Got the Interpol "Your computer has been blocked" malware

mheffler · September 6, 2013

About a week ago I got the Interpol "Your computer hasbeen bllocked" ransomware. I did a web search and found teh Malwarebytes would remove it. Luckily I had Malwarebytes i that laptop and it was resolved for a week. Then it came back and does with each reboot. I am not able to uninstall Microsoft Security Essentials enough to be able to readd it. I am worried I might have gottn a rootkit than infected my bios. At one point yesterday I got into a boot loop even trying to boot safe. I finally have things up an stabile for now. I suspect it will come back when I reboiot. Here are the hijack this logs:

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by max at 7:26:36 on 2013-09-06
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12190.7034 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\Hpservice.exe
D:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Soluto\SolutoLauncherService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sendori\SendoriSvc.exe
D:\Program Files (x86)\Stardock\Multiplicity2\Multipl2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
D:\Program Files (x86)\Stardock\Multiplicity2\MP2Control.exe
c:\program files\soluto\soluto.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
D:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
D:\Program Files (x86)\Stardock\Multiplicity2\MP2Drag.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\ProgramData\Search Protection\SearchProtection.exe
D:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\SysWow64\NOTEPAD.EXE
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\System32\taskmgr.exe
C:\Users\max\AppData\Local\Stardock\StardockCentral\Stardock Central.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
uRun: [AdobeBridge] <no file>
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [systemExplorerAutoStart] "D:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [searchProtection] C:\ProgramData\Search Protection\_run.bat
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Multiplicity] C:\Program Files (x86)\Stardock\Multiplicity\multipl.exe
mRun: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Family Tree Builder Update] D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [bCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\Users\max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - D:\Program Files (x86)\Stardock\Fences\Fences.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PRINTK~1.LNK - C:\Windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoViewOnDrive = dword:0
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisableLocalMachineRun = dword:0
uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
uPolicies-Explorer: DisableCurrentUserRun = dword:0
uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoFile = dword:0
uPolicies-Explorer: HideClock = dword:0
uPolicies-Explorer: NoDevMgrUpdate = dword:0
uPolicies-Explorer: NoDFSTab = dword:0
uPolicies-Explorer: NoWindowsUpdate = dword:0
uPolicies-Explorer: NoEncryptOnMove = dword:0
uPolicies-Explorer: NoRunasInstallPrompt = dword:0
uPolicies-Explorer: NoResolveTrack = dword:0
uPolicies-Explorer: NoStartMenuSubFolders = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableVirtualization = dword:0
mPolicies-Explorer: NoViewOnDrive = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: DisableLocalMachineRun = dword:0
mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0
mPolicies-Explorer: DisableCurrentUserRun = dword:0
mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-Explorer: NoFile = dword:0
mPolicies-Explorer: HideClock = dword:0
mPolicies-Explorer: NoDevMgrUpdate = dword:0
mPolicies-Explorer: NoDFSTab = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoEncryptOnMove = dword:0
mPolicies-Explorer: NoRunasInstallPrompt = dword:0
mPolicies-Explorer: NoResolveTrack = dword:0
mPolicies-Explorer: NoStartMenuSubFolders = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-System: NoDispSettingsPage = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Windows\System32\Sendori.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{9965CC2F-CB66-4D79-9CCF-C647A6FDC4DF} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E} : NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E} : DHCPNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}\84F4D454D214631423 : NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}\84F4D454D214631423 : DHCPNameServer = 75.75.76.76 75.75.75.75
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Webroot Vault: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} -
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [Fences] "D:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - D:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll
FF - plugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: D:\Program Files (x86)\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
FF - plugin: D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\Windows\System32\drivers\amdkmpfd.sys [2012-2-1 31872]
R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2012-11-24 14456]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-1-27 16152]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-6 55856]
R0 Soluto;Soluto;C:\Windows\System32\drivers\Soluto.sys [2012-10-28 54728]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-4-25 93272]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-10-28 57976]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-10-13 89600]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-4-23 135952]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-9-7 87992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPPRXSVC;HPPRXSVC;C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [2012-3-6 37432]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-2-22 31000]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-13 13592]
R2 Multiplicity;Stardock Multiplicity 2 Service;D:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe [2012-11-26 124080]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-1-10 65657]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-9-24 1328736]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-9-24 656480]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2013-7-10 182848]
R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2013-7-10 792128]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\Windows\System32\drivers\bcbtums.sys [2012-10-13 134696]
R3 btwampfl;btwampfl Bluetooth filter driver;C:\Windows\System32\drivers\btwampfl.sys [2012-10-13 615976]
R3 BTWDPAN;Bluetooth Personal Area Network;C:\Windows\System32\drivers\btwdpan.sys [2012-10-13 89640]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-10-13 39976]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-2-1 169752]
R3 ikbevent;Intel Upper keyboard Class Filter Driver;C:\Windows\System32\drivers\ikbevent.sys [2012-2-9 25536]
R3 imsevent;Intel Upper Mouse Class Filter Driver;C:\Windows\System32\drivers\imsevent.sys [2012-2-9 25536]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-13 342528]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2012-2-28 14741632]
R3 ISCT;Intel® Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-1-27 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-1-27 787736]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-8-9 25528]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-16 103536]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
R3 SmbDrv;SmbDrv;C:\Windows\System32\drivers\Smb_driver.sys [2012-2-23 21264]
R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2012-11-20 347456]
R3 SystemExplorerHelpService;System Explorer Service;D:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [2013-5-17 821720]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 139616]
S2 SBSDWSCService;SBSD Security Center Service;D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-10-28 1153368]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-9-15 169624]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-3-26 235520]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-3-15 198144]
S3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-3-15 659976]
S3 CLKMSVC10_38F51D56;CyberLink Product - 2012/10/13 03:11:29;C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [2012-2-8 244720]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-12-22 1038088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-26 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 FsUsbExDisk;FsUsbExDisk;C:\Windows\SysWOW64\FsUsbExDisk.Sys [2013-3-16 37344]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-10-28 30192]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-8-9 35256]
S3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2011-12-8 607456]
S3 ISCTAgent;ISCT Always Updated Agent;C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [2012-2-9 133632]
S3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-13 161560]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2009-10-7 271640]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2009-10-7 327704]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2009-10-7 6379288]
S3 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-3-25 121144]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-6-25 272688]
S3 NisSrv;NisSrv;"C:\Program Files\Microsoft Security Client\NisSrv.exe" --> C:\Program Files\Microsoft Security Client\NisSrv.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-31 19456]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\drivers\RtsP2Stor.sys [2012-10-13 260712]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-7-25 162672]
S3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2013-7-10 1942528]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-20 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2012-10-31 29696]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-31 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-31 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-20 117248]
S3 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-13 363800]
S3 usb3Hub;USB-IF USB 3.0 Hub;C:\Windows\System32\drivers\usb3Hub.sys [2012-8-9 48096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-23 1255736]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);C:\Windows\System32\drivers\WPRO_41_2001.sys [2012-10-13 34752]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\Windows\System32\drivers\xHCIPort.sys [2012-8-9 188384]
S3 XobniService;XobniService;D:\Program Files (x86)\Xobni\XobniService.exe [2012-4-9 62184]
S3 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-6-25 3325232]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
FileExt: .js: jsfile="D:\Program Files\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe","%1"
ShellExec: dreamweaver.exe: Open="D:\Program Files\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-09-06 11:59:54   --------   d-----w-   C:\ProgramData\Licenses
2013-09-06 11:59:52   --------   d-----w-   C:\Program Files (x86)\SpywareBlaster
2013-09-05 23:08:47   --------   d-----w-   C:\Program Files (x86)\Microsoft Security Client
2013-09-05 23:08:44   --------   d-----w-   C:\Windows\TempC6EE759C-0705-7C19-0929-66732D4D24B7-Signatures
2013-09-05 09:19:37   --------   d-----w-   C:\ProgramData\3XsngX33
2013-08-30 01:42:59   --------   d-sh--w-   C:\$$PendingFiles
2013-08-29 21:55:01   --------   d-----w-   C:\Windows\pss
2013-08-29 21:38:25   --------   d-----w-   C:\ProgramData\jqjde
2013-08-29 12:52:25   --------   d-----w-   C:\ProgramData\kluc
2013-08-20 21:24:37   --------   d-----w-   C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 21:24:37   --------   d-----w-   C:\Program Files\iTunes
2013-08-20 21:24:37   --------   d-----w-   C:\Program Files\iPod
2013-08-13 21:22:19   224256   ----a-w-   C:\Windows\System32\wintrust.dll
.
==================== Find3M ====================
.
2013-08-20 23:06:20   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 23:06:20   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-20 23:06:13   17139080   ----a-w-   C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-07-26 05:13:37   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-07-26 05:12:08   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54   1888768   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-07-19 01:41:01   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-07-10 22:59:57   108968   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
2013-07-10 22:59:56   972712   ----a-w-   C:\Windows\System32\deployJava1.dll
2013-07-10 22:59:56   1093032   ----a-w-   C:\Windows\System32\npDeployJava1.dll
2013-07-10 22:57:49   96168   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 22:57:47   867240   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-07-10 22:57:47   789416   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-07-10 22:28:24   54728   ----a-w-   C:\Windows\System32\drivers\Soluto.sys
2013-07-09 06:03:30   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22   1732032   ----a-w-   C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12   243712   ----a-w-   C:\Windows\System32\wow64.dll
2013-07-09 05:51:16   1217024   ----a-w-   C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20   1472512   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-07-09 05:03:34   3968960   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34   3913664   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47   1292192   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33   663552   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-07-09 04:52:10   175104   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-07-09 04:45:07   44032   ----a-w-   C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53   1910208   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-07-03 12:01:06   928288   ----a-w-   C:\Windows\SysWow64\FTBSaver.scr
2013-07-01 19:28:10   325920   ----a-w-   C:\Windows\SysWow64\Sendori.dll
2013-06-19 02:50:08   247216   ----a-w-   C:\Windows\System32\drivers\MpFilter.sys
2013-06-19 02:50:08   139616   ----a-w-   C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-15 04:32:16   39936   ----a-w-   C:\Windows\System32\drivers\tssecsrv.sys
2013-04-17 02:28:01   9842040   ----a-w-   C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 7:26:43.86 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/21/2012 6:59:41 PM
System Uptime: 9/5/2013 5:57:18 PM (14 hours ago)
.
Motherboard: Hewlett-Packard | | 1853
Processor: Intel® Core i7-3720QM CPU @ 2.60GHz | U3E1 | 2601/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 11.953 GiB free.
D: is FIXED (NTFS) - 679 GiB total, 626.569 GiB free.
E: is FIXED (NTFS) - 1 GiB total, 0.624 GiB free.
F: is FIXED (NTFS) - 20 GiB total, 2.075 GiB free.
G: is CDROM ()
N: is NetworkDisk (NTFS) - 929 GiB total, 320.482 GiB free.
Y: is NetworkDisk (NTFS) - 464 GiB total, 135.859 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0001
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0001
Service:
.
Class GUID:
Description:
Device ID: ROOT\STORLIB\0002
Manufacturer:
Name:
PNP Device ID: ROOT\STORLIB\0002
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
7-Zip 9.20
7-Zip 9.22 (x64 edition)
8500A909_BasicWeb
8500A909_Help_BasicWeb
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Security Add-on
Adobe Acrobat X Pro - English, Français, Deutsch
Adobe AIR
Adobe Anchor Service CS4
Adobe Anchor Service x64 CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CMaps x64 CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CS6 Design and Web Premium
Adobe CSI CS4
Adobe CSI CS4 x64
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Drive CS4 x64
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Fonts All x64
Adobe Help Manager
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe InDesign CS4 Icon Handler x64
Adobe Linguistics CS4
Adobe Linguistics CS4 x64
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe PDF Library Files x64 CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 (64 Bit)
Adobe Photoshop CS4 Support
Adobe Photoshop Elements 10
Adobe Reader XI (11.0.03)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 12.0
Adobe SING CS4
Adobe Type Support CS4
Adobe Type Support x64 CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe Widget Browser
Adobe WinSoft Linguistics Plugin
Adobe WinSoft Linguistics Plugin x64
Adobe XMP Panels CS4
Adobe® Content Viewer
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Cloud Drive
Amazon Cloud Player
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arachnophilia version 4.0
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Audacity 2.0.3
BOINC
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Broadcom Bluetooth Software
Brother's Keeper 6.6
BufferChm
CameraHelperMsi
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
CompanionLink
Connect
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition
Document Express DjVu Plug-in
Dolet Light for Finale
Download App
Dropbox
Duplicate File Finder (x64)
EasyBCD 2.2
Elements 10 Organizer
erLT
ESU for Microsoft Windows 7 SP1
Family Tree Maker 2008
FamilySearch Indexing 3.15.1
Fences 2
Fences Pro
FileHippo.com Update Checker
Finale 2003
FolderClone Professional Edition v2.0.5
Free Sound Recorder v9.4.1
GenSmarts
Google Chrome
Google Desktop
Google Drive
Google Earth
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP 3D DriveGuard
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP Officejet Pro 8500 A909 Series
HP On Screen Display
HP Power Manager
HP Product Detection
HP Proximity Sensor Utility
HP Quick Launch
HP Recovery Manager
HP Setup
HP Software Framework
HP Support Assistant
HP Wireless Audio Manager 1.3.5
IDT Audio
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Smart Connect Technology 2.0 x64
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® WiDi
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Iomega StorCenter
IrfanView (remove only)
iTunes
Java 7 Update 25
Java 7 Update 25 (64-bit)
Junk Mail filter update
Kies mini
kuler
LinkedIn Outlook Connector
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Access MUI (English) 2013
Microsoft Access Setup Metadata MUI (English) 2013
Microsoft Application Error Reporting
Microsoft DCF MUI (English) 2013
Microsoft Excel MUI (English) 2013
Microsoft Groove MUI (English) 2013
Microsoft InfoPath MUI (English) 2013
Microsoft Lync MUI (English) 2013
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 64-bit Components 2013
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office FrontPage 2003
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2007
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OSM MUI (English) 2013
Microsoft Office OSM UX MUI (English) 2013
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus 2013
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (English) 2013
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2013
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (English) 2013
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2013
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2010
Microsoft OneNote MUI (English) 2013
Microsoft Outlook MUI (English) 2013
Microsoft Outlook Social Connector Provider for Facebook 32-bit
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
Microsoft PowerPoint MUI (English) 2013
Microsoft Primary Interoperability Assemblies 2005
Microsoft Publisher MUI (English) 2013
Microsoft Security Client
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Word MUI (English) 2013
Microsoft WSE 3.0
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
Motorola Mobile Drivers Installation 6.0.0
Movie Maker
Mozilla Firefox 23.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MTP Porting Kit
MyFreeCodec
MyHeritage Family Tree Builder
Network64
NirSoft NK2Edit
NirSoft Wireless Network Watcher
Notepad++
Online Plug-in
Outils de vérification linguistique 2013 de Microsoft Office - Français
PDF Settings CS4
PDF Settings CS6
Photo Common
Photo Gallery
Photoshop Camera Raw
Photoshop Camera Raw_x64
Pixel Bender Toolkit
Power2Go
PrintKey-Pro v1.05
PSE10 STI Installer
PX Profile Update
QuickTime
Readiris Pro 12
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek PCIE Card Reader
RealUpgrade 1.1
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Scan
Secunia PSI (3.0.0.4001)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2013 (KB2817491) 32-Bit Edition
Security Update for Microsoft Office Visio 2007 suites (KB2596595) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Self-service Plug-in
Send To Toys v2.7
Sendori
Skype Click to Call
Skype™ 6.7
Soluto
Spybot - Search & Destroy
SpywareBlaster 5.0
Stardock Central
Stardock Fences 2
Stardock Multiplicity 2
SugarSync
Suite Shared Configuration CS4
swMSM
Synaptics Pointing Device Driver
System Explorer 4.2.2
Toolbox
UltraFileSearch
UltraVnc
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817482) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817489) 32-Bit Edition
Update for Microsoft Office 2013 (KB2817492) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition
Update for Microsoft Word 2013 (KB2767863) 32-Bit Edition
Update for Microsoft Word 2013 (KB2810086) 32-Bit Edition
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
World Community Grid
Xenu's Link Sleuth
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
9/6/2013 5:59:47 AM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/6/2013 12:06:46 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
9/5/2013 8:37:58 AM, Error: Service Control Manager [7000] - The Stardock Multiplicity 2 Service service failed to start due to the following error: The pipe has been ended.
9/5/2013 8:37:56 AM, Error: Service Control Manager [7031] - The Stardock Multiplicity 2 Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 2000 milliseconds: Restart the service.
9/5/2013 8:25:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
9/5/2013 8:25:50 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2013 8:24:50 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2013 8:24:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
9/5/2013 8:24:50 AM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2013 8:23:50 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2013 8:23:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Sendori service to connect.
9/5/2013 8:23:50 AM, Error: Service Control Manager [7000] - The Application Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The RealNetworks Downloader Resolver Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The HPWMISVC service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The HPPRXSVC service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The DeviceMonitorService service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 8:22:50 AM, Error: Service Control Manager [7031] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2013 8:22:50 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/5/2013 7:24:31 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The system cannot find the file specified.
9/5/2013 7:12:48 PM, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: Access is denied.
9/5/2013 6:24:40 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 4 time(s).
9/5/2013 6:24:39 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 3 time(s).
9/5/2013 6:24:16 AM, Error: Service Control Manager [7034] - The sndappv2 service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 6:24:16 AM, Error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 6:24:15 AM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 6:24:15 AM, Error: Service Control Manager [7034] - The Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 6:24:12 AM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 6:20:20 AM, Error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 5:57:44 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
9/5/2013 5:57:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
9/5/2013 5:57:35 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
9/5/2013 5:57:32 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
9/5/2013 5:57:32 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.
9/5/2013 5:57:32 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/5/2013 5:53:34 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
9/5/2013 5:53:34 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
9/5/2013 5:49:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
9/5/2013 5:49:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:49:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/5/2013 5:49:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/5/2013 5:49:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/5/2013 5:49:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/5/2013 5:49:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2013 5:49:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/5/2013 5:46:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC ctxusbm DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss Soluto spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf ws2ifsl
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The PST Service service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
9/5/2013 5:46:48 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
9/5/2013 5:45:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache MpFilter Soluto spldr vpcvmm Wanarpv6
9/5/2013 5:34:39 PM, Error: Microsoft-Windows-Directory-Services-SAM [12291] - SAM failed to start the TCP/IP or SPX/IPX listening thread
9/5/2013 3:13:00 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 2 time(s).
9/5/2013 2:13:00 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate) service terminated unexpectedly. It has done this 1 time(s).
9/5/2013 2:13:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
9/5/2013 2:13:00 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2013 10:19:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the PST Service service to connect.
9/5/2013 10:19:07 AM, Error: Service Control Manager [7000] - The PST Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
9/5/2013 10:19:01 AM, Error: Service Control Manager [7031] - The PST Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service.
9/5/2013 1:13:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

