Assistance Requested Thank You

[sjfinanceguy]

I believe that I have been infected, I have ran Malware Pro and believe that I got most of it out of my system. But it still seems to be running a little odd. Here are the logs and thanks for your assistance.DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.21.2

Run by Z at 10:41:25 on 2013-06-08

Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.16333.12252 [GMT -7:00]

.

AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k RPCSS

C:\WINDOWS\system32\atiesrxx.exe

C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\dwm.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\atieclxx.exe

C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe

C:\Program Files (x86)\Stardock\Start8\Start8_64.exe

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

E:\Program Files\ABBYY\NetworkLicenseServer.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe

C:\WINDOWS\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe

C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe

C:\WINDOWS\System32\svchost.exe -k ipripsvc

C:\Program Files\Listary\Listary.exe

C:\WINDOWS\System32\svchost.exe -k LPDService

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe

C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe

C:\WINDOWS\system32\mqsvc.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe

C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe

C:\Windows\SysWOW64\NLSSRV32.EXE

C:\Program Files (x86)\NetSetMan Pro\nsmservice.exe

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\WINDOWS\system32\spool\DRIVERS\x64\3\fppdis4.exe

e:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe

e:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\ShareMouse\smService.exe

C:\Program Files (x86)\ShareMouse\sharemouse.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\WINDOWS\SysWOW64\UTSCSI.EXE

C:\WINDOWS\SysWOW64\vmnat.exe

C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe

C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe

C:\WINDOWS\system32\svchost.exe -k iissvcs

C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe

C:\Program Files\Windows Firewall Control\wfcs.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

E:\Program Files\VMWare\VMPlayer\vmware-authd.exe

C:\WINDOWS\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet

C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe

C:\WINDOWS\sysWOW64\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

c:\windows\system32\inetsrv\w3wp.exe

C:\WINDOWS\system32\taskhostex.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Listary\Listary.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x64__8wekyb3d8bbwe\LiveComm.exe

C:\WINDOWS\system32\taskeng.exe

C:\Program Files (x86)\ShareMouse\sharemouse.exe

C:\Program Files\Process Lasso\processgovernor.exe

C:\Program Files\Process Lasso\processlasso.exe

C:\Windows\System32\RuntimeBroker.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files\Box Sync\BoxSyncHelper.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files (x86)\Internet Download Manager\IDMan.exe

C:\Program Files\Listary\ListaryHelper64.exe

C:\Users\Z\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Deskcalc Pro\deskcalc.exe

C:\Program Files (x86)\Memonic\Memonic.exe

C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe

C:\Users\Z\AppData\Local\DeskTime\DeskTime.exe

C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe

C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

C:\Program Files (x86)\LastPass\lastapp_x64.exe

C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe

E:\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files\Windows Firewall Control\wfc.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe

C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\WINDOWS\splwow64.exe

C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe

C:\Program Files (x86)\Zero Click Spellchecker\ZeroClickSpellchecker.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe

C:\Program Files (x86)\Zero Click Spellchecker\ZeroClickSpellchecker_Helper64.exe

C:\Users\Z\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

C:\Program Files (x86)\Evernote\Evernote\Evernote.exe

E:\Program Files (x86)\PRTG Network Monitor\PRTG Enterprise Console.exe

C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\svchost.exe -k SDRSVC

C:\WINDOWS\system32\vssvc.exe

C:\WINDOWS\System32\svchost.exe -k swprv

C:\Program Files\Genie9\Zoolz2\Zoolz.exe

C:\WINDOWS\explorer.exe

C:\Program Files (x86)\Clover\clover.exe

C:\WINDOWS\system32\svchost.exe -k GPSvcGroup

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

C:\Program Files (x86)\ActiveTracker\rn5.exe

C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

C:\Windows\SysWOW64\mshta.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\wbem\WmiApSrv.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.duckduckgo.com/

mWinlogon: Userinit = userinit.exe,

BHO: CRnPluginSite Object: {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\Program Files (x86)\ActiveTracker\plugins\internetexplorer\wegie\wegie.dll

BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll

BHO: RCIEBrowserToolbar Class: {05F8C4F4-44DA-49D7-92EE-0944AB774D99} - C:\Program Files (x86)\RingCentral\RingCentral Softphone\IEBHO.dll

BHO: VIPTToolbarManager Class: {1A2641AE-2C42-4C51-A05F-8ECEC3FDC94D} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll

BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Adobe Acrobat Create PDF Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - <orphaned>

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Adobe Acrobat Create PDF from Selection: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

TB: RingCentral For Internet Explorer: {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\Program Files (x86)\RingCentral\RingCentral Softphone\IEBHO.dll

TB: Adobe Acrobat Create PDF Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

TB: RingCentral For Internet Explorer: {A50F643C-3C5B-4D99-B68C-21A13C81E50E} - C:\Program Files (x86)\RingCentral\RingCentral Softphone\IEBHO.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll

TB: Visual IP Trace: {E70C26AE-DFF1-40A8-8D37-19180F56F0AA} - C:\Program Files (x86)\Visual IP Trace 2009\VisualIPTraceIE.dll

TB: <No Name>: {4bf21840-c53d-4e2d-b203-77d2b2b43781} - LocalServer32 - <no file>

uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot

uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler

uRun: [skyDrive] "C:\Users\Z\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [DeskCalc] "c:\program files (x86)\deskcalc pro\deskcalc.exe" /hide

uRun: [Memonic] C:\Program Files (x86)\Memonic\Memonic.exe

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [E7B8B8B145EA1DC5DEB98AD487425D06713FED55._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service

uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Softphone\RCHotKey.exe"

uRun: [DeskTime] "C:\Users\Z\AppData\Local\DeskTime\DeskTime.exe"

uRun: [PCShowServer] "C:\Users\Z\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

uRun: [rn5.exe] "C:\Program Files (x86)\ActiveTracker\rn5.exe"

uRun: [GoogleChromeAutoLaunch_D1801CD989927B7FDAF4036BC5F318FA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [Google Update] "C:\Users\Z\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [LastApp] C:\Program Files (x86)\LastPass\lastapp_x64.exe

mRun: [LWS] E:\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup

mRun: [TrueImageMonitor.exe] "E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

mRun: [vspdfprsrv.exe] C:\Program Files (x86)\Avanquest\Expert PDF 8 Professional\vspdfprsrv.exe --background

mRun: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe

mRun: [sendmng] "C:\Program Files (x86)\OneSuiteFax\Client\SendMng.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Communicator] "C:\Program Files (x86)\Microsoft Lync\communicator.exe" /fromrunkey

