reminder] => C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [328992 2007-08-31] (Nuance Communications, Inc.)

HKLM\...\Run: [brMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1085440 2008-05-29] (Brother Industries, Ltd.)

HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [86016 2007-12-21] (Brother Industries, Ltd.)

HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

HKLM\...\Run: [iSUSPM Startup] => c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)

HKLM\...\Run: [HostManager] => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)

HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXRCV] => C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [503392 2013-06-25] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [FUFAXSTM] => C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [863840 2013-06-25] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [sigmatelSysTrayApp] => C:\Windows\sttray.exe [303104 2007-02-08] (SigmaTel, Inc.)

HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-01-26] (Google Inc.)

HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Run: [AOL Fast Start] => C:\Program Files\AOL Desktop 9.7a\AOL.EXE [72296 2014-08-19] (AOL Inc.)

HKU\S-1-5-21-192517801-774707061-2340149944-1000\...\Policies\Explorer: [HideSCAHealth] 1

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com

HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}

SearchScopes: HKLM - {9D4A53EC-0005-4263-BBA7-9DEF04D96ADA} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie

SearchScopes: HKCU - DefaultScope {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie

SearchScopes: HKCU - {597b1823-7ff0-4cd3-8095-9d8cba514992} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm003YYus&ptb=47EFD228-B441-428B-B365-2992C2B68D60&psa=&ind=2011092519&ptnrS=XNxdm003YYus&si=CPe5-9rFuasCFYw32godfBDLhQ&st=sb&n=77ded627&searchfor={searchTerms}

SearchScopes: HKCU - {9B97950D-482C-1D79-568F-FC7B9D40C785} URL = http://www.bing.com/search?q={searchTerms}&pc=Z192&form=ZGAIDF&install_date=20111203&iesrc={referrer:source}

SearchScopes: HKCU - {B0858340-28FA-480A-BEB5-13A8B58D854B} URL = http://search.aol.com/aol/search?q={searchTerms}&s_it=clireset-ie

BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)

BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @viewpoint.com/VMP -> C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-11]

FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com

FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-09-20]

FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com

FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-09-20]

FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com

FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-09-20]

FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com

FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-09-20]

FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com

FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-09-20]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll ()

CHR Plugin: (Norton Confidential) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll No File

CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File

CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Profile: C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-19]

CHR Extension: (Kaspersky URL Advisor) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-09-20]

CHR Extension: (Safe Money) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-09-20]

CHR Extension: (Virtual Keyboard) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-09-20]

CHR Extension: (Kaspersky Protection) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh [2014-06-08]

CHR Extension: (Google Wallet) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-20]

CHR Extension: (Anti-Banner) - C:\Users\Roger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-09-20]

CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]

CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]

CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]

CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]

CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-08-18]

CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2011-08-24] (SUPERAntiSpyware.com) [File not signed]

R2 AOL ACS; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [46184 2014-02-06] (AOL Inc.)

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [110592 2008-01-15] (Apple, Inc.) [File not signed]

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-14] (Kaspersky Lab ZAO)

S3 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [70656 2006-11-07] () [File not signed]

R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [577088 2013-09-20] (SEIKO EPSON CORPORATION)

R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)

R2 IAANTMON; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [81920 2006-09-29] (Intel Corporation) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [167344 2013-09-20] (McAfee, Inc.)

S3 RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [880640 2006-11-05] (Sonic Solutions) [File not signed]

R2 RoxWatch9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [159744 2006-11-05] (Sonic Solutions) [File not signed]

S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]

S2 *etadpug; "C:\Program Files\Google\Desktop\Install\{c39078c0-a917-82ef-3e50-f6c6256a5159}\ \...\???\{c39078c0-a917-82ef-3e50-f6c6256a5159}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 DSproct; C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [4736 2006-10-05] (Gteko Ltd.) [File not signed]

R2 dsunidrv; C:\Program Files\DellSupport\Drivers\dsunidrv.sys [7424 2006-08-17] (Gteko Ltd.) [File not signed]

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-12-10] (Kaspersky Lab ZAO)

R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [597600 2014-05-19] (Kaspersky Lab ZAO)

R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-12-10] (Kaspersky Lab ZAO)

R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)

R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-14] (Kaspersky Lab ZAO)

R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-09-20] (Kaspersky Lab ZAO)

R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-09-20] (Kaspersky Lab ZAO)

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-10-01] (Malwarebytes Corporation)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-11-01] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)

S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [127992 2012-07-17] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565352 2013-09-20] (McAfee, Inc.)