Anything obvious? I notice Malwarebytes keeps identifying the gupdate as being infected, even after it is cleaned.

Thanks for any help.

gringo_pr · September 6, 2013

Hello mheffler

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

Please do not run any tools unless instructed to do so.
- We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
Please do not attach logs or use code boxes, just copy and paste the text.
- Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
Please read every post completely before doing anything.
- Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
Please provide feedback about your experience as we go.
- A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Gringo

mheffler · September 6, 2013

My mail provider is having problems so I will just have to keep checking this thread. I am waiting for a call from them. In the meantime (post too long message so sending in two pieces):

frst.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-09-2013
Ran by max (administrator) on MAX-LAP on 06-09-2013 17:41:21
Running from C:\Users\max\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Multiplicity2\Multipl2.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Multiplicity2\MP2Control.exe
(Soluto) c:\program files\soluto\soluto.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(FileHippo.com) D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(WareCentral.com) D:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Stardock Software, Inc) D:\Program Files (x86)\Stardock\Multiplicity2\MP2Drag.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Mister Group) D:\Program Files (x86)\System Explorer\SystemExplorer.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
(Logitech Inc.) D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Lavasoft.) C:\ProgramData\Search Protection\SearchProtection.exe
(Mister Group) D:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(MyHeritage) D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Lavasoft Limited) C:\PROGRA~2\AD-AWA~1\AdAware.exe
(GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWow64\NOTEPAD.EXE
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Stardock) C:\Users\max\AppData\Local\Stardock\StardockCentral\Stardock Central.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Microsoft Corporation) D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-01-04] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885904 2012-02-23] (Synaptics Incorporated)
HKLM\...\Run: [setDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-20] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Fences] - D:\Program Files (x86)\Stardock\Fences\Fences.exe [4013744 2013-04-25] (Stardock Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Winlogon: [userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoDrives] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [WinPatrol] - D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [439360 2013-08-12] (BillP Studios)
HKCU\...\Run: [spybotSD TeaTimer] - D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [FileHippo.com] - D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3108864 2013-06-21] ()
HKCU\...\Policies\system: [DisableCMD] 0
HKCU\...\Policies\system: [NoDispAppearancePage] 0
HKCU\...\Policies\system: [NoDispBackgroundPage] 0
HKCU\...\Policies\system: [NoDispSettingsPage] 0
HKCU\...\Policies\Explorer: [NoFolderOptions] 0
HKCU\...\Policies\Explorer: [NoViewOnDrive] 0
HKCU\...\Policies\Explorer: [NoDrives] 0
HKCU\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKCU\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKCU\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKCU\...\Policies\Explorer: [NoViewContextMenu] 0
HKCU\...\Policies\Explorer: [NoShellSearchButton] 0
HKCU\...\Policies\Explorer: [NoFind] 0
HKCU\...\Policies\Explorer: [NoFile] 0
HKCU\...\Policies\Explorer: [HideClock] 0
HKCU\...\Policies\Explorer: [NoTrayContextMenu] 0
HKCU\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKCU\...\Policies\Explorer: [NoSetFolders] 0
HKCU\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKCU\...\Policies\Explorer: [NoSetTaskbar] 0
HKCU\...\Policies\Explorer: [NoDeletePrinter] 0
HKCU\...\Policies\Explorer: [NoDFSTab] 0
HKCU\...\Policies\Explorer: [NoChangeStartMenu] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
HKCU\...\Policies\Explorer: [NoWindowsUpdate] 0
HKCU\...\Policies\Explorer: [NoEncryptOnMove] 0
HKCU\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKCU\...\Policies\Explorer: [NoResolveSearch] 0
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
HKCU\...\Policies\Explorer: [NoHardwareTab] 0
HKCU\...\Policies\Explorer: [NoStartMenuSubFolders] 0
MountPoints2: {47864847-5ab8-11e2-87b4-083e8e9a6d56} - H:\MotoCastSetup.exe -a
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [systemExplorerAutoStart] - D:\Program Files (x86)\System Explorer\SystemExplorer.exe [2851784 2013-05-16] (Mister Group)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [636032 2012-03-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [168 2013-05-04] ()
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [Multiplicity] - C:\Program Files (x86)\Stardock\Multiplicity\multipl.exe [x]
HKLM-x32\...\Run: [LWS] - D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Family Tree Builder Update] - D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2528256 2013-07-03] (MyHeritage)
HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-12-28] (cyberlink)
HKLM-x32\...\Run: [bCSSync] - D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [10752 2012-01-31] ()
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2012-12-23] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM-x32\...\Run: [Ad-Aware Antivirus] - "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-10] (Adobe Systems Inc.)
HKU\Administrator\...\Run: [AS2014] - C:\ProgramData\3XsngX33\3XsngX33.exe [x]
HKU\Administrator\...\Winlogon: [shell] explorer.exe,C:\Users\Administrator\AppData\Roaming\cache.dat <==== ATTENTION
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll [257208 2012-07-27] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrintKey-Pro.lnk
ShortcutTarget: PrintKey-Pro.lnk -> C:\Windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> D:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\system32\SSCbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Winsock: Catalog9 01 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\Windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 16 C:\Windows\system32\Sendori.dll File Not found ()
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}: [NameServer]75.75.76.76,75.75.75.75

FireFox:
========
FF ProfilePath: C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: SecureSearch
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - D:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.1.18 - D:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.1.18 - D:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Extension: IE Tab + - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\coralietab@mozdev.org
FF Extension: IE Tab 2 (FF 3.6+) - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
FF Extension: Ad-Aware Security Add-on - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
FF Extension: Webroot - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_deleted
FF Extension: HP Detect - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: adblockpopups - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\adblockpopups@jessehakanen.net.xpi
FF Extension: autorefresh - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\autorefresh@plugin.xpi
FF Extension: testpilot - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{0cbdfb73-07e9-4cdb-8e40-9cd9742057be}.xpi
FF Extension: No Name - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}.xpi
FF Extension: No Name - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF StartMenuInternet: FIREFOX.EXE - D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Chrome:
=======

CHR DefaultSearchURL: (SecureSearch) - http://lavasoft.blekko.com/ws/?source=f439e2c0&tbp=rbox&toolbarid=adawaretb&u=AB3A3A690FAC9ADD593726518504D851&q={searchTerms}
CHR DefaultSuggestURL: (SecureSearch) - "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll No File
CHR Plugin: (Wajam) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DjVu Plugin Viewer) - D:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll (Caminova, Inc.)
CHR Plugin: (2007 Microsoft Office system) - D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2003) - D:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - D:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll No File
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
CHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (iTunes Application Detector) - D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Extension: (YouTube) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp\1.0.0_0
CHR Extension: (RealDownloader) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (SecureSearch) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfffjahnfbocnaooecgijfnbpcfekoik\1.0.0.1_0
CHR Extension: (Skype Click to Call) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Gmail) - C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR HKLM-x32\...\Chrome\Extension: [lfffjahnfbocnaooecgijfnbpcfekoik] - C:\ProgramData\adawaretb\shortcuts\chrome\adawaretb.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [pbkdpahkifcigckmhiafindmaflfifgm] - C:\Users\max\AppData\Local\Coupon Companion\Chrome\Coupon Companion.crx