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe /reminder

mRun: [Fast Boot] C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe

mRun: [bonus.SSR.FR11] "E:\Program Files\ABBYY\Bonus.ScreenshotReader.exe" /autorun

mRun: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe"

mRun: [iTunesHelper] "E:\Itunes\iTunesHelper.exe"

dRunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp64.exe -v 0x046d -p 0x082c -f audio -m logitech -d 13.51.823.0

StartupFolder: C:\Users\Z\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Z\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Z\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\Users\Z\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~2.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe

StartupFolder: C:\Users\Z\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PRTGEN~1.LNK - E:\Program Files (x86)\PRTG Network Monitor\PRTG Enterprise Console.exe

StartupFolder: C:\Users\Z\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\LUNASC~1.LNK - C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WINDOW~1.LNK - C:\Program Files\Windows Firewall Control\wfc.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\ZEROCL~1.LNK - C:\Program Files (x86)\Zero Click Spellchecker\ZeroClickSpellchecker.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\AUTORU~1\LUNASC~1.LNK - C:\Program Files (x86)\Lunascape\Lunascape6\Luna.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoInplaceSharing = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

mPolicies-System: DisplayLastLogonInfo = dword:1

mPolicies-System: SynchronousMachineGroupPolicy = dword:1

mPolicies-System: SynchronousUserGroupPolicy = dword:1

mPolicies-System: NoConnectedUser = dword:0

mPolicies-System: DontDisplayLockedUserId = dword:1

mPolicies-Windows\System: AllowBlockingAppsAtShutdown = dword:0

IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: LastPass - C:\Users\Z\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - C:\Users\Z\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: Open Client to monitor &1 - C:\WINDOWS\web\AOpenClient.htm

IE: Open Client to monitor &2 - C:\WINDOWS\web\AOpenClient.htm

IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\WPLauncher.hta

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {0050A87F-CF26-41AE-9C0A-C32307C941CB} - {0050A87F-CF26-41AE-9C0A-C32307C941CB} - C:\Program Files (x86)\ActiveTracker\plugins\internetexplorer\wegie\wegie.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html

IE: {bd02e86d-dc3d-40dd-bc65-c1bb4ac45c3a} - C:\Program Files (x86)\Internet Explorer\extensions\memonic\script.htm

LSP: %windir%\system32\vsocklib.dll

DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.caljobs.ca.gov/controls/smsx.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://bcw.mybenefitscalwin.org/Reserved.ReportViewerWebControl.axd?ReportSession=ddyd4255go0zfcf32fkxl045&Culture=1033&CultureOverrides=True&UICulture=9&UICultureOverrides=True&ReportStack=1&ControlID=f214fbc54e364a679b019ab47ea1f864&OpType=PrintCab&Arch=X86

DPF: {8F2EACD9-51A6-4915-B9AD-2AA8657CB472} - hxxps://webpostage.stamps.com/webpostage/plugin/SdcWebClientServices.cab

TCP: Interfaces\{F9FE9C4C-1F38-4F64-9814-288791A16E81} : NameServer = 208.201.224.11,208.201.224.33

TCP: Interfaces\{F9FE9C4C-1F38-4F64-9814-288791A16E81} : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\SysWow64\SSCbFsMntNtf3.dll

STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.37\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-BHO: Logitech SetPoint: {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: ExplorerWatcher Class: {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} - C:\Program Files (x86)\Clover\TabHelper64.dll

x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch

x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [boxSyncHelper] "C:\Program Files\Box Sync\BoxSyncHelper.exe"

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [Zoolz Tray] "C:\Program Files\Genie9\Zoolz2\ZoolzLauncher.exe" "C:\Program Files\Genie9\Zoolz2\Zoolz.exe" "-Delay"

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-mPolicies-System: PromptOnSecureDesktop = dword:0

x64-mPolicies-System: DisplayLastLogonInfo = dword:1

x64-mPolicies-System: SynchronousMachineGroupPolicy = dword:1

x64-mPolicies-System: SynchronousUserGroupPolicy = dword:1

x64-mPolicies-System: NoConnectedUser = dword:0

x64-mPolicies-System: DontDisplayLockedUserId = dword:1

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\WINDOWS\System32\SSCbFsMntNtf3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.duckduckgo.com/

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npdf.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitroie.dll

FF - plugin: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL

FF - plugin: C:\Users\Z\AppData\Local\DIRECTV Player\npPlayerPlugin.dll

FF - plugin: C:\Users\Z\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\nppdf32.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin2.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin3.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin4.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin5.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin6.dll

FF - plugin: C:\Users\Z\AppData\Roaming\Mozilla\plugins\npqtplugin7.dll

FF - plugin: C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1202122.dll

FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_75.dll

FF - plugin: C:\WINDOWS\SysWOW64\npDeployJava1.dll

FF - plugin: C:\WINDOWS\SysWOW64\npmproxy.dll

FF - plugin: E:\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

FF - plugin: E:\Itunes\Mozilla Plugins\npitunes.dll

FF - plugin: E:\Program Files\Amazon Music\npAmazonMP3DownloaderPlugin101721.dll

FF - ExtSQL: 2013-05-30 21:51; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

FF - ExtSQL: 2013-06-01 11:57; mozilla_cc@internetdownloadmanager.com; C:\Users\Z\AppData\Roaming\IDM\idmmzcc5

FF - ExtSQL: 2013-06-06 16:27; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi

FF - ExtSQL: 2013-06-06 16:27; 4or6@hunen.net; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\4or6@hunen.net.xpi

