Jump to content

markwphillips

Members
  • Posts

    12
  • Joined

  • Last visited

Reputation

0 Neutral
  1. All seems good (for now). Thanks again for your help. This is my wife's machine and she's the one with paypal account so will have her provide a donation when I hand it back to her. Thanks so much - excellent help. Mark
  2. MS Malicious Software Removal Tool log --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.8, May 2012Started On Wed May 09 03:11:42 2012->Scan ERROR: resource process://pid:5104 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed May 09 03:13:29 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.9, June 2012Started On Wed Jun 13 03:07:15 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Jun 13 03:09:20 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.10, July 2012Started On Thu Jul 12 03:02:54 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 12 03:04:36 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.11, August 2012Started On Thu Aug 16 03:00:54 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Aug 16 03:03:06 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.12, September 2012Started On Thu Sep 13 03:00:43 2012->Scan ERROR: resource process://pid:6384 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:6356 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 13 03:02:42 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.13, October 2012Started On Thu Oct 11 03:04:02 2012->Scan ERROR: resource process://pid:1520 (code 0x00000005 (5))->Scan ERROR: resource process://pid:5964 (code 0x00000490 (1168))->Scan ERROR: resource process://pid:5700 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 11 03:05:39 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.14, November 2012Started On Fri Nov 16 03:02:02 2012 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 16 03:03:45 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.15, December 2012Started On Wed Dec 12 03:03:13 2012->Scan ERROR: resource process://pid:3200 (code 0x00000005 (5)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Dec 12 03:04:52 2012 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.16, January 2013Started On Thu Jan 10 03:03:47 2013->Scan ERROR: resource process://pid:6832 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 10 03:06:51 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.17, February 2013Started On Thu Feb 14 03:06:57 2013->Scan ERROR: resource process://pid:5976 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Feb 14 03:09:05 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.18, March 2013Started On Thu Mar 14 03:04:47 2013->Scan ERROR: resource process://pid:10780 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Mar 14 03:06:33 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.19, April 2013Started On Thu Apr 11 03:03:07 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 11 03:05:08 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.20, May 2013Started On Thu May 16 03:07:03 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu May 16 03:09:15 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.21, June 2013Started On Thu Jun 13 03:03:41 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jun 13 03:06:15 2013 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v4.22, July 2013Started On Thu Jul 11 03:12:46 2013->Scan ERROR: resource process://pid:7984 (code 0x00000490 (1168)) Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 11 03:14:45 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.3, August 2013 (build 5.3.9301.0)Started On Wed Aug 14 03:01:21 2013 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Aug 14 03:03:14 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.4, September 2013 (build 5.4.9400.0)Started On Wed Sep 11 03:03:56 2013 Engine: 1.1.9800.0Signatures: 1.157.932.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 11 03:06:27 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.5, October 2013 (build 5.5.9502.0)Started On Thu Oct 10 03:05:36 2013 Engine: 1.1.9901.0Signatures: 1.159.530.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Oct 10 03:08:04 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.6, November 2013 (build 5.6.9603.0)Started On Thu Nov 14 03:02:03 2013 Engine: 1.1.10003.0Signatures: 1.161.1618.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 14 03:04:26 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.7, December 2013 (build 5.7.9701.0)Started On Sun Dec 15 03:01:03 2013 Engine: 1.1.10100.0Signatures: 1.163.1013.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Dec 15 03:02:32 2013 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.8, January 2014 (build 5.8.9803.0)Started On Thu Jan 16 03:01:12 2014 Engine: 1.1.10201.0Signatures: 1.165.1273.0 Results Summary:----------------No infection found.Failed to submit MAPS report: 0x80004005Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 16 03:03:56 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.9, February 2014 (build 5.9.9902.0)Started On Sun Feb 16 03:01:34 2014 Engine: 1.1.10201.0Signatures: 1.165.3163.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sun Feb 16 03:04:21 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.10, March 2014 (build 5.10.10001.0)Started On Wed Mar 19 03:01:13 2014 Engine: 1.1.10302.0Signatures: 1.167.1001.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Wed Mar 19 03:03:42 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.11, April 2014 (build 5.11.10100.0)Started On Thu Apr 10 03:01:48 2014 Engine: 1.1.10401.0Signatures: 1.169.1258.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Apr 10 03:03:48 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.12, May 2014 (build 5.12.10200.0)Started On Thu May 15 03:02:29 2014 Engine: 1.1.10502.0Signatures: 1.173.1305.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu May 15 03:04:58 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.13, June 2014 (build 5.13.10300.0)Started On Fri Jun 13 03:04:26 2014 Engine: 1.1.10600.0Signatures: 1.175.1113.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Jun 13 03:06:27 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.14, July 2014 (build 5.14.10402.0)Started On Thu Jul 10 03:03:33 2014 Engine: 1.1.10701.0Signatures: 1.177.949.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Jul 10 03:05:52 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.15, August 2014 (build 5.15.10500.0)Started On Fri Aug 15 03:08:46 2014 Engine: 1.1.10802.0Signatures: 1.179.1796.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Aug 15 03:13:25 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.16, September 2014 (build 5.16.10602.0)Started On Sat Sep 13 03:02:46 2014 Engine: 1.1.10904.0Signatures: 1.183.882.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 13 03:07:34 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.17, October 2014 (build 5.17.10700.0)Started On Fri Oct 17 03:02:06 2014 Engine: 1.1.11005.0Signatures: 1.185.2035.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Oct 17 03:08:45 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Thu Nov 13 03:03:12 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 13 03:08:26 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Fri Nov 14 03:16:58 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Fri Nov 14 03:36:07 2014 Return code: 0 (0x0) ---------------------------------------------------------------------------------------Microsoft Windows Malicious Software Removal Tool v5.18, November 2014 (build 5.18.10802.0)Started On Sat Nov 15 11:52:45 2014 Engine: 1.1.11104.0Signatures: 1.187.1116.0 Results Summary:----------------No infection found.Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 15 13:23:06 2014 Return code: 0 (0x0) I do not have any problems currently happening with machine. If you have an idea of what weakness was (avast or firewall settings for example) that would be appreciated. Otherwise, just if you see something concerning in logs. Thanks,Mark