==================== Services (Whitelisted) =================

R2 Ad-Aware Service; C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [288112 2012-12-23] (Adobe Systems Incorporated)
S3 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-15] (Adobe Systems Incorporated)
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
S3 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink)
S3 GoogleDesktopManager-051210-111108; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [30192 2012-10-28] (Google)
R2 HPPRXSVC; C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [37432 2012-03-06] (Hewlett-Packard Development Company, L.P.)
S3 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
S3 Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 Multiplicity; D:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe [124080 2012-11-26] (Stardock Software, Inc)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
R2 SBAMSvc; C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S2 SBSDWSCService; D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1328736 2012-09-24] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [656480 2012-09-24] (Secunia)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [182848 2013-07-10] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942528 2013-07-10] (GlavSoft LLC.)
R3 SystemExplorerHelpService; D:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [821720 2012-11-25] (Mister Group)
S3 XobniService; D:\Program Files (x86)\Xobni\XobniService.exe [62184 2012-04-09] (Xobni Corporation)
S3 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)
S2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
S3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{e55284f1-7c3f-bbcb-c86c-f534749fcd03}\ \...\???\{e55284f1-7c3f-bbcb-c86c-f534749fcd03}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)
R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)
S3 dgderdrv; C:\Windows\SysWow64\drivers\dgderdrv.sys [20032 2011-08-23] (Devguru Co., Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-04] (GFI Software)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [260712 2012-01-30] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\drivers\Smb_driver.sys [21264 2012-02-23] (Synaptics Incorporated)
R3 SSCBFS3; C:\Windows\System32\DRIVERS\sscbfs3.sys [347456 2012-10-30] (EldoS Corporation)
S3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [48096 2012-08-09] (Windows ® Win 7 DDK provider)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-01-15] ()
S3 XHCIPort; C:\Windows\System32\DRIVERS\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 file_unlock; \??\C:\Users\max\AppData\Local\file_unlock.sys [x]
U0 SR;
U2 srservice;
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-06 17:40 - 2013-09-06 17:40 - 01948360 _____ (Farbar) C:\Users\max\Desktop\FRST64.exe
2013-09-06 07:26 - 2013-09-06 07:26 - 00047095 _____ C:\Users\max\Desktop\dds.txt
2013-09-06 07:26 - 2013-09-06 07:26 - 00035049 _____ C:\Users\max\Desktop\attach.txt
2013-09-06 07:04 - 2013-09-06 07:10 - 00029182 _____ C:\Users\max\Desktop\hijackthis.log
2013-09-06 07:04 - 2013-09-06 07:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\max\Desktop\HijackThis.exe
2013-09-06 06:59 - 2013-09-06 07:01 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-06 06:59 - 2013-09-06 06:59 - 00001074 _____ C:\Users\max\Desktop\SpywareBlaster.lnk
2013-09-06 06:59 - 2013-09-06 06:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-05 19:11 - 2013-09-05 19:11 - 00806400 _____ C:\Users\max\Desktop\MicrosoftFixit50692.msi
2013-09-05 19:09 - 2013-09-05 19:10 - 321145514 _____ C:\Users\max\Desktop\hklm.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 95434634 _____ C:\Users\max\Desktop\root.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 69073754 _____ C:\Users\max\Desktop\defuser.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 09297834 _____ C:\Users\max\Desktop\users.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 00010972 _____ C:\Users\max\Desktop\curcfg.reg
2013-09-05 19:08 - 2013-09-05 19:08 - 330443152 _____ C:\Users\max\Desktop\20130905.reg
2013-09-05 18:08 - 2013-09-05 18:08 - 13813944 _____ (Microsoft Corporation) C:\Users\max\Desktop\mseinstall.exe
2013-09-05 18:08 - 2013-09-05 18:08 - 00000000 ____D C:\Windows\TempC6EE759C-0705-7C19-0929-66732D4D24B7-Signatures
2013-09-05 18:08 - 2013-09-05 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-05 17:53 - 2013-09-05 17:57 - 00000112 _____ C:\Windows\setupact.log
2013-09-05 17:53 - 2013-09-05 17:53 - 00000954 _____ C:\Windows\PFRO.log
2013-09-05 17:53 - 2013-09-05 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 15:29 - 2013-09-05 17:57 - 00003334 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3251653021-623388740-2828558099-1001
2013-09-05 15:29 - 2013-09-05 17:57 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3251653021-623388740-2828558099-1001
2013-09-05 06:27 - 2013-09-05 17:30 - 00000004 _____ C:\Users\max\AppData\Roaming\cache.ini
2013-09-05 04:19 - 2013-09-05 18:02 - 00000000 ____D C:\ProgramData\3XsngX33
2013-08-30 20:15 - 2013-09-02 16:13 - 00003053 _____ C:\Users\max\Desktop\IAJGS news articles - Shortcut.lnk
2013-08-29 20:42 - 2013-08-29 20:42 - 00000000 __SHD C:\$$PendingFiles
2013-08-29 17:49 - 2013-08-29 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-29 17:03 - 2013-08-29 17:04 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\cache.ini
2013-08-29 16:55 - 2013-09-05 20:39 - 00000000 ____D C:\Windows\pss
2013-08-29 16:44 - 2013-08-29 16:44 - 00000000 ____D C:\Users\Administrator\Documents\MyHeritage
2013-08-29 16:44 - 2013-08-29 16:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\MyHeritage
2013-08-29 16:42 - 2013-08-29 16:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RealNetworks
2013-08-29 16:41 - 2013-08-29 16:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
2013-08-29 16:40 - 2013-08-29 16:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-29 16:40 - 2013-08-29 16:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-29 16:39 - 2013-09-05 06:24 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
2013-08-29 16:39 - 2013-08-29 16:42 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16792693-D7DE-4211-93F1-79D028E1F923}
2013-08-29 16:39 - 2013-08-29 16:39 - 00000937 _____ C:\Users\Administrator\Desktop\Customize Fences.lnk
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Stardock
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ICAClient
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\adawarebp
2013-08-29 16:38 - 2013-08-29 16:43 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-29 16:38 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator
2013-08-29 16:38 - 2013-08-29 16:39 - 00000000 ____D C:\ProgramData\jqjde
2013-08-29 16:38 - 2013-08-29 16:38 - 00120160 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 16:38 - 2013-08-29 16:38 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-29 16:38 - 2012-11-29 10:52 - 00000000 ____D C:\Users\Administrator\AppData\LocalGoogle
2013-08-29 16:38 - 2012-10-28 17:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2013-08-29 16:38 - 2012-10-24 03:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-08-29 07:52 - 2013-08-29 09:56 - 00000000 ____D C:\ProgramData\kluc
2013-08-20 20:30 - 2013-08-20 20:30 - 00098847 _____ C:\Users\max\Desktop\Ukraine SIG Yekaterinoslav Province Alexandrovsk.htm
2013-08-20 20:30 - 2013-08-20 20:30 - 00000000 ____D C:\Users\max\Desktop\Ukraine SIG Yekaterinoslav Province Alexandrovsk_files
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files\iPod
2013-08-14 20:58 - 2013-08-14 20:58 - 00000043 _____ C:\Users\max\Desktop\jowbr desc for headers.txt
2013-08-14 03:06 - 2013-07-26 00:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 03:06 - 2013-07-26 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 03:06 - 2013-07-26 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 03:06 - 2013-07-26 00:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 03:06 - 2013-07-26 00:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 03:06 - 2013-07-25 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 22:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-14 03:06 - 2013-07-25 22:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-14 03:06 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-14 03:06 - 2013-07-25 22:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-14 03:06 - 2013-07-25 22:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-14 03:06 - 2013-07-25 21:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-14 03:06 - 2013-07-25 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 03:06 - 2013-07-25 20:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-13 16:22 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-13 16:22 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-13 16:22 - 2013-07-18 20:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-13 16:22 - 2013-07-18 20:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-13 16:22 - 2013-07-09 01:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-13 16:22 - 2013-07-09 00:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-13 16:22 - 2013-07-09 00:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-13 16:22 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-13 16:22 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-13 16:22 - 2013-07-09 00:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-13 16:22 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-13 16:22 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-13 16:22 - 2013-07-09 00:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-13 16:22 - 2013-07-09 00:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-13 16:22 - 2013-07-08 23:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-13 16:22 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-13 16:22 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-13 16:22 - 2013-07-08 23:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-13 16:22 - 2013-07-08 23:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-13 16:22 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-13 16:22 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-13 16:22 - 2013-07-08 21:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-13 16:22 - 2013-07-08 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-13 16:22 - 2013-07-08 21:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-13 16:22 - 2013-07-08 21:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-13 16:22 - 2013-07-06 01:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-13 16:22 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-10 18:12 - 2013-08-10 20:52 - 00012660 _____ C:\Users\max\Documents\IAJGS 2013 expenses.xlsx
2013-08-10 10:58 - 2013-09-02 16:13 - 00002534 _____ C:\Users\max\Desktop\Less Common.lnk
2013-08-10 10:56 - 2013-09-02 16:13 - 00003348 _____ C:\Users\max\Desktop\Klaipeda.xls.lnk
2013-08-10 10:56 - 2013-09-02 16:13 - 00002997 _____ C:\Users\max\Desktop\DNA Summary.xlsx.lnk
2013-08-10 10:56 - 2013-09-02 16:13 - 00002942 _____ C:\Users\max\Desktop\DNA (2).lnk
2013-08-10 10:56 - 2013-09-02 16:13 - 00002836 _____ C:\Users\max\Desktop\23intros.txt.lnk
2013-08-10 10:56 - 2013-09-02 16:13 - 00001874 _____ C:\Users\max\Desktop\DNA.lnk
2013-08-10 10:55 - 2013-09-02 16:13 - 00001920 _____ C:\Users\max\Desktop\Max-HP Desktop.lnk
2013-08-10 10:53 - 2013-09-02 16:13 - 00002112 _____ C:\Users\max\Desktop\Charity & Matching.lnk
2013-08-10 10:53 - 2013-09-02 16:13 - 00002076 _____ C:\Users\max\Desktop\Weight.lnk
2013-08-10 10:52 - 2013-09-02 16:13 - 00002192 _____ C:\Users\max\Desktop\Bginfo.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002644 _____ C:\Users\max\Desktop\2011.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002520 _____ C:\Users\max\Desktop\Ben Folds.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002517 _____ C:\Users\max\Desktop\Training.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002446 _____ C:\Users\max\Desktop\Web Sites.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002106 _____ C:\Users\max\Desktop\Necrologies.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002103 _____ C:\Users\max\Desktop\Microfilm.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00002006 _____ C:\Users\max\Desktop\Yizkor.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001923 _____ C:\Users\max\Desktop\Web Folders.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001913 _____ C:\Users\max\Desktop\Engage & To Do.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001904 _____ C:\Users\max\Desktop\After Hours.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001874 _____ C:\Users\max\Desktop\SAA.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001823 _____ C:\Users\max\Desktop\Genealogy.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001804 _____ C:\Users\max\Desktop\Misc.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001787 _____ C:\Users\max\Desktop\Misc Desktop.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001729 _____ C:\Users\max\Desktop\Documents.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001677 _____ C:\Users\max\Desktop\Goren Brieter Golden Fleischman Family.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001671 _____ C:\Users\max\Desktop\Heffler Tiras Wasserman Moore Family.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001496 _____ C:\Users\max\Desktop\FamilyPictures.lnk
2013-08-10 10:50 - 2013-09-02 16:13 - 00001425 _____ C:\Users\max\Desktop\JHV.lnk
2013-08-08 16:49 - 2013-09-02 17:25 - 00000340 _____ C:\Users\max\Desktop\2013IAJGS todo.txt