FF - ExtSQL: 2013-06-06 16:34; {ada4b710-8346-4b82-8199-5de2b400a6ae}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}

FF - ExtSQL: 2013-06-06 16:34; {9c491c49-071c-4039-98a5-66d3fe53b1b2}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{9c491c49-071c-4039-98a5-66d3fe53b1b2}.xpi

FF - ExtSQL: 2013-06-06 16:34; {5C46D283-ABDE-4dce-B83C-08881401921C}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi

FF - ExtSQL: 2013-06-06 16:34; printedit@DW-dev; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\printedit@DW-dev.xpi

FF - ExtSQL: 2013-06-06 16:34; FavIconReloader@mozilla.org; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\FavIconReloader@mozilla.org

FF - ExtSQL: 2013-06-06 16:40; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

FF - ExtSQL: 2013-06-06 16:40; {E0B8C461-F8FB-49b4-8373-FE32E9252800}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}

FF - ExtSQL: 2013-06-06 16:40; firefox@ghostery.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\firefox@ghostery.com

FF - ExtSQL: 2013-06-06 16:44; jid1-ZAdIEUB7XOzOJw@jetpack; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi

FF - ExtSQL: 2013-06-06 16:44; {f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi

FF - ExtSQL: 2013-06-06 16:45; map@quickmaps.me; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\map@quickmaps.me.xpi

FF - ExtSQL: 2013-06-06 16:47; restartless.restart@erikvold.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\restartless.restart@erikvold.com.xpi

FF - ExtSQL: 2013-06-06 16:48; CSTBB@NArisT2_Noia4dev; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\CSTBB@NArisT2_Noia4dev.xpi

FF - ExtSQL: 2013-06-06 16:49; about-addons-memory@tn123.org; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\about-addons-memory@tn123.org.xpi

FF - ExtSQL: 2013-06-06 16:53; jid1-BVejmheDFohuFQ@jetpack; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\jid1-BVejmheDFohuFQ@jetpack.xpi

FF - ExtSQL: 2013-06-06 16:59; {f69e22c7-bc50-414a-9269-0f5c344cd94c}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}

FF - ExtSQL: 2013-06-06 16:59; {ce7e73df-6a44-4028-8079-5927a588c948}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi

FF - ExtSQL: 2013-06-06 16:59; {bd54afa8-b14a-4d7a-aecf-37e34e882796}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{bd54afa8-b14a-4d7a-aecf-37e34e882796}

FF - ExtSQL: 2013-06-06 16:59; {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi

FF - ExtSQL: 2013-06-06 16:59; {097d3191-e6fa-4728-9826-b533d755359d}; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi

FF - ExtSQL: 2013-06-06 16:59; tineye@ideeinc.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\tineye@ideeinc.com.xpi

FF - ExtSQL: 2013-06-06 16:59; thumbnailZoom@dadler.github.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\thumbnailZoom@dadler.github.com.xpi

FF - ExtSQL: 2013-06-06 16:59; support@lastpass.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\support@lastpass.com

FF - ExtSQL: 2013-06-06 16:59; smarterwiki@wikiatic.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\smarterwiki@wikiatic.com.xpi

FF - ExtSQL: 2013-06-06 16:59; readable@evernote.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\readable@evernote.com.xpi

FF - ExtSQL: 2013-06-06 16:59; printPages2Pdf@reinhold.ripper; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\printPages2Pdf@reinhold.ripper

FF - ExtSQL: 2013-06-06 16:59; pavel.sherbakov@gmail.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\pavel.sherbakov@gmail.com

FF - ExtSQL: 2013-06-06 16:59; jsprintsetup@edabg.com; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\jsprintsetup@edabg.com.xpi

FF - ExtSQL: 2013-06-06 16:59; autopager@mozilla.org; C:\Users\Z\AppData\Roaming\Mozilla\Firefox\Profiles\c1pdkb81.default\extensions\autopager@mozilla.org.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\WINDOWS\System32\Drivers\fltsrv.sys [2013-1-17 155272]

R0 PxHlpa64;PxHlpa64;C:\WINDOWS\System32\Drivers\PxHlpa64.sys [2012-12-30 56208]

R0 tib_mounter;Acronis TIB Mounter;C:\WINDOWS\System32\Drivers\tib_mounter.sys [2013-1-17 1093256]

R0 vidsflt;Acronis Disk Storage Filter;C:\WINDOWS\System32\Drivers\vidsflt.sys [2013-1-17 166024]

R0 vsock;vSockets Driver;C:\WINDOWS\System32\Drivers\vsock.sys [2013-3-8 70296]

R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;E:\Program Files\ABBYY\NetworkLicenseServer.exe [2013-5-15 821048]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-1-17 3696632]

R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2013-3-28 241152]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]

R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files (x86)\AMD\OverDrive\amd64\AODDriver2.sys [2012-9-20 57512]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2012-9-20 136648]

R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2012-10-9 32368]

R2 IceDragonUpdater;COMODO IceDragon Update Service;C:\Program Files (x86)\Comodo\IceDragon\icedragon_updater.exe [2013-6-5 1821384]

R2 IDMWFP;IDMWFP;C:\WINDOWS\System32\Drivers\idmwfp.sys [2013-5-31 168288]

R2 iprip;RIP Listener;C:\WINDOWS\System32\svchost.exe -k ipripsvc [2013-1-24 29696]

R2 ListaryService;ListaryService;C:\Program Files\Listary\Listary.exe [2013-3-8 3716880]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-9 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-9 701512]

R2 MSI_ComCenService;MSI_ComCenService;C:\MSI\MSI SUITE\ControlCenter\ComCenService.exe [2013-2-26 75280]

R2 MSI_FastBoot;MSI_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [2013-6-1 103992]

R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]

R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2013-5-27 230408]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2013-5-27 70152]

R2 nsmService;NSM Service;C:\Program Files (x86)\NetSetMan Pro\nsmservice.exe [2013-6-3 1417328]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-14 1872568]

R2 pdfFactory4;pdfFactory Pro 4;C:\WINDOWS\System32\spool\drivers\x64\3\fppdis4.exe [2012-12-31 677592]