  3. JRT removal log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.3.8 (11.15.2014:1)OS: Windows 7 Home Premium x64Ran by Kim on Sat 11/15/2014 at 11:40:26.53~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"Successfully deleted: [File] "C:\Windows\couponprinter.ocx" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pcdr" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 11/15/2014 at 11:46:33.74End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ on to the Microsoft tool step
  4. adwcleaner log: # AdwCleaner v4.101 - Report created 15/11/2014 at 11:28:24# Updated 09/11/2014 by Xplode# Database : 2014-11-13.1 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Kim - KIMPLUMLAPTOP# Running from : C:\Users\Kim\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A85A5E6A-DE2C-4F4E-99DC-F469DF5A0EEC}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Coupon Printer for Windows5.0.1.2Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A81E737A17150D040843D72D34240018Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A81E737A17150D040843D72D34240018Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A81E737A17150D040843D72D34240018Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\365sweetswaps.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\truedelta.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\viewpoints.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.delta.comKey Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.viewpoints.com ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17420 -\\ Mozilla Firefox v3.6.12 (en-US) -\\ Google Chrome v38.0.2125.111 ************************* AdwCleaner[R0].txt - [2655 octets] - [15/11/2014 11:25:13]AdwCleaner[s0].txt - [2588 octets] - [15/11/2014 11:28:24] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2648 octets] ########## on to Junkware removal toll step
  5. malwarebytes log from clipboard: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 11/15/2014Scan Time: 11:06:26 AMLogfile: Administrator: Yes Version: 2.00.3.1025Malware Database: v2014.11.15.05Rootkit Database: v2014.11.12.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: Kim Scan Type: Threat ScanResult: CompletedObjects Scanned: 338207Time Elapsed: 11 min, 49 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 3PUP.Optional.SoftThinks.A, C:\Users\Default\AppData\Local\SoftThinks, Quarantined, [89888fad83f9f0466fb6e2513ec50df3], PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks, Quarantined, [001153e94a322f077ca95ad9c63d31cf], PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\Profiles, Quarantined, [001153e94a322f077ca95ad9c63d31cf], Files: 3PUP.Optional.SoftThinks.A, C:\Users\Default\AppData\Local\SoftThinks\scheduler.xml, Quarantined, [89888fad83f9f0466fb6e2513ec50df3], PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\scheduler.xml, Quarantined, [001153e94a322f077ca95ad9c63d31cf], PUP.Optional.SoftThinks.A, C:\Users\Kim\AppData\Local\SoftThinks\Profiles\Profil1.xml, Quarantined, [001153e94a322f077ca95ad9c63d31cf], Physical Sectors: 0(No malicious items detected) (end) on to adwcleaner
  6. fixlist.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-11-2014Ran by Kim at 2014-11-15 10:13:54 Run:1Running from C:\Users\Kim\DesktopLoaded Profile: Kim (Available profiles: Kim)Boot Mode: Normal============================================== Content of fixlist:*****************StartHKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)C:\Windows\UpdReg.EXEHKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = SearchScopes: HKCU - {0AAB0E89-9D44-4003-A770-76DED818C71F} URL = SearchScopes: HKCU - {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileToolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileR2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)C:\Program Files (x86)\CouponsC:\ProgramData\Microsoft\Windows\Start Menu\Programs\CouponsAlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2AlternateDataStreams: C:\Users\Kim\Desktop\Photos:com.dropbox.attributesEmptyTemp:End ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\UpdReg => value deleted successfully.C:\Windows\UpdReg.EXE => Moved successfully."HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found."HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found."HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully."HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0AAB0E89-9D44-4003-A770-76DED818C71F}" => Key deleted successfully."HKCR\CLSID\{0AAB0E89-9D44-4003-A770-76DED818C71F}" => Key not found."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0DB6796A-EB0D-4822-87CE-045F86802EBB}" => Key deleted successfully."HKCR\CLSID\{0DB6796A-EB0D-4822-87CE-045F86802EBB}" => Key not found."HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully."HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully."HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully."HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}" => Key not found.CouponPrinterService => Service stopped successfully.CouponPrinterService => Service deleted successfully.C:\Program Files (x86)\Coupons => Moved successfully.C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => Moved successfully.C:\ProgramData\TEMP => ":A8ADE5D8" ADS removed successfully.C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully."C:\Users\Kim\Desktop\Photos" => ":com.dropbox.attributes" ADS not found.EmptyTemp: => Removed 3.5 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== on to next step
  7. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014Ran by Kim (administrator) on KIMPLUMLAPTOP on 14-11-2014 20:19:44Running from C:\Users\Kim\DesktopLoaded Profile: Kim (Available profiles: Kim)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe() C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe() C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJJE.EXE() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe(Apple Inc.) C:\Program Files (x86)\AirPort\APAgent.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-23] (Synaptics Incorporated)HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2384896 2009-07-22] ()HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntryHKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1807600 2009-11-13] ()HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe [241789 2009-05-04] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [498160 2009-10-15] ()HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)HKLM-x32\...\Run: [AirPort Base Station Agent] => C:\Program Files (x86)\AirPort\APAgent.exe [771360 2009-11-11] (Apple Inc.)HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5225064 2014-11-14] (AVAST Software)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE [283232 2012-09-27] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...A8F59079A8D5}\localserver32: <==== ATTENTION!Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnkShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnkShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnkShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)Startup: C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)ShellIconOverlayIdentifiers: [mozy] -> {b32a6748-f273-4546-b60a-3c5adc239de5} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy2] -> {747E722C-CB46-4a9d-BDFE-192AAD5099B1} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.)ShellIconOverlayIdentifiers: [mozy3] -> {EE6F5A00-7898-40f7-AB77-51FF9D6DEB20} => C:\Program Files\MozyHome\mozyshell.dll (Mozy, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-1105775580-4205987658-3193769944-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - DefaultScope {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = SearchScopes: HKCU - {0AAB0E89-9D44-4003-A770-76DED818C71F} URL = SearchScopes: HKCU - {0DB6796A-EB0D-4822-87CE-045F86802EBB} URL = BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No FileBHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileToolbar: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No FileDPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CABDPF: HKLM-x32 {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 10.0.1.1 FireFox:========FF ProfilePath: C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ptanzvco.defaultFF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll (mozilla.org)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xmlFF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xmlFF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2014-11-14]FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-06-12]FF StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: =======CHR HomePage: Default -> hxxp://www.google.com/CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.180.