==================== One Month Modified Files and Folders =======

2013-09-06 17:40 - 2013-09-06 17:40 - 01948360 _____ (Farbar) C:\Users\max\Desktop\FRST64.exe
2013-09-06 17:40 - 2012-10-28 07:18 - 00000000 ____D C:\Users\max\Documents\Outlook Files
2013-09-06 17:38 - 2012-10-21 19:01 - 00003914 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6C5CED76-E395-4BEE-8CEB-FC1098973F39}
2013-09-06 17:13 - 2012-10-28 16:04 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-06 17:06 - 2012-10-28 17:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-06 09:04 - 2012-10-22 21:30 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormax
2013-09-06 09:04 - 2012-10-22 21:30 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleFormax.job
2013-09-06 07:26 - 2013-09-06 07:26 - 00047095 _____ C:\Users\max\Desktop\dds.txt
2013-09-06 07:26 - 2013-09-06 07:26 - 00035049 _____ C:\Users\max\Desktop\attach.txt
2013-09-06 07:10 - 2013-09-06 07:04 - 00029182 _____ C:\Users\max\Desktop\hijackthis.log
2013-09-06 07:04 - 2013-09-06 07:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\max\Desktop\HijackThis.exe
2013-09-06 07:01 - 2013-09-06 06:59 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2013-09-06 06:59 - 2013-09-06 06:59 - 00001074 _____ C:\Users\max\Desktop\SpywareBlaster.lnk
2013-09-06 06:59 - 2013-09-06 06:59 - 00000000 ____D C:\ProgramData\Licenses
2013-09-06 02:00 - 2012-10-21 19:01 - 00000000 ____D C:\Users\max\AppData\Local\Adobe
2013-09-06 00:14 - 2012-10-31 21:23 - 00065062 _____ C:\Windows\system32\JkDefragCmd64.log
2013-09-05 22:03 - 2009-07-14 00:13 - 00782732 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 20:39 - 2013-08-29 16:55 - 00000000 ____D C:\Windows\pss
2013-09-05 20:39 - 2013-05-17 09:37 - 00000000 ____D C:\ProgramData\SystemExplorer
2013-09-05 20:39 - 2013-05-04 07:55 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2013-09-05 20:39 - 2012-10-21 18:59 - 00000000 ____D C:\Users\max
2013-09-05 20:39 - 2012-10-13 05:52 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-09-05 20:39 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-09-05 19:22 - 2012-10-23 18:18 - 00002177 _____ C:\Windows\epplauncher.mif
2013-09-05 19:11 - 2013-09-05 19:11 - 00806400 _____ C:\Users\max\Desktop\MicrosoftFixit50692.msi
2013-09-05 19:10 - 2013-09-05 19:09 - 321145514 _____ C:\Users\max\Desktop\hklm.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 95434634 _____ C:\Users\max\Desktop\root.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 69073754 _____ C:\Users\max\Desktop\defuser.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 09297834 _____ C:\Users\max\Desktop\users.reg
2013-09-05 19:09 - 2013-09-05 19:09 - 00010972 _____ C:\Users\max\Desktop\curcfg.reg
2013-09-05 19:08 - 2013-09-05 19:08 - 330443152 _____ C:\Users\max\Desktop\20130905.reg
2013-09-05 18:08 - 2013-09-05 18:08 - 13813944 _____ (Microsoft Corporation) C:\Users\max\Desktop\mseinstall.exe
2013-09-05 18:08 - 2013-09-05 18:08 - 00000000 ____D C:\Windows\TempC6EE759C-0705-7C19-0929-66732D4D24B7-Signatures
2013-09-05 18:08 - 2013-09-05 18:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-09-05 18:04 - 2009-07-13 23:45 - 00029712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-05 18:04 - 2009-07-13 23:45 - 00029712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-05 18:02 - 2013-09-05 04:19 - 00000000 ____D C:\ProgramData\3XsngX33
2013-09-05 17:58 - 2012-10-28 16:05 - 00000000 ____D C:\ProgramData\Sendori
2013-09-05 17:57 - 2013-09-05 17:53 - 00000112 _____ C:\Windows\setupact.log
2013-09-05 17:57 - 2013-09-05 15:29 - 00003334 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3251653021-623388740-2828558099-1001
2013-09-05 17:57 - 2013-09-05 15:29 - 00003196 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3251653021-623388740-2828558099-1001
2013-09-05 17:57 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-05 17:53 - 2013-09-05 17:53 - 00000954 _____ C:\Windows\PFRO.log
2013-09-05 17:53 - 2013-09-05 17:53 - 00000000 _____ C:\Windows\setuperr.log
2013-09-05 17:51 - 2012-10-28 15:32 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-05 17:51 - 2012-10-28 14:32 - 00000000 ___DC C:\Users\max\AppData\Local\MigWiz
2013-09-05 17:51 - 2007-01-01 20:25 - 00000000 ____D C:\Windows\Panther
2013-09-05 17:30 - 2013-09-05 06:27 - 00000004 _____ C:\Users\max\AppData\Roaming\cache.ini
2013-09-05 07:11 - 2012-10-31 20:51 - 00000000 ____D C:\ProgramData\VisualBee
2013-09-05 06:32 - 2012-10-21 19:01 - 00000000 ___RD C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-05 06:24 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
2013-09-04 14:15 - 2013-08-06 15:13 - 00002178 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-02 20:56 - 2012-10-25 19:47 - 00001080 _____ C:\Users\max\Desktop\todo.txt
2013-09-02 19:12 - 2012-10-28 15:35 - 00000000 ____D C:\Users\max\AppData\Roaming\Skype
2013-09-02 17:25 - 2013-08-08 16:49 - 00000340 _____ C:\Users\max\Desktop\2013IAJGS todo.txt
2013-09-02 16:13 - 2013-08-30 20:15 - 00003053 _____ C:\Users\max\Desktop\IAJGS news articles - Shortcut.lnk
2013-09-02 16:13 - 2013-08-10 10:58 - 00002534 _____ C:\Users\max\Desktop\Less Common.lnk
2013-09-02 16:13 - 2013-08-10 10:56 - 00003348 _____ C:\Users\max\Desktop\Klaipeda.xls.lnk
2013-09-02 16:13 - 2013-08-10 10:56 - 00002997 _____ C:\Users\max\Desktop\DNA Summary.xlsx.lnk
2013-09-02 16:13 - 2013-08-10 10:56 - 00002942 _____ C:\Users\max\Desktop\DNA (2).lnk
2013-09-02 16:13 - 2013-08-10 10:56 - 00002836 _____ C:\Users\max\Desktop\23intros.txt.lnk
2013-09-02 16:13 - 2013-08-10 10:56 - 00001874 _____ C:\Users\max\Desktop\DNA.lnk
2013-09-02 16:13 - 2013-08-10 10:55 - 00001920 _____ C:\Users\max\Desktop\Max-HP Desktop.lnk
2013-09-02 16:13 - 2013-08-10 10:53 - 00002112 _____ C:\Users\max\Desktop\Charity & Matching.lnk
2013-09-02 16:13 - 2013-08-10 10:53 - 00002076 _____ C:\Users\max\Desktop\Weight.lnk
2013-09-02 16:13 - 2013-08-10 10:52 - 00002192 _____ C:\Users\max\Desktop\Bginfo.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002644 _____ C:\Users\max\Desktop\2011.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002520 _____ C:\Users\max\Desktop\Ben Folds.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002517 _____ C:\Users\max\Desktop\Training.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002446 _____ C:\Users\max\Desktop\Web Sites.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002106 _____ C:\Users\max\Desktop\Necrologies.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002103 _____ C:\Users\max\Desktop\Microfilm.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00002006 _____ C:\Users\max\Desktop\Yizkor.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001923 _____ C:\Users\max\Desktop\Web Folders.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001913 _____ C:\Users\max\Desktop\Engage & To Do.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001904 _____ C:\Users\max\Desktop\After Hours.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001874 _____ C:\Users\max\Desktop\SAA.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001823 _____ C:\Users\max\Desktop\Genealogy.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001804 _____ C:\Users\max\Desktop\Misc.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001787 _____ C:\Users\max\Desktop\Misc Desktop.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001729 _____ C:\Users\max\Desktop\Documents.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001677 _____ C:\Users\max\Desktop\Goren Brieter Golden Fleischman Family.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001671 _____ C:\Users\max\Desktop\Heffler Tiras Wasserman Moore Family.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001496 _____ C:\Users\max\Desktop\FamilyPictures.lnk
2013-09-02 16:13 - 2013-08-10 10:50 - 00001425 _____ C:\Users\max\Desktop\JHV.lnk
2013-09-02 09:04 - 2012-12-10 10:15 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-09-02 09:04 - 2012-10-22 17:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-09-01 09:19 - 2012-10-28 07:40 - 00000000 ____D C:\Users\max\AppData\Local\Xobni
2013-09-01 09:13 - 2013-02-02 11:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-01 09:13 - 2012-10-28 15:35 - 00000000 ____D C:\ProgramData\Skype
2013-09-01 09:12 - 2013-04-17 17:45 - 00000000 ____D C:\ProgramData\InstallMate
2013-09-01 09:12 - 2012-10-28 12:01 - 00000000 ____D C:\Program Files\CCleaner
2013-09-01 08:30 - 2012-10-28 17:44 - 00000000 ____D C:\Users\max\AppData\Roaming\Dropbox
2013-09-01 00:06 - 2012-11-16 21:02 - 00003187 _____ C:\Users\max\Desktop\fct.fct
2013-08-29 20:42 - 2013-08-29 20:42 - 00000000 __SHD C:\$$PendingFiles
2013-08-29 17:49 - 2013-08-29 17:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Malwarebytes
2013-08-29 17:04 - 2013-08-29 17:03 - 00000004 _____ C:\Users\Administrator\AppData\Roaming\cache.ini
2013-08-29 16:53 - 2012-10-28 16:03 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-29 16:44 - 2013-08-29 16:44 - 00000000 ____D C:\Users\Administrator\Documents\MyHeritage
2013-08-29 16:44 - 2013-08-29 16:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\MyHeritage
2013-08-29 16:43 - 2013-08-29 16:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2013-08-29 16:42 - 2013-08-29 16:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\RealNetworks
2013-08-29 16:42 - 2013-08-29 16:39 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16792693-D7DE-4211-93F1-79D028E1F923}
2013-08-29 16:41 - 2013-08-29 16:41 - 00000000 ____D C:\Users\Administrator\AppData\Local\Logitech® Webcam Software
2013-08-29 16:40 - 2013-08-29 16:40 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ATI
2013-08-29 16:40 - 2013-08-29 16:40 - 00000000 ____D C:\Users\Administrator\AppData\Local\ATI
2013-08-29 16:39 - 2013-08-29 16:39 - 00000937 _____ C:\Users\Administrator\Desktop\Customize Fences.lnk
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ___RD C:\Users\Administrator\Virtual Machines
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Synaptics
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Stardock
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ICAClient
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Hewlett-Packard
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Citrix
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2013-08-29 16:39 - 2013-08-29 16:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\adawarebp
2013-08-29 16:39 - 2013-08-29 16:38 - 00000000 ____D C:\Users\Administrator
2013-08-29 16:39 - 2013-08-29 16:38 - 00000000 ____D C:\ProgramData\jqjde
2013-08-29 16:38 - 2013-08-29 16:38 - 00120160 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-29 16:38 - 2013-08-29 16:38 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-08-29 09:56 - 2013-08-29 07:52 - 00000000 ____D C:\ProgramData\kluc
2013-08-28 18:44 - 2012-10-28 16:05 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-28 03:00 - 2012-10-21 19:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-25 09:05 - 2012-10-28 15:14 - 00000000 ____D C:\Users\max\AppData\Roaming\Apple Computer
2013-08-21 19:37 - 2012-10-31 21:02 - 00020528 _____ C:\Windows\system32\lvcoinst.log
2013-08-21 19:22 - 2012-10-31 21:02 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2013-08-21 09:11 - 2012-10-21 19:12 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-20 20:30 - 2013-08-20 20:30 - 00098847 _____ C:\Users\max\Desktop\Ukraine SIG Yekaterinoslav Province Alexandrovsk.htm
2013-08-20 20:30 - 2013-08-20 20:30 - 00000000 ____D C:\Users\max\Desktop\Ukraine SIG Yekaterinoslav Province Alexandrovsk_files
2013-08-20 18:06 - 2013-06-12 04:06 - 17139080 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-08-20 18:06 - 2012-10-28 17:45 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 18:06 - 2012-10-28 17:45 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 18:06 - 2012-10-28 17:45 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files\iTunes
2013-08-20 16:24 - 2013-08-20 16:24 - 00000000 ____D C:\Program Files\iPod
2013-08-14 22:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 20:58 - 2013-08-14 20:58 - 00000043 _____ C:\Users\max\Desktop\jowbr desc for headers.txt
2013-08-14 16:58 - 2012-11-01 21:06 - 00000000 ____D C:\Users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World Community Grid
2013-08-14 16:50 - 2012-10-28 06:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-14 03:02 - 2013-07-10 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 03:01 - 2012-10-22 21:25 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-10 20:52 - 2013-08-10 18:12 - 00012660 _____ C:\Users\max\Documents\IAJGS 2013 expenses.xlsx
2013-08-10 10:59 - 2013-02-26 19:57 - 00345600 ___SH C:\Users\max\Desktop\Thumbs.db

Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{e55284f1-7c3f-bbcb-c86c-f534749fcd03}
C:\Users\Administrator\AppData\Roaming\cache.ini
C:\Users\Administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\Administrator\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\max\jobq.dat
C:\Users\max\AppData\Roaming\cache.ini
C:\Users\max\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-09-01 00:09

==================== End Of Log ============================

mheffler · September 6, 2013

Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-09-2013
Ran by max at 2013-09-06 17:41:41
Running from C:\Users\max\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