R2 PRTGCoreService;PRTG Core Server Service;E:\Program Files (x86)\PRTG Network Monitor\64 bit\PRTG Server.exe [2013-6-5 7225344]

R2 PRTGProbeService;PRTG Probe Service;E:\Program Files (x86)\PRTG Network Monitor\PRTG Probe.exe [2013-6-5 8535264]

R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]

R2 regi;regi;C:\WINDOWS\System32\Drivers\regi.sys [2012-12-20 15672]

R2 ShareMouse Service;ShareMouse Service;C:\Program Files (x86)\ShareMouse\smService.exe [2013-5-7 188632]

R2 SSPORT;SSPORT;C:\WINDOWS\System32\Drivers\SSPORT.SYS [2012-12-18 11576]

R2 Start8;Stardock Start8;C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe [2013-3-7 142960]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7017888]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]

R2 vmware-converter-agent;VMware vCenter Converter Standalone Agent;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [2011-8-19 423536]

R2 vmware-converter-server;VMware vCenter Converter Standalone Server;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]

R2 vmware-converter-worker;VMware vCenter Converter Standalone Worker;C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [2011-8-19 423536]

R2 WBA_Agent_Client;Brother BRAgent;C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [2013-5-15 86016]

R2 wfcs;Windows Firewall Control;C:\Program Files\Windows Firewall Control\wfcs.exe [2013-4-8 76912]

R2 WinisoCDBus;WinISO Virtual CD Drive;C:\WINDOWS\System32\Drivers\WinisoCDBus.sys [2013-1-27 204032]

R3 AE1000;Linksys AE1000 Driver;C:\WINDOWS\System32\Drivers\ae1000w7.sys [1980-1-1 1101600]

R3 afcdp;afcdp;C:\WINDOWS\System32\Drivers\afcdp.sys [2013-1-17 367200]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2013-2-14 94208]

R3 CompFilter64;UVCCompositeFilter;C:\WINDOWS\System32\Drivers\lvbflt64.sys [2012-10-26 26784]

R3 DM150Drv;DM150Drv;C:\WINDOWS\System32\Drivers\DM150Drv.sys [2013-1-26 24312]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\WINDOWS\System32\Drivers\LEqdUsb.sys [2013-1-3 79240]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\WINDOWS\System32\Drivers\LHidEqd.sys [2013-1-3 15752]

R3 LVRS64;Logitech RightSound Filter Driver;C:\WINDOWS\System32\Drivers\lvrs64.sys [2012-10-26 351520]

R3 LVUVC64;@oem91.inf,%PID_082C_DD%(UVC);Logitech HD Webcam C615(UVC);C:\WINDOWS\System32\Drivers\lvuvc64.sys [2012-10-26 4758176]

R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2013-4-9 25928]

R3 MBfilt;MBfilt;C:\WINDOWS\System32\Drivers\MBfilt64.sys [2013-6-1 32344]

R3 NTIOLib_FastBoot;NTIOLib_FastBoot;C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [2013-6-1 13368]

R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2013-5-23 801864]

R3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\WINDOWS\System32\Drivers\rusb3hub.sys [2012-8-27 114568]

R3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\WINDOWS\System32\Drivers\rusb3xhc.sys [2012-8-27 230280]

R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\WINDOWS\System32\Drivers\sscbfs3.sys [2013-2-10 347456]

R3 usbfilter;AMD USB Filter Driver;C:\WINDOWS\System32\Drivers\usbfilter.sys [2012-12-18 58536]

R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\WINDOWS\System32\Drivers\WPRO_41_2001.sys [2013-6-8 35344]

R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-25 198656]

S2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [2013-3-30 32088]

S3 amd_sata;amd_sata;C:\WINDOWS\System32\Drivers\amd_sata.sys [2013-2-26 79528]

S3 amd_xata;amd_xata;C:\WINDOWS\System32\Drivers\amd_xata.sys [2013-2-26 26280]

S3 amdkmafd;AMD Audio Bus Lower Filter;C:\WINDOWS\System32\Drivers\amdkmafd.sys [2013-3-28 21600]

S3 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-11-22 166424]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudbus.sys [2013-2-6 102936]

S3 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]

S3 epmntdrv;epmntdrv;C:\WINDOWS\System32\epmntdrv.sys [2013-1-27 17480]

S3 EuGdiDrv;EuGdiDrv;C:\WINDOWS\System32\EuGdiDrv.sys [2013-1-27 9800]

S3 NTIOLib_1_0_2;NTIOLib_1_0_2;C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys [2012-12-31 13328]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-4-26 14136]

S3 NTIOLib_1_0_C;NTIOLib_1_0_C;C:\MSI\MSI SUITE\NTIOLib_X64.sys [2012-12-30 11888]

S3 NTIOLib_1_1_S;NTIOLib_1_1_S;C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [2013-2-26 13368]

S3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;C:\Program Files (x86)\MSI\ControlCenter\Sleep\NTIOLib_X64.sys [2013-6-1 13368]

S3 RTL8167;Realtek 8167 NT Driver;C:\WINDOWS\System32\Drivers\Rt64win7.sys [2012-12-16 676968]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\Drivers\ssudmdm.sys [2013-2-6 203544]

S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\Drivers\usbaapl64.sys [2012-12-13 54784]

S3 vididr;Acronis Virtual Disk;C:\WINDOWS\System32\Drivers\vididr.sys [2013-1-17 228488]

S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]

S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\Drivers\WSDScan.sys [2013-1-24 23552]

S4 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2013-1-26 98304]

S4 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]

S4 CorelCreatorMessages;CorelCreatorMessages;C:\WINDOWS\System32\CorelCreatorMessages.exe [2011-4-14 105984]

S4 FinePrint7;FinePrint 7;C:\WINDOWS\System32\spool\drivers\x64\3\fpdisp7.exe [2012-12-31 684248]

S4 MSI_SuiteCharger;MSI_SuiteCharger;C:\MSI\MSI SUITE\Super-Charger\SuiteChargeService.exe [2013-2-26 122936]