R1 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [206784 2012-07-17] (McAfee, Inc.)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]

R3 STHDA; C:\Windows\System32\drivers\stwrt.sys [647680 2007-02-08] (SigmaTel, Inc.)

R3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)

S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74848 2014-05-19] (Kaspersky Lab ZAO)

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 15:28 - 2014-11-01 15:29 - 00023130 _____ () C:\Users\Roger\Downloads\FRST.txt

2014-11-01 15:28 - 2014-11-01 15:29 - 00000000 ____D () C:\FRST

2014-11-01 15:27 - 2014-11-01 15:27 - 00180829 _____ () C:\Users\Roger\Downloads\2DE2.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00163877 _____ () C:\Users\Roger\Downloads\2DC0.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00150485 _____ () C:\Users\Roger\Downloads\2F21.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00129050 _____ () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum.html

2014-11-01 15:27 - 2014-11-01 15:27 - 00127639 _____ () C:\Users\Roger\Downloads\2DF3.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00113588 _____ () C:\Users\Roger\Downloads\2DB0.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00079618 _____ () C:\Users\Roger\Downloads\2E04.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00056879 _____ () C:\Users\Roger\Downloads\2DAF.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00045223 _____ () C:\Users\Roger\Downloads\2E67.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00030267 _____ () C:\Users\Roger\Downloads\2E24.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00025421 _____ () C:\Users\Roger\Downloads\2DD1.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00012576 _____ () C:\Users\Roger\Downloads\2E36.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00009336 _____ () C:\Users\Roger\Downloads\2EA9.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00008051 _____ () C:\Users\Roger\Downloads\2E78.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007306 _____ () C:\Users\Roger\Downloads\2E35.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F54.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F43.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F42.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F31.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00007145 _____ () C:\Users\Roger\Downloads\2F01.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00006287 _____ () C:\Users\Roger\Downloads\2E88.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00005869 _____ () C:\Users\Roger\Downloads\2E57.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00004077 _____ () C:\Users\Roger\Downloads\2EBA.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00004071 _____ () C:\Users\Roger\Downloads\2EEF.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00003017 _____ () C:\Users\Roger\Downloads\2EDE.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00002923 _____ () C:\Users\Roger\Downloads\2F00.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00002715 _____ () C:\Users\Roger\Downloads\2E25.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00002207 _____ () C:\Users\Roger\Downloads\2DE1.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00001201 _____ () C:\Users\Roger\Downloads\2ECD.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00001042 _____ () C:\Users\Roger\Downloads\3040.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000729 _____ () C:\Users\Roger\Downloads\2ECC.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000558 _____ () C:\Users\Roger\Downloads\2EBB.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000225 _____ () C:\Users\Roger\Downloads\2EDD.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000203 _____ () C:\Users\Roger\Downloads\2F55.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000129 _____ () C:\Users\Roger\Downloads\2EAA.tmp

2014-11-01 15:27 - 2014-11-01 15:27 - 00000000 ____D () C:\Users\Roger\Downloads\I'm infected - What do I do now - Malware Removal Help - Malwarebytes Forum_files

2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\ProgramData\Viewpoint

2014-11-01 13:33 - 2014-11-01 13:33 - 00000000 ____D () C:\Program Files\Viewpoint

2014-11-01 13:26 - 2014-11-01 13:37 - 00000000 ____D () C:\Program Files\AOL Desktop 9.7a

2014-11-01 13:15 - 2014-11-01 13:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Roger\Downloads\mbam_premium.exe

2014-11-01 11:35 - 2014-11-01 11:35 - 01105920 _____ (Farbar) C:\Users\Roger\Downloads\FRST.exe

2014-11-01 11:33 - 2014-11-01 11:34 - 14670424 _____ () C:\Users\Roger\Downloads\RogueKiller.exe

2014-11-01 11:27 - 2014-11-01 11:28 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Roger\Downloads\tdsskiller.exe