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U18) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No FileCHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Profile: C:\Users\Kim\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]CHR Extension: (YouTube) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-07]CHR Extension: (Google Search) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-07]CHR Extension: (Google Wallet) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]CHR Extension: (Gmail) - C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-07]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-14] (AVAST Software)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-14] (Avast Software)R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177648 2014-09-05] (Coupons.com Inc.)S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2009-07-05] (Creative Technology Ltd) [File not signed]R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]R2 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [60928 2009-06-23] () [File not signed]R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54040 2011-09-29] (Mozy, Inc.)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2010-02-02] (Creative Labs) [File not signed]R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-14] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-14] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-14] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-14] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-14] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-14] (AVAST Software)S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-14] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-14] ()R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\SysWOW64\drivers\MBAMSwissArmy.sys [38224 2010-12-20] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-14] (Avast Software)U3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 20:19 - 2014-11-14 20:20 - 00023349 _____ () C:\Users\Kim\Desktop\FRST.txt2014-11-14 20:19 - 2014-11-14 20:19 - 00000000 ____D () C:\FRST2014-11-14 20:17 - 2014-11-14 20:17 - 02116608 _____ (Farbar) C:\Users\Kim\Desktop\FRST64.exe2014-11-14 19:06 - 2014-11-14 19:06 - 00000247 _____ () C:\Windows\system32\2014-11-15-00-06-00.011-aswFe.exe-7216.log2014-11-14 18:58 - 2014-11-14 19:05 - 00000247 _____ () C:\Windows\system32\2014-11-14-23-58-32.009-aswFe.exe-1848.log2014-11-14 18:58 - 2014-11-14 18:58 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-58-26.007-AvastVBoxSVC.exe-8832.log2014-11-14 18:51 - 2014-11-14 18:51 - 00029728 _____ () C:\ComboFix.txt2014-11-14 18:50 - 2014-11-14 18:50 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-50-33.000-AvastVBoxSVC.exe-4416.log2014-11-14 18:18 - 2014-11-14 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee2014-11-14 18:18 - 2011-02-04 18:50 - 00001120 _____ () C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk2014-11-14 18:18 - 2010-02-21 16:21 - 00002016 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk2014-11-14 18:18 - 2010-02-21 16:17 - 00001009 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat_com.lnk2014-11-14 18:18 - 2010-02-21 16:17 - 00000997 _____ () C:\Users\Public\Desktop\Acrobat_com.lnk2014-11-14 18:18 - 2010-02-21 03:03 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk2014-11-14 18:18 - 2010-02-09 17:20 - 00002429 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-11-14 18:18 - 2010-02-09 17:18 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk2014-11-14 18:18 - 2010-02-09 16:54 - 00001979 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk2014-11-14 18:18 - 2010-02-02 17:05 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk2014-11-14 18:18 - 2010-02-02 17:05 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk2014-11-14 18:18 - 2010-02-02 15:58 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk2014-11-14 18:18 - 2010-02-02 15:31 - 00002084 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerDVD DX.lnk2014-11-14 18:18 - 2010-02-02 15:30 - 00001860 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cozi Family Calendar.lnk2014-11-14 18:18 - 2010-02-02 15:19 - 00002557 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk2014-11-14 18:18 - 2009-07-14 00:01 - 00001282 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk2014-11-14 18:18 - 2009-07-13 23:57 - 00001352 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk2014-11-14 18:18 - 2009-07-13 23:57 - 00001330 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk2014-11-14 18:18 - 2009-07-13 23:57 - 00001246 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk2014-11-14 18:18 - 2009-07-13 23:54 - 00001210 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk2014-11-14 18:18 - 2009-07-13 23:49 - 00001266 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk2014-11-14 18:16 - 2014-11-14 18:16 - 00000197 _____ () C:\Windows\system32\2014-11-14-23-16-32.016-AvastVBoxSVC.exe-4764.log2014-11-14 18:00 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-11-14 18:00 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-11-14 18:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-11-14 18:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-11-14 18:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-11-14 18:00 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-11-14 18:00 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-11-14 18:00 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-11-14 17:58 - 2014-11-14 18:51 - 00000000 ____D () C:\Qoobox2014-11-14 17:54 - 2014-11-14 18:49 - 00000000 ____D () C:\Windows\erdnt2014-11-14 17:44 - 2014-11-14 17:52 - 05598504 ____R (Swearware) C:\Users\Kim\Desktop\ComboFix.exe2014-11-14 16:44 - 2014-11-14 16:48 - 00000000 ____D () C:\Windows\SysWOW64\vbox2014-11-14 16:44 - 2014-11-14 16:48 - 00000000 ____D () C:\Windows\system32\vbox2014-11-14 16:40 - 2014-11-14 17:41 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-11-14 16:38 - 2014-11-14 16:38 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-14 16:38 - 2014-11-14 16:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-14 16:37 - 2014-11-14 16:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-14 16:37 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-11-14 16:37 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2014-11-14 16:01 - 2014-11-14 16:01 - 00001926 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk2014-11-14 16:00 - 2014-11-14 16:00 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2014-11-14 15:59 - 2014-11-14 15:59 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe2014-11-14 15:59 - 2014-11-14 15:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr2014-11-14 00:44 - 2014-11-07 14:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-11-14 00:44 - 2014-11-07 14:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-11-14 00:44 - 2014-11-05 23:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-11-14 00:44 - 2014-11-05 23:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-11-14 00:44 - 2014-11-05 23:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-11-14 00:44 - 2014-11-05 22:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-11-14 00:44 - 2014-11-05 22:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-11-14 00:44 - 2014-11-05 22:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-11-14 00:44 - 2014-11-05 22:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-11-14 00:44 - 2014-11-05 22:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-11-14 00:44 - 2014-11-05 22:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-11-14 00:44 - 2014-11-05 22:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-11-14 00:44 - 2014-11-05 22:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-11-14 00:44 - 2014-11-05 22:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-11-14 00:44 - 2014-11-05 22:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-11-14 00:44 - 2014-11-05 22:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-11-14 00:44 - 2014-11-05 22:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-11-14 00:44 - 2014-11-05 22:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-11-14 00:44 - 2014-11-05 22:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-11-14 00:44 - 2014-11-05 22:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-11-14 00:44 - 2014-11-05 22:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-11-14 00:44 - 2014-11-05 22:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-11-14 00:44 - 2014-11-05 22:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-11-14 00:44 - 2014-11-05 22:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-11-14 00:44 - 2014-11-05 22:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-11-14 00:44 - 2014-11-05 22:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-11-14 00:44 - 2014-11-05 22:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-11-14 00:44 - 2014-11-05 22:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-11-14 00:44 - 2014-11-05 22:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-11-14 00:44 - 2014-11-05 22:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-11-14 00:44 - 2014-11-05 22:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-11-14 00:44 - 2014-11-05 22:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-11-14 00:44 - 2014-11-05 21:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-11-14 00:44 - 2014-11-05 21:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-11-14 00:44 - 2014-11-05 21:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-11-14 00:44 - 2014-11-05 21:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-11-14 00:44 - 2014-11-05 21:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-11-14 00:44 - 2014-11-05 21:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-11-14 00:44 - 2014-11-05 21:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-11-14 00:44 - 2014-11-05 21:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-11-14 00:44 - 2014-11-05 21:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-11-14 00:44 - 2014-11-05 21:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-11-14 00:44 - 2014-11-05 21:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-11-14 00:44 - 2014-11-05 21:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-11-14 00:44 - 2014-11-05 21:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-11-14 00:44 - 2014-11-05 21:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-11-14 00:44 - 2014-11-05 21:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-11-14 00:44 - 2014-11-05 21:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-11-14 00:44 - 2014-11-05 21:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-11-14 00:44 - 2014-11-05 21:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-11-14 00:44 - 2014-11-05 21:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-11-14 00:44 - 2014-11-05 20:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-11-14 00:44 - 2014-11-05 20:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-11-14 00:44 - 2014-11-05 20:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-11-14 00:44 - 2014-11-05 20:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-11-14 00:44 - 2014-11-05 12:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-11-14 00:44 - 2014-11-05 12:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-11-14 00:44 - 2014-11-05 12:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-11-14 00:44 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2014-11-14 00:44 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-11-14 00:44 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2014-11-14 00:44 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2014-11-14 00:44 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2014-11-14 00:44 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2014-11-14 00:44 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2014-11-14 00:44 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2014-11-14 00:43 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll2014-11-14 00:43 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll2014-11-14 00:43 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll2014-11-14 00:43 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll2014-11-14 00:43 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll2014-11-14 00:43 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll2014-11-14 00:43 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll2014-11-14 00:43 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-11-14 00:43 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-11-14 00:43 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-11-14 00:43 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-11-14 00:43 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL2014-11-14 00:43 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL2014-11-14 00:42 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-11-14 00:42 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-11-14 00:42 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-11-14 00:37 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-11-14 00:37 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-11-14 00:37 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-11-14 00:37 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-11-14 00:36 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2014-11-14 00:36 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2014-11-14 00:36 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-11-14 00:27 - 2010-04-12 17:29 - 00411368 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll2014-11-14 00:27 - 2010-04-12 17:29 - 00153376 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe2014-11-14 00:27 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe2014-11-14 00:27 - 2010-04-12 17:29 - 00145184 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe2014-11-14 00:26 - 2014-11-14 00:27 - 00003297 _____ () C:\Windows\SysWOW64\jupdate-1.6.0_20-b02.log2014-11-13 08:01 - 2014-11-13 08:01 - 00000000 __SHD () C:\Users\Kim\AppData\Local\EmieBrowserModeList2014-11-12 09:04 - 2014-11-05 21:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-11-12 09:04 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2014-10-31 17:08 - 2014-10-31 17:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons2014-10-31 17:08 - 2014-10-31 17:08 - 00000000 ____D () C:\Program Files (x86)\Coupons2014-10-31 16:47 - 2014-10-31 16:47 - 00000703 _____ () C:\Users\Kim\Downloads\MyFireMountainGemsCart_10-31-2014.csv2014-10-16 09:47 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl(30).cpl2014-10-16 09:47 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 09:47 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 09:47 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 09:47 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 09:47 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 09:47 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 09:46 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 09:46 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-16 09:46 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2014-10-16 09:46 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-10-16 09:46 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 09:46 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 09:46 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 09:46 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 09:46 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-10-16 09:45 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 09:45 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 09:45 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 09:45 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 09:45 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 09:45 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 09:45 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 