S4 MSI_SuiteFastBoot;MSI_SuiteFastBoot;C:\MSI\MSI SUITE\FastBoot\SuiteFastBootService.exe [2013-2-26 105016]

S4 MSIFileSyncMonitor;MSI FileSync Monitor;C:\MSI\MSI SUITE\MSIMonitor\MSIFileSyncMonitor.exe [2013-2-26 9728]

S4 MSISleep;MSISleep;C:\Program Files (x86)\MSI\ControlCenter\Sleep\MSISleepService.exe [2013-6-1 282624]

S4 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-1-25 625304]

S4 Samsung UPD Service2;Samsung UPD Service2;C:\WINDOWS\System32\SUPDSvc2.exe [2012-4-5 158208]

S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 XobniService;XobniService;C:\Program Files (x86)\Xobni\XobniService.exe [2012-4-9 62184]

S4 Zoolz 2 Service;Zoolz Service;C:\Program Files\Genie9\Zoolz2\ZoolzService.exe [2013-5-19 453136]

.

=============== File Associations ===============

.

FileExt: .scr: SageThumbsImage.scr="%1" /S [userChoice]

FileExt: .txt: txtfile="C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe" "%1" [userChoice]

FileExt: .js: JSFile="E:\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"

ShellExec: dreamweaver.exe: Open="E:\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"

ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Office X6\Programs\LightningNavigator.exe" "-ViewDocument" "%1"

.

=============== Created Last 30 ================

.

2013-06-08 17:30:06 207968 ----a-w- C:\WINDOWS\System32\drivers\94116601.sys

2013-06-08 16:48:49 96784 ----a-w- C:\WINDOWS\SysWow64\WPRO_41_2001woem.tmp

2013-06-08 16:48:49 35344 ----a-w- C:\WINDOWS\System32\drivers\WPRO_41_2001.sys

2013-06-08 16:48:31 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFBD7B98-F9CD-4589-8EA9-918CE300B8E3}\offreg.dll

2013-06-08 08:39:37 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-06-08 07:30:58 -------- d-----w- C:\Program Files (x86)\LibreOfficeDev 4

2013-06-08 02:06:31 580096 ----a-w- C:\WINDOWS\System32\ac3filter.acm.old

2013-06-08 02:06:31 361472 ----a-w- C:\WINDOWS\System32\aacacm.acm

2013-06-08 02:06:31 3554304 ----a-w- C:\WINDOWS\System32\x264vfw.dll

2013-06-08 02:06:31 2231296 ----a-w- C:\WINDOWS\System32\ac3filter.acm.new

2013-06-08 02:06:31 2231296 ----a-w- C:\WINDOWS\System32\ac3filter.acm

2013-06-08 02:06:31 206336 ----a-w- C:\WINDOWS\System32\unrar64.dll

2013-06-08 02:06:31 1922048 ----a-w- C:\WINDOWS\System32\VSFilter.dll

2013-06-08 02:06:31 180736 ----a-w- C:\WINDOWS\System32\ac3acm.acm

2013-06-08 02:06:31 148992 ----a-w- C:\WINDOWS\System32\lagarith.dll

2013-06-08 02:06:31 127488 ----a-w- C:\WINDOWS\System32\ff_vfw.dll

2013-06-08 02:06:31 124909 ----a-w- C:\WINDOWS\System32\pthreadGC2.dll

2013-06-08 01:55:55 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FFBD7B98-F9CD-4589-8EA9-918CE300B8E3}\mpengine.dll

2013-06-07 16:00:25 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2013-06-07 00:05:42 -------- d-----w- C:\Users\Z\MHT Files

2013-06-06 23:04:13 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll.bak

2013-06-06 23:04:13 332800 ----a-w- C:\WINDOWS\SysWow64\mfds.dll.bak

2013-06-06 23:03:40 1679360 ----a-w- C:\WINDOWS\SysWow64\ac3filter.acm.new

2013-06-06 23:03:28 -------- d-----w- C:\Users\Z\AppData\Roaming\Advanced

2013-06-06 22:48:15 -------- d-----w- C:\Program Files (x86)\Shark007

2013-06-06 21:42:05 -------- d-----w- C:\Program Files\Wireshark

2013-06-06 21:38:39 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-06-06 21:38:39 -------- d-----w- C:\Program Files\iTunes

2013-06-06 21:38:39 -------- d-----w- C:\Program Files\iPod

2013-06-06 21:33:16 263576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-06-06 21:15:06 405320 ----a-w- C:\WINDOWS\SysWow64\is-5CP9U.tmp

2013-06-05 09:57:12 -------- d-----w- C:\ProgramData\Paessler

2013-06-05 09:57:06 -------- d-----w- C:\usr

2013-06-05 09:57:02 -------- d-----w- C:\ProgramData\Logs

2013-06-05 09:56:23 405320 ----a-w- C:\WINDOWS\SysWow64\is-0T3LB.tmp

2013-06-05 08:12:06 -------- d-----w- C:\Program Files (x86)\Network Security Task Manager

2013-06-05 08:09:10 -------- d-----w- C:\Program Files (x86)\WinPcap

2013-06-04 20:35:03 -------- d-----w- C:\Users\Z\AppData\Roaming\Final Draft

2013-06-04 16:37:47 -------- d-sh--w- C:\Users\Z\AppData\Local\ms-drivers

2013-06-04 16:37:47 -------- d-----w- C:\Users\Z\AppData\Local\MetaGeek,_LLC

2013-06-04 12:57:49 -------- d-----w- C:\Program Files (x86)\MetaGeek

2013-06-04 06:38:36 -------- d-----w- C:\Program Files\Nightly

2013-06-04 02:09:37 -------- d-----w- C:\WINDOWS\WICCodecs

2013-06-04 01:14:48 -------- d-----w- C:\ProgramData\Final Draft

2013-06-04 01:14:47 -------- d-----w- C:\Program Files (x86)\Final Draft 8

2013-06-04 01:13:48 -------- d-----w- C:\Program Files (x86)\Advanced

2013-06-04 01:13:23 -------- d-----w- C:\ProgramData\Advanced

2013-06-04 01:09:08 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-06-04 01:07:11 -------- d-----w- C:\Users\Z\AppData\Local\Amazon