2014-11-01 05:16 - 2014-06-26 18:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-11-01 05:16 - 2014-06-26 18:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-11-01 05:16 - 2014-06-26 18:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-11-01 05:16 - 2014-06-06 00:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-11-01 05:15 - 2014-06-15 18:18 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-11-01 05:15 - 2014-06-13 14:22 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-11-01 05:15 - 2014-06-13 14:22 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-11-01 04:58 - 2014-09-09 02:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-11-01 04:35 - 2014-08-22 21:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-11-01 04:22 - 2014-09-27 19:29 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-01 03:18 - 2014-09-16 12:56 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-01 03:18 - 2014-09-04 19:27 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys

2014-11-01 02:23 - 2014-08-23 18:23 - 00068878 _____ () C:\Users\Roger\Downloads\Favorite Placesbak20140823.pfc

2014-11-01 01:34 - 2014-11-01 01:35 - 04977216 _____ (Piriform Ltd) C:\Users\Roger\Downloads\ccsetup419.exe

2014-11-01 01:11 - 2014-11-01 10:00 - 00000000 ____D () C:\AdwCleaner

2014-11-01 00:05 - 2014-10-18 10:54 - 01976320 _____ () C:\Users\Roger\Desktop\adwcleaner_4.000.exe

2014-10-31 18:03 - 2014-06-13 20:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-10-31 18:03 - 2014-06-13 20:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll

2014-10-31 18:03 - 2014-06-06 04:59 - 00506880 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll

2014-10-31 18:03 - 2014-06-02 06:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-31 18:03 - 2014-06-02 06:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-10-31 18:03 - 2014-06-02 06:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-10-31 18:03 - 2014-06-02 06:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-10-31 18:03 - 2014-06-02 04:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-10-31 18:03 - 2014-04-26 12:01 - 00502784 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2014-10-31 18:03 - 2014-04-04 22:42 - 00905664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-10-31 18:03 - 2014-03-25 09:26 - 11587584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-10-31 18:03 - 2013-10-29 22:12 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll

2014-10-31 18:03 - 2013-10-29 21:43 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys

2014-10-31 18:03 - 2013-10-29 20:43 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys

2014-10-31 18:03 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll

2014-10-31 18:03 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll

2014-10-31 18:03 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll

2014-10-31 18:03 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll

2014-10-31 18:03 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-10-31 18:03 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll

2014-10-31 18:03 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-10-31 18:03 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2014-10-31 18:03 - 2013-08-26 21:28 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2014-10-31 18:03 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll

2014-10-31 18:02 - 2014-09-19 18:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-31 18:02 - 2014-09-19 18:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-31 18:02 - 2014-09-19 18:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-31 18:02 - 2014-09-19 18:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-31 18:02 - 2014-09-19 18:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-31 18:02 - 2014-09-19 18:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-31 18:02 - 2014-09-19 18:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-10-31 18:02 - 2014-09-19 18:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-31 18:02 - 2014-09-19 18:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-31 18:02 - 2014-09-19 18:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-31 18:02 - 2014-09-19 18:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-10-31 18:02 - 2014-09-19 18:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-31 18:02 - 2014-09-19 18:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-31 18:02 - 2014-09-19 18:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-10-31 18:02 - 2014-09-19 18:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-31 18:02 - 2014-09-19 18:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-31 18:02 - 2014-09-19 18:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-31 18:02 - 2014-09-19 18:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-31 18:02 - 2014-09-19 18:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-10-31 18:02 - 2014-09-19 18:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-10-31 18:02 - 2014-09-19 18:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-31 18:01 - 2014-05-30 02:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2014-10-31 18:01 - 2014-03-09 21:22 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll

2014-10-31 18:01 - 2014-03-09 21:22 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-10-31 18:01 - 2013-06-28 22:07 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys

2014-10-31 18:01 - 2013-06-28 22:07 - 00197632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys

2014-10-31 18:01 - 2013-06-28 22:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys

2014-10-31 18:01 - 2013-06-28 22:06 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys

2014-10-31 18:01 - 2011-05-05 09:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys

2014-10-31 18:01 - 2011-05-05 09:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys

2014-10-31 18:00 - 2014-02-05 21:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-10-31 18:00 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll

2014-10-31 18:00 - 2013-10-10 22:08 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2014-10-31 18:00 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll

2014-10-31 18:00 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx

2014-10-31 18:00 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll

2014-10-31 18:00 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2014-10-31 18:00 - 2013-10-10 20:39 - 00218228 _____ () C:\Windows\system32\WFP.TMF

2014-10-31 18:00 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe

2014-10-31 18:00 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe

2014-10-31 18:00 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2014-10-31 18:00 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL

2014-10-31 18:00 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

2014-10-31 18:00 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll

2014-10-31 18:00 - 2013-07-02 22:33 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys

2014-10-31 18:00 - 2013-07-02 22:10 - 00025472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys

2014-10-31 18:00 - 2013-06-26 19:01 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys

2014-10-31 18:00 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll

2014-10-31 18:00 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll

2014-10-31 17:58 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll

2014-10-31 16:53 - 2014-11-01 15:24 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-31 16:52 - 2014-11-01 09:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-10-31 16:52 - 2014-10-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-31 16:52 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-31 16:52 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-31 16:09 - 2014-10-31 16:09 - 00002181 _____ () C:\Users\Roger\Downloads\TrainingWithDrDavidEifrig.ics

2014-10-31 13:57 - 2014-10-31 13:57 - 00000000 _____ () C:\Windows\EEventManager.INI

2014-10-30 13:56 - 2014-10-30 13:56 - 00554554 _____ () C:\Users\Roger\Documents\CoverLetter-IndBroadway.zip

2014-10-30 13:56 - 2014-10-30 13:56 - 00000000 ____D () C:\Users\Roger\Documents\CoverLetter-IndBroadway

2014-10-27 21:06 - 2014-10-27 21:07 - 05279866 _____ () C:\Users\Roger\Documents\IMG_0520.mov

2014-10-24 10:36 - 2014-10-24 10:36 - 00251599 _____ () C:\Users\Roger\Documents\DSCN1264.zip

2014-10-24 10:36 - 2014-10-24 10:36 - 00000000 ____D () C:\Users\Roger\Documents\DSCN1264

2014-10-23 16:50 - 2014-10-23 16:50 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Leadertech

2014-10-23 16:46 - 2014-11-01 14:46 - 00000917 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job

2014-10-23 16:46 - 2014-11-01 14:46 - 00000731 _____ () C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job

2014-10-23 16:46 - 2014-10-23 16:46 - 00000000 ____D () C:\Program Files\Common Files\EPSON

2014-10-23 16:44 - 2014-10-23 16:44 - 00000159 _____ () C:\Users\Public\Desktop\Epson WF-3640 User’s Guide.url

2014-10-23 16:43 - 2014-10-30 13:43 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Epson

2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software

2014-10-23 16:41 - 2014-10-23 16:43 - 00000000 ____D () C:\Program Files\EPSON Software

2014-10-23 16:41 - 2014-10-23 16:41 - 00000000 ____D () C:\Program Files\EpsonNet

2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppui.dll

2014-10-23 16:41 - 2012-11-12 20:41 - 00458310 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppui.dll

2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\ensppmon.dll

2014-10-23 16:41 - 2012-11-12 15:15 - 00476027 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enppmon.dll

2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enspres.dll

2014-10-23 16:41 - 2012-10-22 17:19 - 00218112 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\enpres.dll

2014-10-23 16:39 - 2014-10-23 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2014-10-23 16:39 - 2014-10-23 16:44 - 00000000 ____D () C:\Program Files\epson

2014-10-23 16:39 - 2014-10-23 16:39 - 00000767 _____ () C:\Users\Public\Desktop\EPSON Scan.lnk

2014-10-23 16:39 - 2012-07-24 00:00 - 00342016 _____ (Seiko Epson Corporation) C:\Windows\system32\esw2ud.dll

2014-10-23 16:39 - 2012-05-17 00:00 - 00126128 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc.exe

2014-10-23 16:39 - 2010-11-22 13:27 - 00147472 _____ (TWAIN Working Group) C:\Windows\system32\twaindsm.dll

2014-10-23 16:36 - 2013-10-22 04:04 - 00142848 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TLMBKDE.DLL

2014-10-23 16:36 - 2011-03-15 03:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_TD4BKDE.DLL

2014-10-23 16:36 - 2007-04-10 01:06 - 00008192 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_DCINST.DLL

2014-10-23 16:35 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\EPSON

2014-10-23 16:33 - 2014-10-23 16:50 - 00000081 _____ () C:\Windows\WF-3640.ini

2014-10-22 17:00 - 2014-10-22 17:00 - 00031744 _____ () C:\Users\Roger\Documents\DIRADRS-updatedOct2014.xls

2014-10-16 18:03 - 2014-10-16 18:03 - 00000000 _____ () C:\Users\Roger\Downloads\Minecraft_exe.jht790q.partial