09:45 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-14 20:17 - 2011-12-14 18:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-14 19:57 - 2012-10-07 18:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-14 19:38 - 2009-07-14 00:10 - 01079973 _____ () C:\Windows\WindowsUpdate.log2014-11-14 18:51 - 2009-07-13 22:20 - 00000000 ___RD () C:\Users\Default2014-11-14 18:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-11-14 18:44 - 2010-02-09 16:54 - 00000000 ____D () C:\Users\Kim2014-11-14 18:19 - 2010-11-22 14:46 - 00000000 ____D () C:\ProgramData\TEMP2014-11-14 18:18 - 2012-10-07 21:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live2014-11-14 18:18 - 2011-02-04 18:50 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.22014-11-14 18:18 - 2010-11-22 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox2014-11-14 18:18 - 2010-02-02 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio2014-11-14 18:18 - 2010-02-02 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center2014-11-14 18:18 - 2010-02-02 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative2014-11-14 18:18 - 2010-02-02 15:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center2014-11-14 18:18 - 2010-02-02 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell DataSafe2014-11-14 18:18 - 2010-02-02 15:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works2014-11-14 18:18 - 2010-02-02 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell2014-11-14 18:18 - 2010-02-02 15:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Wireless2014-11-14 18:18 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-11-14 18:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance2014-11-14 18:18 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-11-14 17:50 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-14 17:50 - 2009-07-13 23:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-14 17:44 - 2011-10-15 12:27 - 00000000 ___RD () C:\Users\Kim\Dropbox2014-11-14 17:44 - 2011-10-15 12:25 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\Dropbox2014-11-14 17:43 - 2011-10-15 12:27 - 00001020 _____ () C:\Users\Kim\Desktop\Dropbox.lnk2014-11-14 17:43 - 2011-10-15 12:26 - 00000000 ____D () C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-11-14 17:43 - 2009-07-14 00:13 - 00799546 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-14 17:39 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-14 17:39 - 2009-07-13 23:51 - 00045901 _____ () C:\Windows\setupact.log2014-11-14 17:38 - 2010-02-02 17:01 - 00773988 _____ () C:\Windows\PFRO.log2014-11-14 17:38 - 2009-07-14 02:45 - 00000000 ____D () C:\Windows\ShellNew2014-11-14 16:37 - 2010-11-22 12:12 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-14 16:32 - 2011-12-14 18:57 - 00000000 ____D () C:\Program Files\Google2014-11-14 16:32 - 2011-12-14 18:57 - 00000000 ____D () C:\Program Files (x86)\Google2014-11-14 16:14 - 2011-12-14 18:57 - 00000000 ____D () C:\Users\Kim\AppData\Local\Google2014-11-14 16:14 - 2011-12-14 18:57 - 00000000 ____D () C:\ProgramData\Google2014-11-14 15:59 - 2014-07-19 11:58 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys2014-11-14 15:59 - 2014-07-19 11:58 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys2014-11-14 15:59 - 2014-07-19 11:54 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys2014-11-14 15:59 - 2014-07-19 11:54 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys2014-11-14 15:59 - 2012-10-07 18:18 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys2014-11-14 15:59 - 2011-06-12 12:33 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys2014-11-14 15:59 - 2011-06-12 12:33 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys2014-11-14 15:58 - 2011-06-12 12:33 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys2014-11-14 13:01 - 2011-09-29 09:50 - 00003378 _____ () C:\Windows\mozy.flt2014-11-14 13:01 - 2011-09-29 09:50 - 00002818 _____ () C:\Windows\mozy.blk2014-11-14 10:59 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD2014-11-14 05:12 - 2011-12-14 18:57 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-11-14 05:12 - 2011-12-14 18:57 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-11-14 05:12 - 2011-12-14 18:57 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-14 05:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-11-14 04:27 - 2009-07-13 23:45 - 00334976 _____ () C:\Windows\system32\FNTCACHE.DAT2014-11-14 04:22 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-11-14 03:36 - 2013-08-14 02:01 - 00000000 ____D () C:\Windows\system32\MRT2014-11-14 03:16 - 2012-05-09 02:11 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-11-14 00:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-11-14 00:27 - 2010-02-02 15:11 - 00000000 ____D () C:\Program Files (x86)\Java2014-11-14 00:23 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV2014-11-14 00:22 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration2014-11-11 19:57 - 2012-10-07 18:23 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-11-11 19:57 - 2012-10-07 18:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-11-11 19:57 - 2011-12-14 18:56 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-10-31 18:46 - 2014-06-20 15:12 - 00028672 _____ () C:\Users\Kim\Documents\2014businesstracking.xls2014-10-28 05:34 - 2011-06-12 12:49 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-06 22:02 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014Ran by Kim at 2014-11-14 20:20:43Running from C:\Users\Kim\DesktopBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 5700_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) HiddenAccelerometer (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 1.06.08.17 - STMicroelectronics)Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.0.0.0 - Adobe Systems Incorporated)Acrobat.com (x32 Version: 2.0.0 - Adobe Systems Incorporated) HiddenAdobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated)Adobe Reader 9.5.2 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.2 - Adobe Systems Incorporated)Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)AirPort (HKLM-x32\...\{AA68AAAE-41F0-40B5-8896-5947F5FD6889}) (Version: 5.6.1.2 - Apple Inc.)Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1997025392.48.56.6032618 - Audible, Inc.)Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) HiddenBPDSoftware (x32 Version: 130.0.000.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenCisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.1.2) (Version: 5.0.1.2 - Coupons.com Incorporated)Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.2.0009 - Dell, Inc.)Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)Dell Driver Download Manager (HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)Dropbox (HKU\S-1-5-21-1105775580-4205987658-3193769944-1001\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)EPSON WF-3520 Series Printer Uninstall (HKLM\...\EPSON WF-3520 Series) (Version: - SEIKO EPSON Corporation)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoToAssist 8.0.0.514 (HKLM-x32\...\GoToAssist) (Version: - )HP Driver Diagnostics (HKLM-x32\...\{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}) (Version: 1.03.0005 - Hewlett-Packard Company)HP Officejet J5700 Series (HKLM\...\{F2F8F16F-253E-4846-B508-8666FE2C5B14}) (Version: 13.0 - HP)Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1968 - Intel Corporation)iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)J5700_Basic (x32 Version: 130.0.000.000 - Hewlett-Packard) HiddenJava 6 Update 17 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416017FF}) (Version: 6.0.170 - Sun Microsystems, Inc.)Java 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216018FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenLive! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)LoJack Factory Installer (HKLM-x32\...\InstallShield_{AE0259D4-7A01-4E47-BBAF-2604D03DF07C}) (Version: 1.0.0.5 - Absolute Software Corporation)LoJack Factory Installer (x32 Version: 1.0.0.5 - Absolute Software Corporation) HiddenMalwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 (HKLM-x32\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)Mozilla Firefox (3.6.12) (HKLM-x32\...