2013-06-03 23:46:17 -------- d-----w- C:\Program Files (x86)\Elcomsoft Password Recovery

2013-06-03 23:16:45 -------- d-----w- C:\Program Files (x86)\NetSetMan Pro

2013-06-03 22:52:24 -------- d-----w- C:\Program Files\Active Directory Rights Management Services Client 2.1

2013-06-03 22:52:24 -------- d-----w- C:\Program Files (x86)\Active Directory Rights Management Services Client 2.1

2013-06-03 22:51:56 -------- d-----w- C:\ProgramData\Applications

2013-06-03 22:00:55 -------- d-----w- C:\Icons

2013-06-03 22:00:44 -------- d-----w- C:\New folder

2013-06-03 08:45:28 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft

2013-06-03 08:44:50 -------- d-----w- C:\Program Files (x86)\USPS

2013-06-02 03:56:04 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM

2013-06-02 03:56:04 -------- d-----w- C:\Program Files\Realtek

2013-06-02 01:44:38 -------- d--h--w- C:\msiFastBoot

2013-06-02 00:18:03 -------- d-----w- C:\Users\Z\AppData\Local\Micro-Star_Int'l_Co.,_Ltd

2013-06-01 20:30:57 106496 ----a-w- C:\Program Files (x86)\Windows Media Player\wmp.dll

2013-06-01 20:30:56 -------- d-----w- C:\Program Files (x86)\Windows Media Player Plus!

2013-06-01 04:10:29 168288 ----a-w- C:\WINDOWS\System32\drivers\idmwfp.sys

2013-05-31 10:05:21 -------- d-----w- C:\Users\Z\dsc

2013-05-31 04:58:59 -------- d-----w- C:\Program Files (x86)\Fastcase, Inc

2013-05-31 04:07:10 -------- d-----w- C:\Users\Z\CallerIP

2013-05-31 04:07:06 -------- d-----w- C:\Program Files (x86)\CallerIP

2013-05-31 03:57:33 -------- d-----w- C:\Users\Z\VisualRoute

2013-05-31 03:56:38 -------- d-----w- C:\Program Files (x86)\VisualRoute

2013-05-31 03:50:11 -------- d-----w- C:\Users\Z\eMailTrackerPro

2013-05-31 03:50:06 -------- d-----w- C:\Program Files (x86)\eMailTrackerPro

2013-05-30 22:15:18 -------- d-----w- C:\Upload

2013-05-30 22:15:00 -------- d-----w- C:\Samsung Link

2013-05-30 20:50:53 -------- d-----w- C:\Users\Z\AppData\Roaming\Fenrir Inc

2013-05-30 20:50:43 -------- d-----w- C:\Program Files (x86)\Fenrir Inc

2013-05-30 20:43:19 29704 ----a-w- C:\WINDOWS\System32\nitrolocalmon2.dll

2013-05-30 20:43:19 17928 ----a-w- C:\WINDOWS\System32\nitrolocalui2.dll

2013-05-30 20:43:08 -------- d-----w- C:\Program Files\Common Files\Nitro

2013-05-30 20:43:07 -------- d-----w- C:\Program Files (x86)\Nitro

2013-05-30 20:43:07 -------- d-----w- C:\Program Files (x86)\Common Files\Nitro

2013-05-29 23:57:20 -------- d-----w- C:\Users\Z\AppData\Local\Nero

2013-05-29 23:41:31 -------- d-----w- C:\Users\Z\AppData\Roaming\GlarySoft

2013-05-29 23:40:28 -------- d-----w- C:\Program Files (x86)\Glary Utilities

2013-05-29 23:18:43 -------- d-----w- C:\WINDOWS\LastGood.Tmp

2013-05-27 20:54:46 70152 ----a-w- C:\WINDOWS\SysWow64\NLSSRV32.EXE

2013-05-25 18:29:42 -------- d-----w- C:\Program Files\Cyberfox

2013-05-25 06:28:36 2322264 ----a-w- C:\WINDOWS\SysWow64\snjawt11.dll

2013-05-25 06:28:35 3258748 ----a-w- C:\WINDOWS\SysWow64\symbeans.dll

2013-05-25 06:28:35 317636 ----a-w- C:\WINDOWS\SysWow64\snjbeans11.dll

2013-05-25 06:28:35 2822148 ----a-w- C:\WINDOWS\SysWow64\snjrt11.dll

2013-05-25 06:28:35 200292 ----a-w- C:\WINDOWS\SysWow64\snjmath11.dll

2013-05-25 06:28:35 167280 ----a-w- C:\WINDOWS\SysWow64\snjres11.dll

2013-05-25 06:28:34 -------- d-----w- C:\My VoiceMail

2013-05-25 06:28:20 306688 ----a-w- C:\WINDOWS\IsUninst.exe

2013-05-25 05:32:34 -------- d-----w- C:\Users\Z\AppData\Local\Sanford,_L.P

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

2013-05-25 02:53:39 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

2013-05-24 03:12:14 801864 ----a-w- C:\WINDOWS\System32\drivers\Rt630x64.sys

2013-05-20 18:59:08 -------- d-----w- C:\Program Files\Genie9

2013-05-20 07:50:15 -------- d-----w- C:\Users\Z\.android

2013-05-19 12:43:51 -------- d-----w- C:\Users\Z\AppData\Local\Skitch

2013-05-17 04:26:22 -------- d-----w- C:\ContaCam

2013-05-17 04:26:21 -------- d-----w- C:\Users\Z\AppData\Roaming\Contaware

2013-05-17 04:25:01 -------- d-----w- C:\Program Files (x86)\ContaCam

2013-05-16 03:39:13 -------- d-----w- C:\brother

2013-05-14 22:39:24 78200 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 22:39:24 693112 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

2013-05-14 22:23:59 817152 ----a-w- C:\WINDOWS\System32\kerberos.dll

2013-05-14 22:21:01 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll

2013-05-14 22:21:00 2851840 ----a-w- C:\WINDOWS\System32\esent.dll

2013-05-14 22:20:59 1455368 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys

2013-05-14 22:20:38 861184 ----a-w- C:\WINDOWS\System32\drivers\http.sys

2013-05-14 22:20:38 6987528 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

2013-05-14 21:42:32 -------- d-----w- C:\Users\Z\AppData\Roaming\EssentialPIM Pro

2013-05-14 21:42:32 -------- d-----w- C:\Program Files (x86)\EssentialPIM Pro

2013-05-11 10:38:02 209472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2013-05-10 04:47:29 -------- d-----w- C:\Program Files (x86)\LibreOffice 4.0

2013-05-09 22:27:15 -------- d-----w- C:\Program Files (x86)\Evernote

.