2014-10-10 22:26 - 2014-10-10 22:26 - 01422871 _____ () C:\Users\Roger\Downloads\October Adens

2014-10-10 16:10 - 2014-10-10 16:11 - 00000000 ____D () C:\Users\Roger\Documents\MTGNOTIC_Oct2014

2014-10-10 16:10 - 2014-10-10 16:10 - 00038714 _____ () C:\Users\Roger\Documents\MTGNOTIC_Oct2014.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-01 15:23 - 2013-09-20 21:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab

2014-11-01 15:23 - 2012-10-11 07:13 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-01 14:57 - 2012-05-25 20:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-01 14:07 - 2013-09-20 08:21 - 01222376 _____ () C:\Windows\WindowsUpdate.log

2014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2014-11-01 14:03 - 2006-11-02 08:45 - 00003552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2014-11-01 13:35 - 2011-07-12 10:57 - 00092990 _____ () C:\install.log

2014-11-01 13:34 - 2013-10-14 21:44 - 00000805 _____ () C:\Users\Public\Desktop\AOL Desktop 9.7.lnk

2014-11-01 13:34 - 2013-10-14 21:44 - 00000749 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\AOL Desktop 9.7.lnk

2014-11-01 13:34 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\AOL

2014-11-01 13:34 - 2007-05-22 20:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOL

2014-11-01 13:33 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aol

2014-11-01 13:28 - 2007-05-22 20:40 - 00000000 ____D () C:\Users\Roger\AppData\Local\AOL

2014-11-01 13:26 - 2007-05-22 21:56 - 00000000 ____D () C:\Program Files\Common Files\aolshare

2014-11-01 13:26 - 2007-05-22 20:38 - 00000000 ____D () C:\ProgramData\AOL

2014-11-01 10:09 - 2006-11-02 06:33 - 00707604 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-01 10:03 - 2014-02-13 06:03 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job

2014-11-01 10:03 - 2006-11-02 08:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-01 10:02 - 2013-09-20 08:17 - 00013086 _____ () C:\Windows\PFRO.log

2014-11-01 10:02 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\SchCache

2014-11-01 10:01 - 2006-11-02 08:58 - 00032626 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-11-01 06:17 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\rescache

2014-11-01 06:16 - 2006-11-02 07:18 - 00000000 ____D () C:\Windows\Microsoft.NET

2014-11-01 05:53 - 2006-11-02 08:44 - 00427712 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-01 03:59 - 2013-08-15 03:11 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-31 16:52 - 2013-08-21 15:49 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware

2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\Users\Roger\AppData\Roaming\Malwarebytes

2014-10-31 16:52 - 2012-01-03 22:23 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-28 06:35 - 2009-10-03 01:44 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-27 17:35 - 2012-10-11 07:13 - 00001933 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-10-23 16:46 - 2013-09-21 18:17 - 00003228 _____ () C:\Windows\setupact.log

2014-10-23 16:43 - 2007-05-16 03:30 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

2014-10-23 16:40 - 2007-05-22 18:21 - 00000000 ____D () C:\Users\Roger

2014-10-23 16:39 - 2006-11-02 08:35 - 00000000 ____D () C:\Windows\twain_32

2014-10-13 07:29 - 2012-11-06 23:11 - 00000000 ____D () C:\Users\Roger\AppData\Local\CrashDumps

2014-10-03 10:03 - 2006-11-02 06:24 - 100290944 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe

ZeroAccess:

C:\Users\Roger\AppData\Local\Google\Desktop\Install

ZeroAccess:

C:\Program Files\Google\Desktop\Install

Some content of TEMP:

====================

C:\Users\Roger\AppData\Local\Temp\AcsInstall.dll

C:\Users\Roger\AppData\Local\Temp\Quarantine.exe

C:\Users\Roger\AppData\Local\Temp\SHFOLDER.DLL

C:\Users\Roger\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-01 10:09

==================== End Of Log ============================

>>>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-11-2014

Ran by Roger at 2014-11-01 15:31:03

Running from C:\Users\Roger\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.4.634 - Adobe Systems, Inc.)