\Mozilla Firefox (3.6.12)) (Version: 3.6.12 (en-US) - Mozilla)MozyHome (HKLM\...\{A24583BD-E141-ED96-B241-A3941641A7EB}) (Version: 2.26.4.395 - Mozy, Inc.)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)OpenOffice.org 3.2 (HKLM-x32\...\{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}) (Version: 3.2.9502 - OpenOffice.org)PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.11 - Dell Inc.)QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) HiddenSoftware Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)Sound Blaster X-Fi MB (HKLM-x32\...\{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}) (Version: 1.0 - Creative Technology Limited)Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) HiddenVisual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) HiddenWIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)WildTangent Games (HKLM-x32\...\WildTangent dell Master Uninstall) (Version: 1.0.0.71 - WildTangent)Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.) ==================== Restore Points ========================= 13-11-2014 08:00:49 Windows Update14-11-2014 04:39:03 avast! antivirus system restore point14-11-2014 05:18:11 Installed Java 6 Update 2014-11-2014 08:02:56 Windows Update14-11-2014 13:22:45 Windows Update14-11-2014 20:53:04 avast! antivirus system restore point ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-11-14 18:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {158D0CF8-71B5-4B93-BC4F-A68F43252ECF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)Task: {2EAAABBF-6130-4C5F-9E3A-BF43E695863F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-21] (Google Inc.)Task: {53878F62-9A31-4A21-9D02-53F01D016484} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)Task: {C4A875C3-6F7D-4FF8-B7A2-F0927B3FC8AB} - System32\Tasks\DH4G7LL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)Task: {D393039C-869C-44B5-B907-F4BFDB05BC3B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-14] (AVAST Software)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-02-02 15:12 - 2009-07-16 20:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE2010-02-02 15:12 - 2009-07-16 20:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll2010-02-02 15:17 - 2009-06-23 17:02 - 00060928 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe2010-02-02 15:17 - 2009-07-22 09:52 - 02384896 _____ () C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe2012-01-10 20:12 - 2012-01-10 20:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2009-11-13 16:15 - 2009-11-13 16:15 - 01807600 _____ () C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe2014-10-17 02:48 - 2014-10-17 02:48 - 00472576 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\VistaBridgeLibrary\27062a1bd5e07ac476c1ef919d9abff5\VistaBridgeLibrary.ni.dll2014-11-14 15:58 - 2014-11-14 15:58 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll2014-11-14 15:58 - 2014-11-14 15:58 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll2014-11-14 13:37 - 2014-11-14 13:37 - 02903040 _____ () C:\Program Files\AVAST Software\Avast\defs\14111400\algo.dll2014-11-14 15:58 - 2014-11-14 15:58 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2010-02-02 15:28 - 2009-09-17 14:04 - 00115952 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll2010-02-02 15:28 - 2009-09-17 14:05 - 00128240 ____N () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00275696 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll2009-09-11 13:05 - 2009-09-11 13:05 - 00058608 _____ () C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00095472 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00152816 _____ () C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll2009-11-13 16:15 - 2009-11-13 16:15 - 00017648 _____ () C:\Program Files (x86)\Dell DataSafe Online\cpputils.dll2014-11-14 15:59 - 2014-11-14 15:59 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll2014-10-29 08:40 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-29 08:40 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-29 08:40 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-29 08:40 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:A8ADE5D8AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2AlternateDataStreams: C:\Users\Kim\Desktop\Photos:com.dropbox.attributes ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-1105775580-4205987658-3193769944-500 - Administrator - Disabled)Guest (S-1-5-21-1105775580-4205987658-3193769944-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-1105775580-4205987658-3193769944-1002 - Limited - Enabled)Kim (S-1-5-21-1105775580-4205987658-3193769944-1001 - Administrator - Enabled) => C:\Users\Kim ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (11/14/2014 01:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17420, time stamp: 0x4a5bc96fFaulting module name: Flash32_15_0_0_223.ocx, version: 15.0.0.223, time stamp: 0x544ecba4Exception code: 0xc0000005Fault offset: 0x0064d812Faulting process id: 0x397cFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/14/2014 11:19:20 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17420 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 20ec Start Time: 01d0002441b4c230 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\IEXPLORE.EXE Report Id: Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: KimPlumLaptop)Description: Product: Microsoft Works - Update 'Security Update for Microsoft Works 9 (KB2754670)' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: KimPlumLaptop)Description: Product: Microsoft Works -- Error 1706.No valid source could be found for product Microsoft Works. The Windows installer cannot continue. Error: (11/14/2014 08:22:46 AM) (Source: VSS) (EventID: 8193) (User: )Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-1105775580-4205987658-3193769944-1001.bak). hr = 0x80070539, The security ID structure is invalid.. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {2a578dc7-ea05-4edb-8243-cca4a621a4ad} Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: KimPlumLaptop)Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off. Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: KimPlumLaptop)Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on. Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: KimPlumLaptop)Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile. DETAIL - The process cannot access the file because it is being used by another process. Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\Kim\ntuser.dat Error: (11/14/2014 00:37:57 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 11.0.9600.17344, time stamp: 0x4a5bc5e1Faulting module name: MSHTML.dll, version: 11.0.9600.17344, time stamp: 0x541b8a22Exception code: 0xc00000fdFault offset: 0x00094765Faulting process id: 0x3970Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 System errors:=============Error: (11/14/2014 07:22:18 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7} Error: (11/14/2014 06:48:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/14/2014 06:43:58 PM) (Source: Application Popup) (EventID: 1060) (User: )Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (11/14/2014 06:18:52 PM) (Source: Service Control Manager) (EventID: 7030) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (11/14/2014 05:41:22 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/14/2014 05:40:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (11/14/2014 04:41:42 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Windows Update service hung on starting. Error: (11/14/2014 04:39:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service. Error: (11/14/2014 04:35:37 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/14/2014 04:35:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Microsoft Office Sessions:=========================Error: (11/14/2014 01:44:18 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.174204a5bc96fFlash32_15_0_0_223.ocx15.0.0.223544ecba4c00000050064d812397c01d0003a1c57d0ffC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\Flash32_15_0_0_223.ocx3cc40ddb-6c2e-11e4-adec-0026b91134f6 Error: (11/14/2014 11:19:20 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.1742020ec01d0002441b4c2300C:\Program Files\Internet Explorer\IEXPLORE.EXE Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 1024) (User: KimPlumLaptop)Description: Microsoft WorksSecurity Update for Microsoft Works 9 (KB2754670)1603(NULL)(NULL)(NULL) Error: (11/14/2014 08:46:16 AM) (Source: MsiInstaller) (EventID: 11706) (User: KimPlumLaptop)Description: Product: Microsoft Works -- Error 1706.No valid source could be found for product Microsoft Works. The Windows installer cannot continue.