64 Bit HP CIO Components Installer (Version: 6.2.2)
7-Zip 9.20 (x32)
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
8500A909_BasicWeb (x32 Version: 140.0.000.000)
8500A909_Help_BasicWeb (x32 Version: 1.00.0000)
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.2.443)
Ad-Aware Antivirus (x32 Version: 10.5.2.4379)
Ad-Aware Security Add-on (x32 Version: 2.5.0.6)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.1.7)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Anchor Service CS4 (x32 Version: 2.0)
Adobe Anchor Service x64 CS4 (Version: 2.0)
Adobe Asset Services CS4 (x32 Version: 4)
Adobe Bridge CS4 (x32 Version: 3)
Adobe CMaps CS4 (x32 Version: 2.0)
Adobe CMaps x64 CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (x32 Version: 2.0)
Adobe Color EU Extra Settings CS4 (x32 Version: 2.0)
Adobe Color JA Extra Settings CS4 (x32 Version: 2.0)
Adobe Color NA Recommended Settings CS4 (x32 Version: 2.0)
Adobe Color Video Profiles CS CS4 (x32 Version: 2.0)
Adobe Creative Suite 4 Design Premium (x32 Version: 4.0)
Adobe CS6 Design and Web Premium (x32 Version: 6)
Adobe CSI CS4 (x32 Version: 1)
Adobe CSI CS4 x64 (Version: 1)
Adobe Default Language CS4 (x32 Version: 2.0)
Adobe Device Central CS4 (x32 Version: 2)
Adobe Dreamweaver CS4 (x32 Version: 10.0)
Adobe Drive CS4 (x32 Version: 1)
Adobe Drive CS4 x64 (Version: 1)
Adobe Dynamiclink Support (x32 Version: 1)
Adobe ExtendScript Toolkit CS4 (x32 Version: 3.0.0)
Adobe Extension Manager CS4 (x32 Version: 2.0)
Adobe Fireworks CS4 (x32 Version: 10.0)
Adobe Flash CS4 (x32 Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (x32 Version: 3.0)
Adobe Flash CS4 STI-en (x32 Version: 10.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Fonts All (x32 Version: 2.0)
Adobe Fonts All x64 (Version: 2.0)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Illustrator CS4 (x32 Version: 14.0)
Adobe InDesign CS4 (x32 Version: 6.0)
Adobe InDesign CS4 Application Feature Set Files (Roman) (x32 Version: 6.0)
Adobe InDesign CS4 Common Base Files (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler (x32 Version: 6.0)
Adobe InDesign CS4 Icon Handler x64 (Version: 6.0)
Adobe Linguistics CS4 (x32 Version: 4.0.0)
Adobe Linguistics CS4 x64 (Version: 4.0.0)
Adobe Media Encoder CS4 (x32 Version: 1.0)
Adobe Media Encoder CS4 Importer (x32 Version: 1.0)
Adobe Media Player (x32 Version: 0.0.0)
Adobe Media Player (x32 Version: 1.1)
Adobe Output Module (x32 Version: 2.0)
Adobe PDF Library Files CS4 (x32 Version: 9.0)
Adobe PDF Library Files x64 CS4 (Version: 9.0)
Adobe Photoshop CS4 (64 Bit) (Version: 11.0)
Adobe Photoshop CS4 (x32 Version: 11.0)
Adobe Photoshop CS4 Support (x32 Version: 11.0)
Adobe Photoshop Elements 10 (x32 Version: 10.0)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Search for Help (x32 Version: 1.0)
Adobe Service Manager Extension (x32 Version: 1.0)
Adobe Setup (x32 Version: 2.0)
Adobe SGM CS4 (x32 Version: 3.0)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
Adobe SING CS4 (x32 Version: 2.0)
Adobe Type Support CS4 (x32 Version: 9.0)
Adobe Type Support x64 CS4 (Version: 9.0)
Adobe Update Manager CS4 (x32 Version: 6.0.0)
Adobe Version Cue CS4 Server (x32 Version: 4.0)
Adobe Widget Browser (x32 Version: 2.0 Build 348)
Adobe Widget Browser (x32 Version: 2.0.348)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.1)
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1)
Adobe XMP Panels CS4 (x32 Version: 2.0)
Adobe® Content Viewer (x32 Version: 3.1.0)
AdobeColorCommonSetCMYK (x32 Version: 2.0)
AdobeColorCommonSetRGB (x32 Version: 2.0)
Amazon Cloud Drive (HKCU Version: 2.0.2013.841)
Amazon Cloud Player (HKCU Version: 1.1.0.332)
AMD Accelerated Video Transcoding (Version: 2.00.0002)
AMD APP SDK Runtime (Version: 10.0.898.1)
AMD Catalyst Install Manager (Version: 3.0.868.0)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Arachnophilia version 4.0 (x32)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.12.13)
Audacity 2.0.3 (x32 Version: 2.0.3)
BOINC (Version: 7.0.64)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 140.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
Broadcom Bluetooth Software (Version: 6.5.1.2300)
Brother's Keeper 6.6 (x32)
BufferChm (x32 Version: 140.0.213.000)
CameraHelperMsi (x32 Version: 13.51.815.0)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0326.310.3601)
Catalyst Control Center InstallProxy (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Localization All (x32 Version: 2012.0326.310.3601)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0326.310.3601)
CCC Help Chinese Standard (x32 Version: 2012.0326.0309.3601)
CCC Help Chinese Traditional (x32 Version: 2012.0326.0309.3601)
CCC Help Czech (x32 Version: 2012.0326.0309.3601)
CCC Help Danish (x32 Version: 2012.0326.0309.3601)
CCC Help Dutch (x32 Version: 2012.0326.0309.3601)
CCC Help English (x32 Version: 2012.0326.0309.3601)
CCC Help Finnish (x32 Version: 2012.0326.0309.3601)
CCC Help French (x32 Version: 2012.0326.0309.3601)
CCC Help German (x32 Version: 2012.0326.0309.3601)
CCC Help Greek (x32 Version: 2012.0326.0309.3601)
CCC Help Hungarian (x32 Version: 2012.0326.0309.3601)
CCC Help Italian (x32 Version: 2012.0326.0309.3601)
CCC Help Japanese (x32 Version: 2012.0326.0309.3601)
CCC Help Korean (x32 Version: 2012.0326.0309.3601)
CCC Help Norwegian (x32 Version: 2012.0326.0309.3601)
CCC Help Polish (x32 Version: 2012.0326.0309.3601)
CCC Help Portuguese (x32 Version: 2012.0326.0309.3601)
CCC Help Russian (x32 Version: 2012.0326.0309.3601)
CCC Help Spanish (x32 Version: 2012.0326.0309.3601)
CCC Help Swedish (x32 Version: 2012.0326.0309.3601)
CCC Help Thai (x32 Version: 2012.0326.0309.3601)
CCC Help Turkish (x32 Version: 2012.0326.0309.3601)
ccc-utility64 (Version: 2012.0326.310.3601)
Citrix Authentication Manager (x32 Version: 3.0.0.47031)
Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.3.0.55)
Citrix Receiver (x32 Version: 13.3.0.55)
Citrix Receiver Inside (x32 Version: 3.3.0.17208)
Citrix Receiver Updater (x32 Version: 3.3.0.17207)
Citrix Receiver(Aero) (x32 Version: 13.3.0.55)
Citrix Receiver(DV) (x32 Version: 13.3.0.55)
Citrix Receiver(USB) (x32 Version: 13.3.0.55)
CompanionLink (x32 Version: 5.00.5000)
Connect (x32 Version: 1.0.0.1)
CyberLink PowerDVD (x32 Version: 10.0.5.3817)
CyberLink YouCam (x32 Version: 3.5.3.5018)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (x32)
Document Express DjVu Plug-in (x32 Version: 6.1.27999)
Dolet Light for Finale (x32 Version: 1.0.1)
Download App (HKCU Version: 1.1.0)
Dropbox (HKCU Version: 2.0.22)
Duplicate File Finder (x64) (Version: 3.5)
eaner (Version: 4.05)
EasyBCD 2.2 (x32 Version: 2.2)
Elements 10 Organizer (x32 Version: 10.0)
erLT (x32 Version: 1.20.138.34)
ESU for Microsoft Windows 7 SP1 (x32 Version: 5.1.4)
Family Tree Maker 2008 (x32 Version: 17.0.7)
FamilySearch Indexing 3.15.1 (x32 Version: 3.15.1)
Fences 2 (x32 Version: 2.00.2)
Fences Pro (Version: 1.10.419)
FileHippo.com Update Checker (x32)
Finale 2003 (x32)
FolderClone Professional Edition v2.0.5 (x32)
Free Sound Recorder v9.4.1 (x32)
GenSmarts (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Desktop (x32 Version: 5.9.1005.12335)
Google Drive (x32 Version: 1.11.4865.2530)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.1.16.1)
HP CoolSense (x32 Version: 2.10.42)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8)
HP Documentation (x32 Version: 1.1.0.0)
HP Launch Box (Version: 1.1.5)
HP Officejet Pro 8500 A909 Series (Version: 14.0)
HP On Screen Display (x32 Version: 1.3.5)
HP Power Manager (x32 Version: 1.4.8)
HP Product Detection (x32 Version: 11.14.0004)
HP Proximity Sensor Utility (x32 Version: 1.0.19)
HP Quick Launch (x32 Version: 2.7.2)
HP Recovery Manager (x32 Version: 2.0.0)
HP Setup (x32 Version: 8.7.4751.3798)
HP Software Framework (x32 Version: 4.6.10.1)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Wireless Audio Manager 1.3.5 (x32 Version: 1.3.5)
IDT Audio (x32 Version: 1.0.6381.0)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.0.1351)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.2.0.0284)
Intel® Rapid Storage Technology (x32 Version: 11.0.0.1032)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® Smart Connect Technology 2.0 x64 (Version: 2.0.1083.0)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)
Intel® WiDi (Version: 3.5.34.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.02.0000.1258)
Intel® Trusted Connect Service Client (Version: 1.23.216.0)
Iomega StorCenter (x32 Version: 2.1.0.0)
IrfanView (remove only) (x32 Version: 4.35)
iTunes (Version: 11.0.5.5)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Junk Mail filter update (x32 Version: 16.4.3505.0912)
Kies mini (x32 Version: 1.00.0000)
kuler (x32 Version: 2.0)
LinkedIn Outlook Connector (x32 Version: 1.1.10.0)
Logitech Webcam Software (x32 Version: 2.51)
LWS Facebook (x32 Version: 13.50.854.0)
LWS Gallery (x32 Version: 13.51.827.0)
LWS Help_main (x32 Version: 13.51.828.0)
LWS Launcher (x32 Version: 13.51.828.0)
LWS Motion Detection (x32 Version: 13.51.815.0)
LWS Pictures And Video (x32 Version: 13.51.815.0)
LWS Twitter (x32 Version: 13.30.1346.0)
LWS Webcam Software (x32 Version: 13.51.815.0)
LWS WLM Plugin (x32 Version: 1.30.1201.0)
LWS YouTube Plugin (x32 Version: 13.31.1038.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office FrontPage 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4420.1017)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Outlook Social Connector Provider for Facebook 32-bit (x32 Version: 14.0.6114.5003)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit (x32 Version: 14.0.5120.5000)
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 17.0.2006.0314)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4420.1017)
Microsoft WSE 3.0 (x32 Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.0.0)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
MotoCast (x32 Version: 2.0.31)
Motorola Device Manager (x32 Version: 2.3.9)
Motorola Device Software Update (x32 Version: 13.02.1402)
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 23.0 (x86 en-US) (x32 Version: 23.0)
Mozilla Maintenance Service (x32 Version: 23.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
MTP Porting Kit (x32 Version: 12.0.0)
MyFreeCodec (HKCU)
MyHeritage Family Tree Builder (x32 Version: 7.0.0.7117)
Network64 (Version: 140.0.215.000)
NirSoft NK2Edit (x32)
NirSoft Wireless Network Watcher (x32)
Notepad++ (x32 Version: 6.3.3)
Online Plug-in (x32 Version: 13.3.0.55)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017)
PDF Settings CS4 (x32 Version: 9.0)
PDF Settings CS6 (x32 Version: 11.0)
Photo Gallery (x32 Version: 16.4.3505.0912)
Photoshop Camera Raw (x32 Version: 5.0)
Photoshop Camera Raw_x64 (Version: 5.0)
Pixel Bender Toolkit (x32 Version: 1.0)
Power2Go (x32 Version: 6.1.6224)
PrintKey-Pro v1.05 (x32 Version: 1.05)
PSE10 STI Installer (x32 Version: 10.0)
PX Profile Update (x32 Version: 1.00.1.)
QuickTime (x32 Version: 7.74.80.86)
Readiris Pro 12 (x32 Version: 12.00.5458)
RealDownloader (x32 Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0)
RealPlayer (x32 Version: 16.0.0)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29011)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Samsung Kies (x32 Version: 2.5.2.13021_10)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
Scan (x32 Version: 140.0.167.000)
Secunia PSI (3.0.0.4001) (x32 Version: 3.0.0.4001)
Self-service Plug-in (x32 Version: 3.3.0.27839)
Send To Toys v2.7
Sendori (x32 Version: 2.0.15)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.7 (x32 Version: 6.7.102)
Soluto (Version: 1.3.1353.0)
Spybot - Search & Destroy (x32 Version: 1.6.2)
SpywareBlaster 5.0 (x32 Version: 5.0.0)
Stardock Central (HKCU)
Stardock Fences 2 (x32 Version: 2.10)
Stardock Multiplicity 2 (x32 Version: 2.00.29)
Stardock Multiplicity 2 (x32 Version: 2.01)
SugarSync (x32 Version: 2.0.24.113934)
Suite Shared Configuration CS4 (x32 Version: 1.0)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.0.1.0)
System Explorer 4.2.2 (x32)
Toolbox (x32 Version: 140.0.428.000)
UltraFileSearch (x32 Version: 2.8.0.12335)
UltraFileSearch (x32)
UltraVnc (Version: 1.1.8)
UltraVnc (x32 Version: 1.1.8)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Access 2013 (KB2760350) 32-Bit Edition (x32)
Update for Microsoft Excel 2013 (KB2760339) 32-Bit Edition (x32)
Update for Microsoft Lync 2013 (KB2817621) 32-Bit Edition (x32)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2726996) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2727096) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2737954) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752025) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752094) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2752101) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760224) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760538) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760553) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2760610) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767845) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767851) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2767860) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2768016) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2810010) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817320) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817482) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817489) 32-Bit Edition (x32)
Update for Microsoft Office 2013 (KB2817492) 32-Bit Edition (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Visio 2007 Help (KB963666) (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2013 (KB2817467) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook 2013 (KB2817629) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2726947) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2013 (KB2810006) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft SkyDrive Pro (KB2817622) 32-Bit Edition (x32)
Update for Microsoft Visio 2013 (KB2810008) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2013 (KB2768338) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2767863) 32-Bit Edition (x32)
Update for Microsoft Word 2013 (KB2810086) 32-Bit Edition (x32)
WebReg (x32 Version: 140.0.213.017)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live Family Safety (x32 Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Mail (x32 Version: 16.4.3505.0912)
Windows Live Messenger (x32 Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
Windows Live Writer (x32 Version: 16.4.3505.0912)
Windows Live Writer Resources (x32 Version: 16.4.3505.0912)
WinPatrol (Version: 26.1.2013.0)
WinPatrol (Version: 28.6.2013.0)
World Community Grid (x32 Version: 6.10.58)
Xenu's Link Sleuth (x32 Version: 1.3.8)
Xobni (x32 Version: 2.0.4.13741)
Xobni Core (x32 Version: 1.0.0)