Advanced Uninstaller PRO - Version 11 (HKLM\...\AU11_is1) (Version: 11 - Innovative Solutions)

AOL Install (HKLM\...\{2357B8BC-88C9-4A72-818C-050CC4EB0778}) (Version: 1.0.0 - America Online, Inc)

AOL Mail and AIM Gadget (HKLM\...\{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}) (Version: 1.0.0 - AOL LLC)

AOL Toolbar (HKLM\...\AOL Toolbar) (Version: - )

AOL Uninstaller (Choose which Products to Remove) (HKLM\...\AOL Uninstaller) (Version: - AOL Inc.)

Apple Application Support (HKLM\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}) (Version: 1.1.3.26 - Apple Inc.)

Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)

Brother MFL-Pro Suite MFC-490CW (HKLM\...\{D9461574-5FC0-4641-BBDC-D1038B196F55}) (Version: 1.1.5.0 - Brother Industries, Ltd.)

Canon MP Navigator 2.2 (HKLM\...\MP Navigator 2.2) (Version: - )

Canon MP530 (HKLM\...\{3215EBED-1D06-42fb-A05C-A752A46FB24C}) (Version: - )

Canon MP530 User Registration (HKLM\...\Canon MP530 User Registration) (Version: - )

CCleaner (HKLM\...\CCleaner) (Version: 3.12 - Piriform)

Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )

Corel Paint Shop Pro Photo XI (HKLM\...\{93A1B09E-BAFA-4628-A5B6-921CB026955A}) (Version: 11.003.0000 - Corel Inc)

Corel Snapfire Plus (HKLM\...\{7ADE3A47-B425-45E9-8FF6-11BE2B775645}) (Version: 1.003.0000 - Corel)

Dell Support Center (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.0.07311 - Dell)

Dell System Customization Wizard (HKLM\...\{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}) (Version: 1.00.0000 - Dell Inc.)

DellSupport (HKLM\...\{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}) (Version: 6.0.3030 - Dell)

Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.20 - BVRP Software, Inc)

Documentation & Support Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)

EPSON Connect version 1.0 (HKLM\...\EPSON Connect_is1) (Version: 1.0 - Epson America Inc.)

Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.6.3.0 - SEIKO EPSON CORPORATION)

Epson Event Manager (HKLM\...\{116DBCAF-9544-4592-9156-AC99F6C2D426}) (Version: 3.10.0016 - Seiko Epson Corporation)

Epson FAX Utility (HKLM\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.42.00 - SEIKO EPSON CORPORATION)

Epson PC-FAX Driver (HKLM\...\EPSON PC-FAX Driver 2) (Version: - )

EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)

EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation)

Epson WF-3640 User’s Guide version 1.0 (HKLM\...\UsersGuideEpson WF-3640 User’s Guide_is1) (Version: 1.0 - )

EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)

ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version: - )

FileOpen Client Installer (HKLM\...\{39468292-5D68-4E93-9E09-5D9D5CA00E7A}) (Version: 3.0.6.878 - FileOpen Systems, Inc.)

Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.3.1.518 - Foxit Software Company)

Games, Music, & Photos Launcher (HKLM\...\{3E25E350-949F-4DB7-8288-2A60E018B4C1}) (Version: 1.00.0000 - Dell Inc.)

Google Chrome (HKLM\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

Google Earth (HKLM\...\{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}) (Version: 6.2.1.6014 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden

Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - )

Internet Service Offers Launcher (HKLM\...\{CCFF1E13-77A2-4032-8B12-7566982A27DF}) (Version: 1.00.0000 - Dell Inc.)

Java SE Runtime Environment 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160000}) (Version: 1.6.0.0 - Sun Microsystems, Inc.)

Kaspersky Internet Security 2013 (HKLM\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)

Kaspersky Internet Security 2013 (Version: 13.0.1.4190 - Kaspersky Lab) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office Word Viewer 2003 (HKLM\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)

Modem Diagnostic Tool (HKLM\...\{F63A3748-B93D-4360-9AD4-B064481A5C7B}) (Version: 1.0.17.8 - Dell)

MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.41 - BVRP Software, Inc)

NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)

PaperPort Image Printer (HKLM\...\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}) (Version: 1.00.0000 - Nuance Communications, Inc.)

PowerDVD (HKLM\...\{281ECE39-F043-492B-8337-F2E546B5604A}) (Version: 7.0 - Dell)

QuickTime (HKLM\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)

Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)

Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)

Roxio Creator BDAV Plugin (HKLM\...\{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}) (Version: 3.3.0 - Roxio)

Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)

Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)

Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)

Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)

Roxio Drag-to-Disc (HKLM\...\{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}) (Version: 9.0 - Roxio)

Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)

Roxio MyDVD DE (HKLM\...\{D639085F-4B6E-4105-9F37-A0DBB023E2FB}) (Version: 9.0.116 - Roxio, Inc.)

Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)

RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)

ScanSoft PaperPort 11 (HKLM\...\{7A8FF745-BBC5-482B-88E4-18D3178249A9}) (Version: 11.1.0000 - Nuance Communications, Inc.)

SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.5102.0 - SigmaTel)

SketchUp Pro 8 (HKLM\...\{045D5A51-F07E-4350-8642-B85772A2876B}) (Version: 3.0.16846 - Trimble Navigation Limited)

Software Updater (HKLM\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)

Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden

swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamViewer 8 (HKLM\...\TeamViewer 8) (Version: 8.0.30992 - TeamViewer)

Viewpoint Media Player (HKLM\...\ViewpointMediaPlayer) (Version: - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{0D7FDC12-4366-3687-B4C4-93C84983BEB5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{22A04790-1951-4514-AF1D-BC94B8B63C70}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\MessageProtocolX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{368CB9E8-3035-3AA5-B0D1-50FE1C930319}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{392777B8-79C3-4E1B-8CA2-DB2F9AD4DF37}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\TaskManagerX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4218E1B5-2288-4189-807C-6CFA4C8C629B}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\EventLoggingX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{4431F57E-8B58-387E-AC60-6DD3E7850CD5}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{60E1979E-326D-3D30-A96C-C6ADCDD2AF66}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{634C733B-EABF-3922-BA49-5CB3927D480C}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{7629C9DE-2E38-4963-A01C-02FFAC203D87}\InprocServer32 -> C:\Program Files\AOL Desktop 9.7a\axtrack.dll (AOL Inc.)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{790ACEF7-453A-4713-99C8-8D09A9B60186}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\CommandLineX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{96F86545-7514-4F4A-98F7-E26B36A9C50A}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\RegistryEditorX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{B8AAE7B6-87D4-4A2A-87E8-E4CAEF111E6D}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LiveConnectRelayX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{BB048B39-D3CB-37BF-A746-068C9F9FF26B}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{DC249AB2-0964-41F7-945F-AFC7039D7BA9}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\FileManagerX.dll (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F13EEFC9-D471-4824-8D54-8FA9F4FF587F}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\DesktopThumbnailX.ocx (Kaseya International Limited)

CustomCLSID: HKU\S-1-5-21-192517801-774707061-2340149944-1000_Classes\CLSID\{F6389D10-3244-4375-808A-1DFBC16317AE}\InprocServer32 -> C:\Users\Roger\AppData\Roaming\Kaseya\PluginManager\IE\LocalUsersGroupsX.dll (Kaseya International Limited)

==================== Restore Points =========================

23-10-2014 02:30:47 Scheduled Checkpoint

23-10-2014 20:36:36 Device Driver Package Install: EPSON Printers

23-10-2014 20:39:54 Device Driver Package Install: EPSON Imaging devices

23-10-2014 20:40:34 Installed EpsonNet Print

23-10-2014 20:42:51 Installed FAX Utility

25-10-2014 04:00:04 Scheduled Checkpoint

26-10-2014 04:00:03 Scheduled Checkpoint

27-10-2014 04:00:05 Scheduled Checkpoint

28-10-2014 04:00:05 Scheduled Checkpoint

29-10-2014 04:00:05 Scheduled Checkpoint

30-10-2014 04:00:04 Scheduled Checkpoint

31-10-2014 04:00:04 Scheduled Checkpoint

01-11-2014 07:03:29 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 06:23 - 2011-12-03 19:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01FE05B7-25E9-40FC-9B68-FA17F941F2EE} - System32\Tasks\Carbonite Upgrade Check => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {347167BF-0C97-4610-ABC8-F005DF21F481} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

Task: {364405BE-ADD2-4741-9CE3-F599D5F2363E} - System32\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {54E37598-CBA3-447E-B0D2-B386E9D0BB86} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7BAE8880-8351-4C00-818D-4FFA16A0F589} - System32\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421} => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)

Task: {88E3E3DF-C1B1-4C14-ACD1-EADA186FEB28} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {A629AA1D-8564-4F43-AEEF-16903D5DBE11} - System32\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20 => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\EPSON WF-3640 Series Invitation {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE

Task: C:\Windows\Tasks\EPSON WF-3640 Series Update {EB7D8C24-B7B8-415C-BDA0-5D7629D12421}.job => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TTSKDE.EXE

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf28a2e35ede20.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2007-06-07 11:06 - 2006-10-26 16:21 - 00056056 _____ () C:\Windows\system32\DLAAPI_W.DLL

2012-08-17 21:39 - 2013-09-20 22:03 - 01310136 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll

2006-11-05 10:28 - 2006-11-05 10:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll

2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll

2014-08-19 14:34 - 2014-08-19 14:34 - 00048640 _____ () C:\Program Files\AOL Desktop 9.7a\zlib.dll

2014-08-19 14:34 - 2014-08-19 14:34 - 21151232 _____ () C:\Program Files\AOL Desktop 9.7a\libcef.dll

2014-08-19 14:34 - 2014-08-19 14:34 - 00648704 _____ () C:\Program Files\AOL Desktop 9.7a\libglesv2.dll

2014-08-19 14:34 - 2014-08-19 14:34 - 00122880 _____ () C:\Program Files\AOL Desktop 9.7a\libegl.dll

2014-10-27 17:35 - 2014-10-22 00:04 - 08910664 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-27 17:34 - 2014-10-22 00:04 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Roger\Documents\Carsofthe50'sand60's-2-12.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

MSCONFIG\startupreg: dsentu => "C:\Windows\System32\rundll32.exe" "C:\Users\Roger\AppData\Roaming\dsentu.dll",Optimize

MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1179885413\ee\AOLSoftware.exe

MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

MSCONFIG\startupreg: pcwauy => C:\Users\Roger\pcwauy.exe /w

MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime

MSCONFIG\startupreg: rymuxhuxxick => C:\Users\Roger\rymuxhuxxick.exe

MSCONFIG\startupreg: suftattipmih => C:\Users\Roger\suftattipmih.exe

MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

MSCONFIG\startupreg: sylsuwafepuj => C:\Users\Roger\sylsuwafepuj.exe

MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide

MSCONFIG\startupreg: WMPNSCFG => C:\Program Files\Windows Media Player\WMPNSCFG.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-192517801-774707061-2340149944-500 - Administrator - Disabled)

Guest (S-1-5-21-192517801-774707061-2340149944-501 - Limited - Disabled)

Roger (S-1-5-21-192517801-774707061-2340149944-1000 - Administrator - Enabled) => C:\Users\Roger

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Transactions.Bridge.Dtc, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=x86". The error returned was Error: The specified assembly is not installed.

.

Error: (11/01/2014 05:54:25 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "Microsoft.Build.Tasks, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.

.

Error: (11/01/2014 05:54:14 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "AspNetMMCExt, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.

.

Error: (11/01/2014 05:54:13 AM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )

Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_32) - Failed to execute command from the offline queue: uninstall "System.Web.Mobile, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.

.

Error: (11/01/2014 03:58:41 AM) (Source: Perflib) (EventID: 1008) (User: )

Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (11/01/2014 03:58:39 AM) (Source: Perflib) (EventID: 1010) (User: )

Description: EmdCacheC:\Windows\system32\emdmgmt.dll4

Error: (10/31/2014 11:09:52 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/31/2014 10:50:38 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/31/2014 10:37:08 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (10/31/2014 10:28:48 PM) (Source: EventSystem) (EventID: 4609) (User: )

Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

System errors:

=============

Error: (11/01/2014 10:05:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Error: (11/01/2014 10:03:20 AM) (Source: LSM) (EventID: 1048) (User: )

Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.

.

Error: (11/01/2014 10:03:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: SASKUTIL

Error: (11/01/2014 10:03:17 AM) (Source: LSM) (EventID: 1048) (User: )

Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.

.

Error: (11/01/2014 10:01:05 AM) (Source: LSM) (EventID: 1048) (User: )

Description: Terminal Service start failed. The relevant status code was The configuration data for this product is corrupt. Contact your support personnel.

.

Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: IPsec Policy AgentBase Filtering Engine%%1290

Error: (11/01/2014 09:54:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Base Filtering Engine%%1290

Error: (11/01/2014 09:54:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Security Center%%1314

Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Windows FirewallBase Filtering Engine%%1290

Error: (11/01/2014 09:54:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Base Filtering Engine%%1290

Microsoft Office Sessions:

=========================