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (11/14/2014 08:22:46 AM) (Source: VSS) (EventID: 8193) (User: )Description: ConvertStringSidToSid(S-1-5-21-1105775580-4205987658-3193769944-1001.bak)0x80070539, The security ID structure is invalid. Operation: OnIdentify event Gathering Writer Data Context: Execution Context: Shadow Copy Optimization Writer Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f} Writer Name: Shadow Copy Optimization Writer Writer Instance ID: {2a578dc7-ea05-4edb-8243-cca4a621a4ad} Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: KimPlumLaptop)Description: Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: KimPlumLaptop)Description: Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: KimPlumLaptop)Description: The process cannot access the file because it is being used by another process. Error: (11/14/2014 08:20:37 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)Description: The process cannot access the file because it is being used by another process.C:\Users\Kim\ntuser.dat Error: (11/14/2014 00:37:57 AM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe11.0.9600.173444a5bc5e1MSHTML.dll11.0.9600.17344541b8a22c00000fd00094765397001cfffccdccd94eeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\MSHTML.dll62b813fd-6bc0-11e4-8ef0-0026b91134f6 CodeIntegrity Errors:=================================== Date: 2014-11-14 18:43:58.655 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-11-14 18:43:58.328 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-22 16:23:46.993 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-12-22 16:23:46.696 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2010-11-22 15:26:03.020 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system. Date: 2010-11-22 15:16:38.009 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system. Date: 2010-11-22 14:59:28.263 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Spyware Doctor\smum64.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i3 CPU M 330 @ 2.13GHzPercentage of memory in use: 63%Total physical RAM: 3892.52 MBAvailable physical RAM: 1430.86 MBTotal Pagefile: 7783.23 MBAvailable Pagefile: 4970.97 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:339.94 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: CF5AC2F0)Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=451.1 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. I will start the run of Farbar Recovery scan tool The constant 100% CPU has stopped for now after the Combofix. I am still seeing the original problem with "malicious website blocked"
  9. Here's malwarebytes logs <?xml version="1.0" encoding="UTF-16"?> -<mbam-log> -<header> <date>2014/11/14 16:40:42 -0500</date> <logfile>mbam-log-2014-11-14 (16-40-35).xml</logfile> <isadmin>yes</isadmin> </header> -<engine> <version>2.00.3.1025</version> <malware-database>v2014.11.14.10</malware-database> <rootkit-database>v2014.11.12.01</rootkit-database> <license>trial</license> <file-protection>enabled</file-protection> <web-protection>enabled</web-protection> <self-protection>disabled</self-protection> </engine> -<system> <osversion>Windows 7 Service Pack 1</osversion> <arch>x64</arch> <username>Kim</username> <filesys>NTFS</filesys> </system> -<summary> <type>threat</type> <result>completed</result> <objects>337867</objects> <time>2158</time> <processes>0</processes> <modules>0</modules> <keys>0</keys> <values>0</values> <datas>0</datas> <folders>0</folders> <files>1</files> <sectors>0</sectors> </summary> -<options> <memory>enabled</memory> <startup>enabled</startup> <filesystem>enabled</filesystem> <archives>enabled</archives> <rootkits>disabled</rootkits> <deeprootkit>disabled</deeprootkit> <heuristics>enabled</heuristics> <pup>enabled</pup> <pum>enabled</pum> </options> -<items> -<file> <path>C:\Users\Kim\Dropbox\ubcd528.exe</path> <vendor>PUP.Optional.OpenCandy</vendor> <action>success</action> <hash>852d7cbfd3a960d6e7793b3317eede22</hash> </file> </items> </mbam-log>
  10. Here's the combofix results ComboFix 14-11-15.01 - Kim 11/14/2014 18:03:02.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1637 [GMT -5:00]Running from: c:\users\Kim\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\install.exec:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\4PxPlo.jpgc:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\b37laYjY7.jpgc:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\X17yk.jpgc:\users\Kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\y1B3BY.jpgc:\users\Kim\AppData\Roaming\GetValue.vbsc:\users\Kim\GoToAssistDownloadHelper.exe..CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.You should verify if current CLSID data is correct: .HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} (Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32 (Default) REG_SZ c:\windows\system32\thumbcache.dll ThreadingModel REG_SZ Apartment.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32.HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\.((((((((((((((((((((((((( Files Created from 2014-10-14 to 2014-11-14 )))))))))))))))))))))))))))))))..2014-11-14 23:46 . 2014-11-14 23:46 -------- d-----w- c:\users\Default\AppData\Local\temp2014-11-14 21:44 . 2014-11-14 21:48 -------- d-----w- c:\windows\SysWow64\vbox2014-11-14 21:44 . 2014-11-14 21:48 -------- d-----w- c:\windows\system32\vbox2014-11-14 21:40 . 2014-11-14 22:41 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-11-14 21:37 . 2014-10-01 16:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-11-14 21:37 . 2014-10-01 16:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-11-14 21:37 . 2014-11-14 21:37 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware2014-11-14 21:36 . 2014-11-14 21:36 -------- d-----w- c:\users\Kim\AppData\Local\Programs2014-11-14 20:59 . 2014-11-14 20:59 364512 ----a-w- c:\windows\system32\aswBoot.exe2014-11-14 20:59 . 2014-11-14 20:59 43152 ----a-w- c:\windows\avastSS.scr2014-11-14 13:20 . 2014-11-14 23:15 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF2FBE18-59FE-4B8F-BBCD-7195A6E1E8A4}\offreg.dll2014-11-14 05:43 . 2014-08-21 06:43 1882624 ----a-w- c:\windows\system32\msxml3.dll2014-11-14 05:43 . 2014-08-21 06:40 2048 ----a-w- c:\windows\system32\msxml3r.dll2014-11-14 05:43 . 2014-08-21 06:26 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll2014-11-14 05:43 . 2014-08-21 06:23 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll2014-11-14 05:43 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL2014-11-14 05:43 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL2014-11-14 05:43 . 2014-10-03 02:12 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll2014-11-14 05:43 . 2014-10-03 01:44 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll2014-11-14 05:43 . 2014-10-03 02:11 284672 ----a-w- c:\windows\system32\EncDump.dll2014-11-14 05:43 . 2014-10-03 02:11 680960 ----a-w- c:\windows\system32\audiosrv.dll2014-11-14 05:43 . 2014-10-03 02:11 440832 ----a-w- c:\windows\system32\AudioEng.dll2014-11-14 05:43 . 2014-10-03 02:11 296448 ----a-w- c:\windows\system32\AudioSes.dll2014-11-14 05:43 . 2014-10-03 01:44 374784 ----a-w- c:\windows\SysWow64\AudioEng.dll2014-11-14 05:37 . 2014-10-25 01:57 77824 ----a-w- c:\windows\system32\packager.dll2014-11-14 05:37 . 2014-10-25 01:32 67584 ----a-w- c:\windows\SysWow64\packager.dll2014-11-14 05:37 . 2014-10-10 00:57 3198976 ----a-w- c:\windows\system32\win32k.sys2014-11-14 05:37 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll2014-11-14 05:36 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll2014-11-14 05:36 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll2014-11-14 05:36 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll2014-11-14 05:27 . 