==================== Restore Points =========================

==================== Hosts content: ==========================

2009-07-13 21:34 - 2013-09-05 17:04 - 00450636 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   www.10sek.com
127.0.0.1   10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   www.123fporn.info
127.0.0.1   123fporn.info
127.0.0.1   123haustiereundmehr.com
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123moviedownload.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {000260A5-4D6F-43F2-A52E-905893A3BA48} - System32\Tasks\{418A2B9B-7F35-49B4-9675-1B26CAAB891F} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {005D77CA-19BF-4385-9C9A-29F5E200FCEB} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3251653021-623388740-2828558099-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {08A3C512-2FCE-4B12-BA22-A854EFD8FB8B} - System32\Tasks\AdobeAAMUpdater-1.0-Max-Lap-max => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {09A5888C-9925-4370-BA6D-795F7AA0769D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {20863943-0C1E-422F-99F1-C1F16AB4F3CC} - System32\Tasks\Amazon Music Helper => C:\Users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-06-21] ()
Task: {23065AC9-1696-4C21-BC88-CBEB8D3A1D2F} - System32\Tasks\HPCeeScheduleFormax => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {2E757C20-461D-4484-9B20-8FF5CEE597ED} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {3678769A-4B8C-4C30-A9F1-8B4235C68E0A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-02-21] (CyberLink)
Task: {423810CA-9727-438B-B8F8-81987B89E663} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {4D2FB91A-14FC-4284-BE6B-11581BA4575C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {4D9B35B8-AE62-45F8-982D-44F0443A19B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {52878917-9A72-4CC7-9C01-667324895D29} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3251653021-623388740-2828558099-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {5382C266-B988-4507-AC60-07E95A06D6F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {5476C06A-7A77-4258-8090-36D65E2F08AE} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5C44E1D7-57B1-4F49-BD61-3A8E50506662} - System32\Tasks\Stardock Central-S-1-5-21-3251653021-623388740-2828558099-1001 => C:\Users\max\AppData\Local\Stardock\StardockCentral\Stardock Central.exe [2012-10-24] (Stardock)
Task: {5D03A68F-1ABB-4E84-A34C-F4B7CFB45F2F} - System32\Tasks\User_Feed_Synchronization-{16792693-D7DE-4211-93F1-79D028E1F923} => C:\Windows\system32\msfeedssync.exe [2013-03-14] (Microsoft Corporation)
Task: {5FCD0F86-1436-44B7-AAED-22C20C46CB4F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {70954FAC-A782-47A0-A710-BD3CF099C602} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {74C7A7DE-9DD8-4941-B559-76AE4C98381B} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => D:\PROGRA~1\AD-AWA~1\AdAwareLauncher.exe
Task: {780D1644-D25D-40BA-AE85-311DC4B9B6A3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {82CA48B1-C162-42A9-8F60-4DEB1BF386D4} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {8448681A-76DB-4162-947B-3EB0DA9F765E} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {A2374AA7-9737-46D3-B12C-B3E8EEED5F3D} - System32\Tasks\VisualBeeRecovery => C:\Users\max\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe
Task: {A46B2A0B-CF6C-4607-A6E5-B259DF78E4CB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28] (Google Inc.)
Task: {A4A542B1-A482-49E2-A32D-7B6D0D60037F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ADA22FB9-0FD9-4E73-A827-FAD89BA80E57} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {AE87790F-3029-4992-9602-D750C663A202} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {B4E61DA0-9B82-4037-B301-FEC07C5FA41F} - System32\Tasks\JkDefrag\JkDefrag => C:\Windows\System32\JkDefragCmd64
Task: {B5E76282-0E9F-4D2C-8EA6-5C13D71E72E0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {B918ADF2-F686-4D4A-9708-70B32F5C2135} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {BC79EC08-935D-4C38-B4C7-1A9CD92A5874} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {C10918A6-265C-4B17-B140-5C9305894C13} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CE26574F-34D3-4C03-8BCF-411843B873E5} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3251653021-623388740-2828558099-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {CE2EAA1A-C2AB-4767-8C75-895198ED4E7F} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D2E5D409-33AC-48E6-9BE6-DDC32D0A6BD0} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {D568B5BB-8870-470F-947A-94DD7DE85D4D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3251653021-623388740-2828558099-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {DA09F78E-0A8C-49FA-8DBF-4CCE0D14E299} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {DA89B8BB-62FF-4727-85D9-210C96CED2D7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-08-21] (Piriform Ltd)
Task: {E86C3DEB-EB55-4B69-BD33-F9375F7015CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F05DF027-6CA8-4D05-8AA8-B3960EF4594F} - System32\Tasks\User_Feed_Synchronization-{6C5CED76-E395-4BEE-8CEB-FC1098973F39} => C:\Windows\system32\msfeedssync.exe [2013-03-14] (Microsoft Corporation)
Task: {F334F965-1882-4A88-8C7E-351BD43206F3} - System32\Tasks\Funmoods => C:\Users\max\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormax.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 17:08 - 2013-08-14 17:08 - 01966592 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\Soluto\825e50c3c047bafa05d87a192494d076\Soluto.ni.exe
2013-08-14 17:08 - 2013-08-14 17:08 - 04386816 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGFramework\974b6191cc1f20b78af075a2d7dc2bbd\PCGFramework.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 02505216 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAzureShared\4888c159923a2b3f5cd2b41cba607125\PCGAzureShared.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 05948416 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGClientCommon\c0e5d5cc3d6a3590153d25907e426f09\PCGClientCommon.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00666112 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPostBootResources\c85c07a44a2e925bcb1002227ecbcf57\PCGPostBootResources.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 01864192 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGCommunication\489a19d87418b51ee218b23468ffeeae\PCGCommunication.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 05047296 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGDatabase\d3a7adb73460a20acae495a2160ca9ee\PCGDatabase.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00424448 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGDriverProbe\c7b7cce15bfe05ed8fb8f3cacbab5e95\PCGDriverProbe.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00293376 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGBootVisualizingC#\7f4f701fc124d126236cbc98ca3cf47a\PCGBootVisualizingCommon.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00095744 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGHIDProbe\cdf2c9e6380d52cd57275b24fd35a24f\PCGHIDProbe.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00072704 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGRSPProbe\562edaf4d086f577623bf4834f179d0b\PCGRSPProbe.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00111104 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGConfiguration\b5d1b7b4432d6421287ffef69abc0c75\PCGConfiguration.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00267264 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAppControlPlugin#\2bf9668cd4621bf54351457b9d8de9f2\PCGAppControlPluginLoader.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00754176 _____ (Dino Chiesa) C:\Windows\assembly\NativeImages_v2.0.50727_64\Ionic.Zip.Reduced\79a589197a475575c1d4f4ec63b7a47b\Ionic.Zip.Reduced.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00859136 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPrestoSerializer\2cff758072c05f9701c2ef92292412a6\PCGPrestoSerializer.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 03001856 _____ (Newtonsoft) C:\Windows\assembly\NativeImages_v2.0.50727_64\Newtonsoft.Json.Net#\34f91ed602300f3ddf9ed81d373e4881\Newtonsoft.Json.Net35.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 03659776 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGPreCompiled\6bbdcb711229a28c9f9067042f0bd1d1\PCGPreCompiled.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 00102912 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGUsersCenter\1665367335667d9f8b10de7ac6dbf7a2\PCGUsersCenter.ni.dll
2013-08-14 17:08 - 2013-08-14 17:08 - 00062464 _____ (Soluto) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGAzureEntityFrame#\6e5a8e491f34217db56c2563ea4ffcab\PCGAzureEntityFramework.ni.dll
2013-08-14 17:09 - 2013-08-14 17:09 - 03431424 _____ (Pioneer Software Consulting) C:\Windows\assembly\NativeImages_v2.0.50727_64\Community.CsharpSql#\aee4b063454e260d42870fc0bb664221\Community.CsharpSqlite.ni.dll
2013-07-10 18:01 - 2013-07-10 18:01 - 00405504 _____ ( ) C:\Windows\assembly\NativeImages_v2.0.50727_64\Interop.IWshRuntime#\9348d322aa6bc270a2525926a6540e80\Interop.IWshRuntimeLibrary.ni.dll
2013-07-10 18:01 - 2013-07-10 18:01 - 00660992 _____ ( ) C:\Windows\assembly\NativeImages_v2.0.50727_64\PCGWuInfo\c746ce72ac0e5b56e77becc2df8362c4\PCGWuInfo.ni.dll
2013-07-10 17:29 - 2013-07-10 17:29 - 00090688 _____ () c:\program files\soluto\PCGDllExportInspector.dll
2013-07-10 17:29 - 2013-07-10 17:29 - 00368128 _____ (Newtonsoft) c:\program files\soluto\Newtonsoft.Json.Net35.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00261704 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00661448 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\MSVCP110.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00828872 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\MSVCR110.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-04 17:12 - 2013-04-04 17:12 - 00164016 _____ (Dropbox, Inc.) C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
2012-11-20 14:18 - 2012-10-30 18:49 - 00191808 _____ (EldoS Corporation) C:\Windows\system32\SSCbFsMntNtf3.dll
2013-04-25 16:48 - 2013-04-25 16:48 - 00552112 _____ (Stardock) D:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
2013-04-25 16:48 - 2013-04-25 16:48 - 00961200 _____ (Stardock) d:\program files (x86)\stardock\fences\DesktopDock64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-21 14:19 - 2013-04-04 14:50 - 00095304 _____ (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
2013-03-18 03:25 - 2013-03-18 03:25 - 01280896 _____ (Lavasoft Limited) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareShellExtension64.dll
2012-10-28 16:00 - 2012-07-18 13:06 - 00102912 _____ (Gabriele Ponti) D:\Program Files\Send To Toys\SendToClipboardAsContentShellExt.dll
2013-06-05 13:50 - 2013-06-05 13:50 - 02157408 _____ (SugarSync, Inc.) C:\Program Files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
2012-06-18 10:24 - 2012-06-18 10:24 - 00222720 _____ () D:\Program Files (x86)\Notepad++\NppShell_05.dll
2013-05-10 02:57 - 2013-05-10 02:57 - 01608272 _____ (Adobe Systems Inc.) D:\Program Files\Adobe\Acrobat 10.0\Acrobat Elements\ContextMenu64.dll
2011-04-19 00:35 - 2011-04-19 00:35 - 00088064 _____ (Igor Pavlov) D:\Program Files (x86)\7-Zip\7-zip.dll
2012-10-28 16:00 - 2012-07-18 13:06 - 00139776 _____ (Gabriele Ponti) D:\Program Files\Send To Toys\SendToClipboardAsNameShellExt.dll
2012-10-28 16:00 - 2012-07-18 13:06 - 00137216 _____ (Gabriele Ponti) D:\Program Files\Send To Toys\SendToFolderShellExt.dll
2012-12-12 17:41 - 2012-12-12 17:41 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-11-20 14:18 - 2012-10-30 18:49 - 00142656 _____ (EldoS Corporation) C:\Windows\system32\SSCbFsNetRdr3.dll
2012-10-13 05:03 - 2012-01-04 03:37 - 04444672 _____ (IDT, Inc.) C:\Program Files\IDT\WDM\STLang64.dll
2012-10-13 05:03 - 2012-01-04 03:37 - 00654336 ____N (IDT, Inc.) C:\Windows\system32\stapi64.dll
2012-02-28 02:07 - 2012-02-28 02:07 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-03-26 05:00 - 2012-03-26 05:00 - 00311296 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
2012-03-26 04:59 - 2012-03-26 04:59 - 00192512 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
2009-01-20 16:51 - 2009-01-20 16:51 - 00007168 _____ ( ) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
2012-03-26 05:04 - 2012-03-26 05:04 - 00028160 _____ (Advanced Mirco Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.AMDHome.Graphics.Dashboard.dll
2012-03-26 05:03 - 2012-03-26 05:03 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2012-02-03 15:33 - 2012-02-03 15:33 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-10-02 10:30 - 2012-10-02 10:30 - 00130048 _____ (CodePlex Community) C:\Users\max\AppData\Local\Stardock\StardockCentral\Microsoft.Win32.TaskScheduler.dll
2009-07-13 20:18 - 2010-11-20 22:23 - 00884224 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRVUI.DLL
2012-10-28 17:27 - 2010-05-14 15:03 - 01643008 _____ (Hewlett-Packard Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\hpfui02t.dll
2009-07-13 19:39 - 2010-11-20 22:23 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\UNIDRV.DLL
2012-10-28 17:27 - 2010-05-14 15:04 - 01837568 _____ (Hewlett Packard Corporation) C:\Windows\system32\spool\DRIVERS\x64\3\hpf3r02t.dll
2012-10-28 17:27 - 2009-12-15 19:05 - 00221184 _____ (Hewlett-Packard Company) C:\Windows\system32\spool\DRIVERS\x64\3\HPfIE02t.DLL
2012-07-27 03:02 - 2012-07-27 03:02 - 00257208 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll
2012-07-27 03:02 - 2012-07-27 03:02 - 00257208 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ShellHook.dll
2012-09-04 10:50 - 2012-09-04 10:50 - 00036528 _____ (Stardock Software, Inc) D:\Program Files (x86)\Stardock\Multiplicity2\multip.dll
2013-01-31 10:11 - 2013-01-31 10:11 - 00304040 _____ (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.dll
2012-10-28 16:08 - 2013-08-12 20:34 - 00065080 ____N (BillP Studios) D:\Program Files (x86)\BillP Studios\WinPatrol\PATROLPRO.DLL
2012-11-26 11:50 - 2012-11-26 11:50 - 00730800 _____ (Stardock) D:\Program Files (x86)\Stardock\Multiplicity2\Multi2.dll
2012-10-28 16:08 - 2013-07-15 12:29 - 00620718 ____N () D:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2009-07-13 19:29 - 2009-07-13 20:38 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2012-10-28 15:32 - 2009-11-04 10:14 - 01168216 __RSH (Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy\advcheck.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00222808 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00534480 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\MSVCP110.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00862664 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\MSVCR110.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00542808 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\Telemetry.dll
2013-05-02 18:59 - 2013-05-02 18:59 - 00039512 _____ (Microsoft Corporation) C:\Users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\logging.dll
2013-07-10 19:31 - 2013-07-10 19:31 - 08865448 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-04-04 17:12 - 2013-04-04 17:12 - 00130736 _____ (Dropbox, Inc.) C:\Users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
2012-11-20 14:18 - 2012-10-30 18:49 - 00159040 _____ (EldoS Corporation) C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
2013-07-01 14:28 - 2013-07-01 14:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () D:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-06 11:30 - 2012-09-06 11:30 - 02437024 _____ (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2013-03-18 03:26 - 2013-03-18 03:26 - 00953704 _____ (Terra Informatica Software, Inc., British Columbia, Canada.) C:\Program Files (x86)\Ad-Aware Antivirus\htmlayout.dll
2012-09-20 05:38 - 2012-09-20 05:38 - 00056712 _____ (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvcPS.dll
2013-03-18 03:25 - 2013-03-18 03:25 - 00465248 _____ (GFI Software) C:\Program Files (x86)\Ad-Aware Antivirus\cart\CartSdk.dll
2013-04-21 14:19 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.DLL
2013-04-21 14:19 - 2013-04-04 14:50 - 01127496 _____ (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamcore.DLL
2013-04-21 14:19 - 2013-02-16 10:54 - 00914432 _____ (Igor Pavlov) D:\Program Files (x86)\Malwarebytes' Anti-Malware\7z.dll
2013-04-21 14:19 - 2011-06-01 10:16 - 00496976 _____ (vbAccelerator) D:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx
2013-04-21 14:19 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) D:\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll
2013-04-21 14:19 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.DLL
2010-11-20 22:24 - 2010-11-20 22:24 - 00320000 _____ (Microsoft Corporation) C:\Windows\SysWow64\WINSPOOL.DRV
2012-07-27 02:37 - 2012-07-27 02:37 - 00130232 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CCMSDK.dll
2012-07-27 03:05 - 2012-07-27 03:05 - 00017592 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CtxRedirectorProxy.dll
2012-07-27 02:34 - 2012-07-27 02:34 - 00026296 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CCMProxy.dll
2012-07-27 02:36 - 2012-07-27 02:36 - 00388280 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ctxmui.dll
2012-07-27 02:27 - 2012-07-27 02:27 - 00012472 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\ctxmuiUI.DLL
2012-07-27 02:30 - 2012-07-27 02:30 - 00429240 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\concenUI.DLL
2012-10-28 10:32 - 2012-07-26 18:17 - 00223136 _____ (Citrix Systems, Inc.) C:\Users\max\AppData\Local\Citrix\Receiver\WindowsAppRHelper_concentr.exe.dll
2012-07-26 18:20 - 2012-07-26 18:20 - 02293760 _____ (Apache Software Foundation) C:\Program Files (x86)\Citrix\Receiver\xerces-c_3_1.dll
2012-07-26 18:17 - 2012-07-26 18:17 - 00612256 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\ResourceKeeper.dll
2012-07-26 18:17 - 2012-07-26 18:17 - 00055200 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\nativemessagebox.dll
2012-07-26 18:17 - 2012-07-26 18:17 - 00792480 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\nativesystrayue.dll
2012-07-26 18:17 - 2012-07-26 18:17 - 00100256 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\progressnotification.dll
2012-07-26 18:17 - 2012-07-26 18:17 - 00087968 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\toaster.dll
2012-07-18 16:01 - 2012-07-18 16:01 - 00103392 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\DazzleConfig.dll
2012-07-18 16:06 - 2012-07-18 16:06 - 00242656 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\ReceiverShim.dll
2012-10-28 10:32 - 2012-07-26 18:19 - 00296864 _____ (Citrix Systems, Inc.) C:\Users\max\AppData\Local\Citrix\Receiver\WindowsAppRHelper_SelfServicePlugin.exe.dll
2012-07-18 16:01 - 2012-07-18 16:01 - 00038880 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\BaseClassLibrary.dll
2012-07-27 02:54 - 2012-07-27 02:54 - 00089272 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ProgressNotificationCommon.dll
2012-07-27 03:00 - 2012-07-27 03:00 - 00076992 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\WFCWINN.dll
2012-07-27 02:51 - 2012-07-27 02:51 - 00113848 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\acrdlg.dll
2012-07-27 02:45 - 2012-07-27 02:45 - 00097464 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\statuin.dll
2012-07-27 02:37 - 2012-07-27 02:37 - 00093368 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\confmgr.dll
2012-07-27 02:37 - 2012-07-27 02:37 - 00024256 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ctxlogging.dll
2012-07-27 02:37 - 2012-07-27 02:37 - 00033464 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\icafile.dll
2012-07-27 03:04 - 2012-07-27 03:04 - 00482488 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\RSManager.dll
2012-07-27 03:01 - 2012-07-27 03:01 - 00030392 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\RSMHook.dll
2012-07-27 02:56 - 2012-07-27 02:56 - 00498872 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\CST.dll
2012-07-27 02:28 - 2012-07-27 02:28 - 00021688 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll
2012-07-27 02:29 - 2012-07-27 02:29 - 00572600 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\statuiUI.DLL
2012-07-27 02:28 - 2012-07-27 02:28 - 00113848 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\CSTUI.DLL
2012-07-27 02:30 - 2012-07-27 02:30 - 00117952 _____ (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\resource\en\wfcrunUI.DLL
2012-10-28 10:32 - 2012-07-26 18:17 - 00223136 _____ (Citrix Systems, Inc.) C:\Users\max\AppData\Local\Citrix\Receiver\WindowsAppRHelper_wfcrun32.exe.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00157592 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 01914776 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\nss3.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 03534232 _____ () D:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00016280 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 03429784 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-08-03 20:04 - 2013-07-30 17:48 - 20605336 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\xul.dll
2013-08-03 20:04 - 2013-07-30 17:48 - 00262552 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-14 11:11 - 2013-08-14 11:11 - 04774272 _____ (Skype Technologies S.A.) D:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-03 20:04 - 2013-07-30 17:48 - 00152984 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00091544 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00301976 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00392600 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
2013-08-14 11:06 - 2013-08-14 11:06 - 04277632 _____ (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
2012-11-28 04:47 - 2012-10-16 02:39 - 00561664 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2013-05-14 21:07 - 2013-04-12 23:45 - 00474624 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcSpecfc.DLL
2013-08-03 20:04 - 2013-07-30 17:47 - 00478104 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-08-03 20:04 - 2013-07-30 17:47 - 00059288 _____ (Mozilla Foundation) D:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-08-03 19:20 - 2013-08-03 19:20 - 16166280 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-05-10 02:57 - 2013-05-10 02:57 - 02742856 _____ (Adobe Systems Incorporated) D:\Program Files\Adobe\Acrobat 10.0\PDFMaker\Mail\Outlook\PDFMOutlook.dll
2013-05-10 02:57 - 2013-05-10 02:57 - 02897488 _____ () D:\Program Files\Adobe\Acrobat 10.0\PDFMaker\Common\AdobePDFMakerX.dll
2010-12-21 01:15 - 2010-12-21 01:15 - 01041248 _____ () D:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2012-04-09 19:32 - 2012-04-09 19:32 - 00377064 _____ (Xobni Corporation) D:\Program Files (x86)\Xobni\XobniMainConnectorShim.dll
2012-04-09 19:29 - 2012-04-09 19:29 - 00004608 _____ () D:\Program Files (x86)\Xobni\ManagedAggregator.dll
2012-04-09 19:32 - 2012-04-09 19:32 - 00062184 _____ () D:\Program Files (x86)\Xobni\XobniMainConnector.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 00003072 _____ () C:\Windows\assembly\GAC_MSIL\Extensibility\7.0.3300.0__6298d2d1fcfb5d85\Extensibility.dll
2013-07-10 20:06 - 2013-07-10 20:06 - 01028608 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Office.In#\ab5e28051d361a187b560a02664a2d75\Microsoft.Office.Interop.Outlook.ni.dll
2012-04-09 19:31 - 2012-04-09 19:31 - 00014336 _____ (Xobni Corporation) D:\Program Files (x86)\Xobni\XobniMain.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 00224256 _____ (Xobni Corporation) C:\Windows\assembly\GAC_32\Utilities\2.0.4.13741__6298d2d1fcfb5d85\Utilities.dll
2012-04-09 19:31 - 2012-04-09 19:31 - 00045056 _____ () D:\Program Files (x86)\Xobni\XobniFailsafeUpdateChecker.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 07495680 _____ (Xobni Corporation) C:\Windows\assembly\GAC_32\XobniCommon\2.0.4.13741__6298d2d1fcfb5d85\XobniCommon.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 00883712 _____ (Xobni Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniGadgets\1a3f3f96aca3ea28d911ee028f365d90\XobniGadgets.ni.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 01122304 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Xobni.XMapiAccessor\3db4a52198d0550e01464b26e8e6425a\Xobni.XMapiAccessor.ni.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 00516096 _____ () C:\Windows\assembly\GAC_32\Xobni.XMapiAccessor\2.0.4.13741__6298d2d1fcfb5d85\Xobni.XMapiAccessor.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 00555520 _____ (Xobni Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniResources\21231bbd8c4c39b00a494e01c1bc3b2f\XobniResources.ni.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 00593408 _____ (Xobni Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniStatistics\ff2053188af68e083daace69243f0c04\XobniStatistics.ni.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 03509248 _____ (Xobni Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniFeeds\fcf2bf6c28515709f7d8ea5dc13b1a4f\XobniFeeds.ni.dll
2012-10-28 07:40 - 2012-03-21 08:46 - 00904704 _____ () D:\Program Files (x86)\Xobni\System.Data.SQLite.dll
2013-07-10 20:06 - 2013-07-10 20:06 - 00029184 _____ (Xobni Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\XobniDataTransfer\7a2ade965fcfe1bed14ed1238a27f761\XobniDataTransfer.ni.dll
2013-07-10 20:06 - 2013-07-10 20:06 - 00506880 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\office\7edf58239c25f38c95bc943f63f151c7\office.ni.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 00390144 _____ (Xobni Corporation) C:\Windows\assembly\GAC_32\XobniPluginAPI\2.0.4.13741__6298d2d1fcfb5d85\XobniPluginAPI.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 00366080 _____ ( ) C:\Windows\assembly\NativeImages_v2.0.50727_32\Antlr3.Runtime\dd27e3e9f4bedab261787ed3518d0b0a\Antlr3.Runtime.ni.dll
2013-08-14 17:07 - 2013-08-14 17:07 - 01099776 _____ (Newtonsoft) C:\Windows\assembly\NativeImages_v2.0.50727_32\Newtonsoft.Json.Net#\a44bf95bbffebd6ce96ee1b98776d93c\Newtonsoft.Json.Net20.ni.dll
2013-07-10 20:06 - 2013-07-10 20:06 - 00438272 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\c30fe09a93a4610b629291166c669fe8\LinqBridge.ni.dll
2013-07-10 20:06 - 2013-07-10 20:06 - 00328704 _____ ( ) C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.shdocvw\f3674c0808308388baff9fe327aa2598\Interop.shdocvw.ni.dll
2012-03-21 10:45 - 2012-03-21 10:45 - 00192512 _____ (ICSharpCode.net) D:\Program Files (x86)\Xobni\ICSharpCode.SharpZipLib.dll
2012-10-28 06:55 - 2012-10-28 06:55 - 08007680 _____ ( ) C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2010-11-20 22:24 - 2010-11-20 22:24 - 01435648 _____ (Microsoft Corporation) C:\Windows\System32\Speech\Common\sapi.dll
2012-04-09 19:29 - 2012-04-09 19:29 - 00125440 _____ () D:\Program Files (x86)\Xobni\WindowDriver.dll
2012-10-28 07:40 - 2012-10-28 07:40 - 00516608 _____ (Xobni Corporation) C:\Windows\assembly\GAC_32\ServerSync\2.0.4.13741__6298d2d1fcfb5d85\ServerSync.dll
2009-07-13 19:18 - 2009-07-13 20:38 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\msadp32.acm