==================== Find3M ====================

.

2013-06-08 07:13:43 18960 ----a-w- C:\WINDOWS\System32\drivers\LNonPnP.sys

2013-06-06 06:37:04 204032 ----a-w- C:\WINDOWS\System32\drivers\WinisoCDBus.sys

2013-05-23 18:45:54 26432 ----a-w- C:\WINDOWS\System32\novamnp7.dll

2013-05-23 18:45:54 22336 ----a-w- C:\WINDOWS\System32\novamip7.dll

2013-05-19 01:09:32 5 ----a-w- C:\ProgramData\RICOH Aficio SP 100SF DDSTMonSet.bin

2013-05-13 20:22:46 287960 ------w- C:\WINDOWS\System32\fppr4-x64.dll

2013-05-13 20:22:38 596184 ------w- C:\WINDOWS\System32\fppmon4.dll

2013-05-13 20:22:36 75992 ------w- C:\WINDOWS\System32\fppent4a.dll

2013-05-13 04:55:36 346840 ------w- C:\WINDOWS\System32\fpres7-x64.dll

2013-05-13 04:55:28 568024 ------w- C:\WINDOWS\System32\fpmon7.dll

2013-05-13 04:55:26 49368 ------w- C:\WINDOWS\System32\fpent7a.dll

2013-05-02 15:29:56 278800 ------w- C:\WINDOWS\System32\MpSigStub.exe

2013-05-01 10:59:12 94208 ----a-w- C:\WINDOWS\SysWow64\QuickTimeVR.qtx

2013-05-01 10:59:12 69632 ----a-w- C:\WINDOWS\SysWow64\QuickTime.qts

2013-04-29 18:00:00 1566720 ----a-w- C:\WINDOWS\SysWow64\VSFilter.dll

2013-04-24 02:07:44 95648 ----a-w- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll

2013-04-24 02:07:42 866720 ----a-w- C:\WINDOWS\SysWow64\npDeployJava1.dll

2013-04-24 02:07:42 788896 ----a-w- C:\WINDOWS\SysWow64\deployJava1.dll

2013-04-24 02:06:48 108448 ----a-w- C:\WINDOWS\System32\WindowsAccessBridge-64.dll

2013-04-24 02:06:47 1092512 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll

2013-04-24 02:06:46 971680 ----a-w- C:\WINDOWS\System32\deployJava1.dll

2013-04-22 11:09:56 0 ----a-w- C:\SDT39AF.tmp

2013-04-22 07:59:20 208216 ----a-w- C:\WINDOWS\System32\drivers\13302766.sys

2013-04-16 00:48:03 27016 ----a-w- C:\WINDOWS\SysWow64\drivers\PROCEXP141.SYS

2013-04-15 09:38:12 0 ----a-w- C:\SDT3C3D.tmp

2013-04-13 05:56:35 444416 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll

2013-04-10 03:09:50 73800 ----a-w- C:\WINDOWS\System32\RtNicProp64.dll

2013-04-09 23:17:44 2242048 ----a-w- C:\WINDOWS\System32\wininet.dll

2013-04-09 23:17:36 915968 ----a-w- C:\WINDOWS\System32\uxtheme.dll

2013-04-09 23:16:58 3958784 ----a-w- C:\WINDOWS\System32\jscript9.dll

2013-04-09 22:30:26 1767424 ----a-w- C:\WINDOWS\SysWow64\wininet.dll

2013-04-09 22:29:44 2877440 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll

2013-04-09 05:33:02 489576 ----a-w- C:\WINDOWS\System32\AudioEng.dll

2013-04-09 05:33:02 446792 ----a-w- C:\WINDOWS\System32\AudioSes.dll

2013-04-09 05:33:02 253544 ----a-w- C:\WINDOWS\System32\audiodg.exe

2013-04-09 05:27:43 284424 ----a-w- C:\WINDOWS\System32\drivers\spaceport.sys

2013-04-09 05:20:02 86280 ----a-w- C:\WINDOWS\System32\kdnet.dll

2013-04-09 05:20:02 306952 ----a-w- C:\WINDOWS\System32\kd_02_10ec.dll

2013-04-09 05:18:05 77960 ----a-w- C:\WINDOWS\System32\kdvm.dll

2013-04-09 05:17:57 1829408 ----a-w- C:\WINDOWS\System32\ntdll.dll

2013-04-09 04:52:07 816128 ----a-w- C:\WINDOWS\System32\SearchIndexer.exe

2013-04-09 04:52:07 373760 ----a-w- C:\WINDOWS\System32\SearchProtocolHost.exe

2013-04-09 04:52:07 197120 ----a-w- C:\WINDOWS\System32\SearchFilterHost.exe

2013-04-09 04:52:07 126464 ----a-w- C:\WINDOWS\System32\Robocopy.exe

2013-04-09 04:52:06 804352 ----a-w- C:\WINDOWS\System32\RecoveryDrive.exe

2013-04-09 04:51:51 367616 ----a-w- C:\WINDOWS\System32\conhost.exe

2013-04-09 04:51:45 523264 ----a-w- C:\WINDOWS\System32\XpsGdiConverter.dll

2013-04-09 04:51:41 99840 ----a-w- C:\WINDOWS\System32\wscsvc.dll

2013-04-09 04:51:41 456704 ----a-w- C:\WINDOWS\System32\wpncore.dll

2013-04-09 04:51:20 13648384 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll

2013-04-09 04:51:17 595456 ----a-w- C:\WINDOWS\System32\Windows.Networking.dll

2013-04-09 04:51:17 391168 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll

2013-04-09 04:51:05 10116096 ----a-w- C:\WINDOWS\System32\twinui.dll

2013-04-09 04:51:03 3552768 ----a-w- C:\WINDOWS\System32\tquery.dll

2013-04-09 04:50:53 414720 ----a-w- C:\WINDOWS\System32\GenuineCenter.dll

2013-04-09 04:50:39 422400 ----a-w- C:\WINDOWS\System32\schannel.dll

2013-04-09 04:50:39 1285632 ----a-w- C:\WINDOWS\System32\schedsvc.dll

2013-04-09 04:50:03 96256 ----a-w- C:\WINDOWS\System32\mssprxy.dll

2013-04-09 04:50:03 745984 ----a-w- C:\WINDOWS\System32\mssvp.dll

2013-04-09 04:50:03 2107904 ----a-w- C:\WINDOWS\System32\mssrch.dll

2013-04-09 04:50:02 65024 ----a-w- C:\WINDOWS\System32\msscntrs.dll

2013-04-09 04:50:02 435200 ----a-w- C:\WINDOWS\System32\mssph.dll

2013-04-09 04:50:02 13824 ----a-w- C:\WINDOWS\System32\msshooks.dll

2013-04-09 04:49:54 1444864 ----a-w- C:\WINDOWS\System32\MSAudDecMFT.dll

2013-04-09 04:49:45 468992 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll

2013-04-09 04:49:45 281088 ----a-w- C:\WINDOWS\System32\mfreadwrite.dll

2013-04-09 04:49:33 210432 ----a-w- C:\WINDOWS\System32\iuilp.dll

2013-04-09 04:49:16 50176 ----a-w- C:\WINDOWS\System32\fmifs.dll

2013-04-09 04:49:16 231936 ----a-w- C:\WINDOWS\System32\fhengine.dll

2013-04-09 04:49:09 172544 ----a-w- C:\WINDOWS\System32\dwmredir.dll

2013-04-09 04:49:06 196096 ----a-w- C:\WINDOWS\System32\dmvdsitf.dll

2013-04-09 04:48:43 2303488 ----a-w- C:\WINDOWS\System32\authui.dll

2013-04-09 04:48:42 785408 ----a-w- C:\WINDOWS\System32\audiosrv.dll

2013-04-09 04:48:42 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll

2013-04-09 04:48:34 419840 ----a-w- C:\WINDOWS\System32\intl.cpl

2013-04-09 02:35:13 4038144 ----a-w- C:\WINDOWS\System32\win32k.sys

2013-04-09 02:34:49 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys

2013-04-09 02:34:42 27648 ----a-w- C:\WINDOWS\System32\drivers\hidusb.sys

2013-04-09 02:34:30 95744 ----a-w- C:\WINDOWS\System32\drivers\hidbth.sys

2013-04-09 02:33:41 60416 ----a-w- C:\WINDOWS\System32\drivers\ndproxy.sys

2013-04-09 02:33:05 623104 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys

2013-04-09 02:32:02 805376 ----a-w- C:\WINDOWS\System32\drivers\PEAuth.sys

2013-04-09 02:31:14 247808 ----a-w- C:\WINDOWS\System32\drivers\srvnet.sys

2013-04-09 02:31:01 83456 ----a-w- C:\WINDOWS\System32\drivers\wanarp.sys

2013-04-08 23:44:25 123880 ----a-w- C:\WINDOWS\SysWow64\wscapi.dll

2013-04-08 23:39:14 1408896 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll

2013-04-08 23:37:29 426024 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll

2013-04-08 23:37:29 324368 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll

2013-04-08 21:52:16 670208 ----a-w- C:\WINDOWS\SysWow64\SearchIndexer.exe

2013-04-08 21:52:16 302592 ----a-w- C:\WINDOWS\SysWow64\SearchProtocolHost.exe

2013-04-08 21:52:16 171008 ----a-w- C:\WINDOWS\SysWow64\SearchFilterHost.exe

2013-04-08 21:52:16 106496 ----a-w- C:\WINDOWS\SysWow64\Robocopy.exe

2013-04-08 21:52:06 364544 ----a-w- C:\WINDOWS\SysWow64\XpsGdiConverter.dll

2013-04-06 04:26:24 1679360 ----a-w- C:\WINDOWS\SysWow64\ac3filter.acm

2013-04-04 23:30:17 503080 ----a-w- C:\WINDOWS\System32\ci.dll

2013-04-04 21:50:32 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

2013-04-02 14:09:52 4550656 ----a-w- C:\WINDOWS\SysWow64\GPhotos.scr

2013-03-30 18:16:05 1403784 ----a-w- C:\WINDOWS\System32\winload.efi

2013-03-30 18:16:05 1267424 ----a-w- C:\WINDOWS\System32\winload.exe

2013-03-29 02:37:10 78432 ----a-w- C:\WINDOWS\System32\atimpc64.dll

.

============= FINISH: 10:41:44.91 ===============

Attached are my logs

dds.txt

attach.txt

[Maurice Naggar]

Hello and welcome to the MalwareBytes forums.

My name is Maurice Naggar.

I will be helping you today.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

If this is not your computer, or if it belongs to a company or organization then please Stop and tell me.

I'll need more information to locate the source of the issue.

Please post the last MBAM scan log so that I can review.

Tell me in detail just what is running odd. That will help me to help you better.

Advise me whether Windows 8 is running in a VM or if it is running natively.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 / 8 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

IF prompted to update Avast definitions, answer NO.

On the following screen:

uncheck trace disk IO calls at the bottom left

Now, Click the "Scan" button to start scan.

Have patience as it scans.

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me)

Now click save log, save it to your desktop and Copy & Paste in your next reply.

Do NOT click any Fix button.

EXIT the tool.

NEXT

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7 / 8, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

[Maurice Naggar]

It has been 3 days since my reply to you. Are you still with us?

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!