2010-04-12 22:29 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll2014-11-14 05:27 . 2010-04-12 22:29 411368 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll2014-11-13 13:01 . 2014-11-13 13:01 -------- d-sh--w- c:\users\Kim\AppData\Local\EmieBrowserModeList2014-11-12 14:04 . 2014-10-14 01:50 22016 ----a-w- c:\windows\SysWow64\secur32.dll2014-11-12 14:04 . 2014-11-06 02:21 2051072 ----a-w- c:\windows\SysWow64\inetcpl.cpl2014-11-11 14:02 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EF2FBE18-59FE-4B8F-BBCD-7195A6E1E8A4}\mpengine.dll2014-10-31 22:08 . 2014-10-31 22:08 -------- d-----w- c:\program files (x86)\Coupons2014-10-16 14:47 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll2014-10-16 14:47 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll2014-10-16 14:47 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll2014-10-16 14:47 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll2014-10-16 14:47 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll2014-10-16 14:47 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll2014-10-16 14:47 . 2014-09-25 22:32 2017280 ----a-w- c:\windows\SysWow64\inetcpl(30).cpl2014-10-16 14:46 . 2014-08-29 02:07 44032 ----a-w- c:\windows\system32\tsgqec.dll2014-10-16 14:46 . 2014-08-29 01:44 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll2014-10-16 14:46 . 2014-08-29 01:44 4922368 ----a-w- c:\windows\SysWow64\mstscax.dll2014-10-16 14:46 . 2014-08-29 01:44 269312 ----a-w- c:\windows\SysWow64\aaclient.dll2014-10-16 14:46 . 2014-08-29 01:44 1050112 ----a-w- c:\windows\SysWow64\mstsc.exe2014-10-16 14:46 . 2014-08-29 02:07 322560 ----a-w- c:\windows\system32\aaclient.dll2014-10-16 14:46 . 2014-08-29 02:06 1125888 ----a-w- c:\windows\system32\mstsc.exe2014-10-16 14:46 . 2014-08-29 02:07 5780480 ----a-w- c:\windows\system32\mstscax.dll2014-10-16 14:46 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll2014-10-16 14:45 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll2014-10-16 14:45 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll2014-10-16 14:45 . 2014-07-17 02:07 235520 ----a-w- c:\windows\system32\winsta.dll2014-10-16 14:45 . 2014-07-17 02:07 150528 ----a-w- c:\windows\system32\rdpcorekmts.dll2014-10-16 14:45 . 2014-07-17 01:40 157696 ----a-w- c:\windows\SysWow64\winsta.dll2014-10-16 14:45 . 2014-07-17 01:21 212480 ----a-w- c:\windows\system32\drivers\rdpwd.sys2014-10-16 14:45 . 2014-07-17 02:07 455168 ----a-w- c:\windows\system32\winlogon.exe2014-10-16 14:45 . 2014-07-17 01:21 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-11-14 20:59 . 2014-07-19 16:58 116728 ----a-w- c:\windows\system32\drivers\aswStm.sys2014-11-14 20:59 . 2014-07-19 16:54 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-11-14 20:59 . 2011-06-12 17:33 436624 ----a-w- c:\windows\system32\drivers\aswsp.sys2014-11-14 20:59 . 2014-07-19 16:58 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys2014-11-14 20:59 . 2014-07-19 16:54 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-11-14 20:59 . 2011-06-12 17:33 83280 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-11-14 20:59 . 2012-10-07 23:18 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-11-14 20:58 . 2011-06-12 17:33 1050432 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-11-14 08:16 . 2012-05-09 07:11 103374192 ----a-w- c:\windows\system32\MRT.exe2014-11-12 00:57 . 2012-10-07 23:23 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-11-12 00:57 . 2011-12-14 23:56 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-10-28 10:34 . 2011-06-12 17:49 275080 ------w- c:\windows\system32\MpSigStub.exe2014-10-01 16:11 . 2010-11-22 17:12 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-09-25 02:08 . 2014-10-01 15:52 371712 ----a-w- c:\windows\system32\qdvd.dll2014-09-25 01:40 . 2014-10-01 15:52 519680 ----a-w- c:\windows\SysWow64\qdvd.dll2014-09-09 22:11 . 2014-09-24 16:22 2048 ----a-w- c:\windows\system32\tzres.dll2014-09-09 21:47 . 2014-09-24 16:22 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-09-03 17:35 . 2014-05-19 21:56 444912 ----a-w- c:\windows\CouponPrinter.ocx2014-09-03 17:35 . 2014-05-19 21:58 659440 ----a-w- c:\windows\couponprinter_x64.ocx2014-08-29 16:53 . 2010-06-24 15:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2014-08-23 02:07 . 2014-08-28 22:21 404480 ----a-w- c:\windows\system32\gdi32.dll2014-08-23 01:45 . 2014-08-28 22:21 311808 ----a-w- c:\windows\SysWow64\gdi32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 131480 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE" [2012-09-27 283232].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-05 241789]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]"AirPort Base Station Agent"="c:\program files (x86)\AirPort\APAgent.exe" [2009-11-11 771360]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-11-14 5225064].c:\users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]Dropbox.lnk - c:\users\Kim\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-11-13 35419192].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-17 1080096]MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2014-6-16 6515528].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0)"SoftwareSASGeneration"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer3"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys;c:\windows\SYSNATIVE\DRIVERS\stdflt.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 CouponPrinterService;Coupon Printer Service;c:\program files (x86)\Coupons\CouponPrinterService.exe;c:\program files (x86)\Coupons\CouponPrinterService.exe [x]S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]S2 InstallFilterService;FF Install Filter Service;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe;c:\program files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys;c:\windows\SYSNATIVE\DRIVERS\Acceler.sys [x]S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-10-29 13:39 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 00:57].2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 00:06].2014-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-14 00:06]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-11-14 20:59 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2014-06-24 22:04 164760 ----a-w- c:\users\Kim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]2014-06-16 16:10 6487880 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]2014-06-16 16:10 6487880 ----a-w- c:\program files\MozyHome\mozyshell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-11 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-11 392984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-11 417560].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.yahoo.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTCP: DhcpNameServer = 10.0.1.1FF - ProfilePath - c:\users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\ptanzvco.default\FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.Email.1".[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]@Denied: (2) (LocalSystem)"Progid"="WindowsLiveMail.VCard.1".[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID]@DACL=(02 0000).[HKEY_USERS\S-1-5-21-1105775580-4205987658-3193769944-1001_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]@Allowed: (Read) (RestrictedCode).[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.15".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-11-14 18:51:39ComboFix-quarantined-files.txt 2014-11-14 23:51.Pre-Run: 359,900,454,912 bytes freePost-Run: 369,229,410,304 bytes free.- - End Of File - - 26541809DF27546954BAFB3F78765E685C616939100B85E558DA92B899A0FC36
  11. Thanks Kevin - I have already done a Malwarebytes scan and I am in process of running Combofix before seeing your response. It has been sitting on "completed Stage_50" for a while. I will follow your instructions as soon as this completes. I appreciate your help here. Mark
  12. I am seeing the same issue as reported in this topic: https://forums.malwarebytes.org/index.php?/topic/159515-malicious-website-blocked-syswow64svchostexe/ I am also seeing CPU running near 100% and believe that is related.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.