==================== Alternate Data Streams (whitelisted) ==========

AlternateDataStreams: C:\ProgramData\Temp:5C321E34
AlternateDataStreams: C:\Users\max\Desktop\Thumbs.db:encryptable
AlternateDataStreams: C:\Users\max\Documents\Thumbs.db:encryptable

==================== Faulty Device Manager Devices =============

Name: Officejet Pro 8500 A909g
Description: Officejet Pro 8500 A909g
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/05/2013 07:22:57 PM) (Source: Microsoft Security Client Setup) (User: Max-Lap)
Description: HRESULT:0x80070645
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070645. This action is only valid for products that are currently installed.

Error: (09/05/2013 07:22:19 PM) (Source: MsiInstaller) (User: Max-Lap)
Description: Product: Microsoft Fix it 50692 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (09/05/2013 07:22:02 PM) (Source: MsiInstaller) (User: Max-Lap)
Description: Product: Microsoft Fix it 50692 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (09/05/2013 07:21:26 PM) (Source: MsiInstaller) (User: Max-Lap)
Description: Product: Microsoft Fix it 50692 -- Error 1921. Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped. Verify that you have sufficient privileges to stop system services.

Error: (09/05/2013 06:51:57 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 23.0.0.4959 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d70

Start Time: 01ceaa8d02884602

Termination Time: 15

Application Path: D:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 231d8ded-1686-11e3-895e-083e8e9a6d56

Error: (09/05/2013 06:09:01 PM) (Source: Microsoft Security Client Setup) (User: Max-Lap)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (09/05/2013 06:08:47 PM) (Source: MsiInstaller) (User: Max-Lap)
Description: Product: Microsoft Security Client -- Error 1316. A network error occurred while attempting to read from the file: C:\Windows\Installer\epp.msi

Error: (09/05/2013 06:08:45 PM) (Source: MsiInstaller) (User: Max-Lap)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (09/05/2013 05:57:36 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/05/2013 05:53:34 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
   The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

System errors:
=============
Error: (09/06/2013 02:01:52 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/06/2013 10:00:49 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/06/2013 05:59:47 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/06/2013 01:58:40 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/06/2013 00:06:46 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (09/05/2013 09:57:37 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (09/05/2013 07:24:31 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (09/05/2013 07:24:05 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%2

Error: (09/05/2013 07:12:48 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Antimalware Service service failed to start due to the following error:
%%5

Error: (09/05/2013 06:58:05 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
Date: 2013-04-25 00:16:25.293
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-25 00:16:25.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-14 23:46:41.986
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-14 23:46:41.944
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 00:08:13.478
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-08 00:08:13.427
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-06 00:01:29.435
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-04-06 00:01:29.387
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-28 01:19:21.289
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-28 01:19:21.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\max\AppData\Local\file_unlock.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 12190.36 MB
Available physical RAM: 5831.3 MB
Total Pagefile: 25178.89 MB
Available Pagefile: 18493.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:73.01 GB) (Free:11.75 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:678.73 GB) (Free:626.57 GB) NTFS
Drive e: (Recovery_Tool) (Fixed) (Total:1.22 GB) (Free:0.62 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (RECOVERY_DATA) (Fixed) (Total:19.9 GB) (Free:2.08 GB) NTFS
Drive n: (public) (Network) (Total:929.44 GB) (Free:320.48 GB) NTFS
Drive y: (public) (Network) (Total:463.69 GB) (Free:135.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: D9F1E8F4)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=73 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: 6E414722)
Partition 1: (Not Active) - (Size=679 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

==================== End Of Log ============================

gringo_pr · September 7, 2013

Hello mheffler

I need you to download this script I have made for you --> fixlist.txt

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.

When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Gringo

mheffler · September 7, 2013

When I first ran frst, it said it wanted to upload a new version and detected a viris and deleted it. I used your link at the top and ran it again:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2013
Ran by max at 2013-09-06 21:31:48 Run:1
Running from C:\Users\max\Desktop\virus
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [searchProtection] - C:\ProgramData\Search Protection\_run.bat [168 2013-05-04] ()
HKU\Administrator\...\Run: [AS2014] - C:\ProgramData\3XsngX33\3XsngX33.exe [x]
HKU\Administrator\...\Winlogon: [shell] explorer.exe,C:\Users\Administrator\AppData\Roaming\cache.dat <==== ATTENTION
C:\Program Files (x86)\Google\Desktop\Install\{e55284f1-7c3f-bbcb-c86c-f534749fcd03}
C:\Users\Administrator\AppData\Roaming\cache.ini
C:\Users\Administrator\AppData\Local\Temp\ConfigurationWizard.exe
C:\Users\Administrator\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\max\jobq.dat
C:\Users\max\AppData\Roaming\cache.ini
C:\Users\max\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\AS2014 => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Program Files (x86)\Google\Desktop\Install\{e55284f1-7c3f-bbcb-c86c-f534749fcd03} => Moved successfully.
C:\Users\Administrator\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\ConfigurationWizard.exe => Moved successfully.
C:\Users\Administrator\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll => Moved successfully.
C:\Users\max\jobq.dat => Moved successfully.
C:\Users\max\AppData\Roaming\cache.ini => Moved successfully.
C:\Users\max\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Windows\system64" => Not Found

========= Dir /b /a:l "C:\Program Files" /s =========

File Not Found

========= End of CMD: =========

==== End of Fixlog ====

gringo_pr · September 7, 2013

Hello mheffler

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

mheffler · September 7, 2013

# AdwCleaner v3.002 - Report created 07/09/2013 at 13:22:10
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : max - MAX-LAP
# Running from : C:\Users\max\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\adawaretb
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Search Protection
Folder Deleted : C:\ProgramData\visualbee
Folder Deleted : C:\Program Files (x86)\adawaretb
Folder Deleted : C:\Program Files\PC Optimizer Pro
Folder Deleted : C:\Users\max\AppData\Local\visualbeeexe
Folder Deleted : C:\Users\max\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\adawaretb
Folder Deleted : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\adawaretb
Folder Deleted : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\jetpack

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cygwin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_cygwin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_logitech-webcam-software_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zipitfree_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_zipitfree_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\Software\adawaretb
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Mozilla Firefox v23.0 (en-US)

[ File : C:\Users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\prefs.js ]

Line Deleted : user_pref("extensions.crossrider.bic", "13aa7eccbf6375fd3677662155ae60e3");

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\max\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6315 octets] - [07/09/2013 07:02:35]
AdwCleaner[s0].txt - [5924 octets] - [07/09/2013 13:22:10]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5984 octets] ##########

mheffler · September 7, 2013

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by max on Sat 09/07/2013 at 13:25:49.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\adawarebp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\adawarebp_rasmancs
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\VisualBeeClientSilent-softonic_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\VisualBeeClientSilent-softonic_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055445593}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066446693}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044444493}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_fx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\aol_pricecheck_ie_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\VisualBeeClientSilent-softonic_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\VisualBeeClientSilent-softonic_RASMANCS

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\max\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"

~~~ Chrome

Successfully deleted: [Folder] C:\Users\max\appdata\local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pbkdpahkifcigckmhiafindmaflfifgm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/07/2013 at 13:29:47.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mheffler · September 7, 2013

When I try to reinstall Microsoft Security Essentials, I get: Service 'Microsoft Antimalware Service' (MsMpSvc) could not be stopped...

Yet the service is stopped and does not start:

The operation cannot be completed.

The system cannot find the file specified.

gringo_pr · September 7, 2013

Hello mheffler

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

mheffler · September 7, 2013

It tells me Antivirus & Antospyware running is Microsoft Security Essentials however there is no tray icon to disable real-time protection. There is a service running (MsMpSvc) that says it is stopped and can't be started.

mheffler · September 7, 2013

ComboFix 13-09-06.01 - max 09/07/2013 18:30:49.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12190.8503 [GMT -5:00]
Running from: c:\users\max\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\max\Documents\Readiris.DUS
c:\windows\PFRO.log
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-07 to 2013-09-07 )))))))))))))))))))))))))))))))
.
.
2013-09-07 18:25 . 2013-09-07 18:25   --------   d-----w-   c:\windows\ERUNT
2013-09-07 12:02 . 2013-09-07 18:22   --------   d-----w-   C:\AdwCleaner
2013-09-06 22:41 . 2013-09-06 22:41   --------   d-----w-   C:\FRST
2013-09-06 11:59 . 2013-09-06 11:59   --------   d-----w-   c:\programdata\Licenses
2013-09-06 11:59 . 2013-09-06 12:01   --------   d-----w-   c:\program files (x86)\SpywareBlaster
2013-09-05 23:08 . 2013-09-05 23:08   --------   d-----w-   c:\windows\TempC6EE759C-0705-7C19-0929-66732D4D24B7-Signatures
2013-09-05 09:19 . 2013-09-05 23:02   --------   d-----w-   c:\programdata\3XsngX33
2013-08-30 01:42 . 2013-08-30 01:42   --------   d-sh--w-   C:\$$PendingFiles
2013-08-29 21:38 . 2013-08-29 21:39   --------   d-----w-   c:\users\Administrator
2013-08-29 21:38 . 2013-08-29 21:39   --------   d-----w-   c:\programdata\jqjde
2013-08-29 12:52 . 2013-08-29 14:56   --------   d-----w-   c:\programdata\kluc
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\program files\iTunes
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\program files\iPod
2013-08-13 21:22 . 2013-07-09 05:52   224256   ----a-w-   c:\windows\system32\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 23:06 . 2012-10-28 22:45   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 23:06 . 2012-10-28 22:45   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 23:06 . 2013-06-12 09:06   17139080   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-14 08:01 . 2012-10-23 02:25   78161360   ----a-w-   c:\windows\system32\MRT.exe
2013-07-10 22:59 . 2013-04-20 20:50   312232   ----a-w-   c:\windows\system32\javaws.exe
2013-07-10 22:59 . 2013-04-20 20:50   189352   ----a-w-   c:\windows\system32\javaw.exe
2013-07-10 22:59 . 2013-04-20 20:50   108968   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-10 22:59 . 2013-04-20 20:50   188840   ----a-w-   c:\windows\system32\java.exe
2013-07-10 22:59 . 2012-10-28 20:04   972712   ----a-w-   c:\windows\system32\deployJava1.dll
2013-07-10 22:59 . 2012-10-28 20:04   1093032   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-07-10 22:57 . 2013-07-10 22:57   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 22:57 . 2012-11-04 01:17   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-07-10 22:57 . 2012-11-04 01:17   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-07-10 22:28 . 2012-10-28 21:10   54728   ----a-w-   c:\windows\system32\drivers\Soluto.sys
2013-07-09 04:45 . 2013-08-13 21:22   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-03 12:01 . 2013-07-03 12:01   928288   ----a-w-   c:\windows\SysWow64\FTBSaver.scr
2013-07-01 19:28 . 2012-10-28 21:05   325920   ----a-w-   c:\windows\SysWow64\Sendori.dll
2013-06-19 02:50 . 2013-06-19 02:50   247216   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2012-08-31 03:03   139616   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2013-04-17 02:28 . 2013-04-17 02:27   9842040   ----a-w-   c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2012-10-30 23:49   159040   ----a-w-   c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="d:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
"SpybotSD TeaTimer"="d:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"FileHippo.com"="d:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"Amazon Cloud Player"="c:\users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-06-21 3108864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-28 291608]
"SystemExplorerAutoStart"="d:\program files (x86)\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-26 636032]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"LWS"="d:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"Family Tree Builder Update"="d:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-07-03 2528256]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-28 75048]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-12-23 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
.
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Fences.lnk - d:\program files (x86)\Stardock\Fences\Fences.exe /startup [2013-7-11 4013744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PrintKey-Pro.lnk - c:\windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe [2012-10-28 1078]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
2;2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
3;2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R3 CLKMSVC10_38F51D56;CyberLink Product - 2012/10/13 03:11;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 file_unlock;file_unlock;c:\users\max\AppData\Local\file_unlock.sys;c:\users\max\AppData\Local\file_unlock.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 SystemExplorerHelpService;System Explorer Service;d:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;d:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R3 XobniService;XobniService;d:\program files (x86)\Xobni\XobniService.exe;d:\program files (x86)\Xobni\XobniService.exe [x]
R3 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 HPPRXSVC;HPPRXSVC;c:\program files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe;c:\program files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 Multiplicity;Stardock Multiplicity 2 Service;d:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe;d:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 19:13   1177552   ----a-w-   c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 23:06]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 21:04]
.
2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 21:04]
.
2013-09-06 c:\windows\Tasks\HPCeeScheduleFormax.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2012-10-30 23:49   191808   ----a-w-   c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-28 170264]
"Fences"="d:\program files (x86)\Stardock\Fences\Fences.exe" [2013-07-11 4013744]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-07-10 1230912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-07-11 552112]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2012-10-30 191808]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
Trusted Zone: adobe.com\www
Trusted Zone: genSmarts.com\searches
Trusted Zone: ilsos.gov
Trusted Zone: mywells.com\support
Trusted Zone: ohiohistory.org
Trusted Zone: storcenter1tb
Trusted Zone: storcenter2tb
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}: NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}\84F4D454D214631423: NameServer = 75.75.76.76,75.75.75.75
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Multiplicity - c:\program files (x86)\Stardock\Multiplicity\multipl.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-MSC - c:\program files\Microsoft Security Client\msseces.exe
SSODL-EldosMountNotificator    REG_SZ    {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files (x86)\Stardock\Multiplicity2\Multipl2.exe
c:\program files (x86)\Sendori\SendoriUp.exe
d:\program files (x86)\Stardock\Multiplicity2\MP2Control.exe
d:\program files (x86)\Stardock\Multiplicity2\MP2Drag.exe
d:\program files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
.
**************************************************************************
.
Completion time: 2013-09-07 18:36:20 - machine was rebooted
ComboFix-quarantined-files.txt 2013-09-07 23:36
.
Pre-Run: 13,016,420,352 bytes free
Post-Run: 12,484,042,752 bytes free
.
- - End Of File - - 52EFE52E605732ACCFB7FCF4BCEB6D16

mheffler · September 8, 2013

Things seem to be better now. Thanks for your help! Any place I should make a donation?

gringo_pr · September 8, 2013

Hello mheffler

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following
- report from Combofix
- let me know of any problems you may have had
- How is the computer doing now after running the script?

Gringo

mheffler · September 8, 2013

ComboFix 13-09-06.01 - max 09/07/2013 20:36:11.2.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.12190.9516 [GMT -5:00]
Running from: \\StorCenter2TB\public\MaxData\Documents and Settings\Administrator\My Documents\Misc\Desktop common\virus\ComboFix.exe
Command switches used :: c:\users\max\Desktop\CFScript.txt
AV: Lavasoft Ad-Aware *Enabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Enabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08 )))))))))))))))))))))))))))))))
.
.
2013-09-08 01:39 . 2013-09-08 01:39   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-09-08 01:34 . 2013-04-11 16:06   39504   ----a-w-   c:\windows\system32\drivers\gfiark.sys
2013-09-08 00:48 . 2013-08-20 05:46   9515512   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{82B946E9-2D50-43EB-8DD1-EFEB3F1BF84E}\mpengine.dll
2013-09-07 23:34 . 2013-09-07 23:34   --------   d-----w-   c:\users\max\AppData\Local\adawarebp
2013-09-07 18:25 . 2013-09-07 18:25   --------   d-----w-   c:\windows\ERUNT
2013-09-07 12:02 . 2013-09-07 18:22   --------   d-----w-   C:\AdwCleaner
2013-09-06 22:41 . 2013-09-06 22:41   --------   d-----w-   C:\FRST
2013-09-06 11:59 . 2013-09-06 11:59   --------   d-----w-   c:\programdata\Licenses
2013-09-06 11:59 . 2013-09-06 12:01   --------   d-----w-   c:\program files (x86)\SpywareBlaster
2013-09-05 23:08 . 2013-09-05 23:08   --------   d-----w-   c:\windows\TempC6EE759C-0705-7C19-0929-66732D4D24B7-Signatures
2013-09-05 09:19 . 2013-09-05 23:02   --------   d-----w-   c:\programdata\3XsngX33
2013-08-30 01:42 . 2013-08-30 01:42   --------   d-sh--w-   C:\$$PendingFiles
2013-08-29 21:38 . 2013-08-29 21:39   --------   d-----w-   c:\users\Administrator
2013-08-29 21:38 . 2013-08-29 21:39   --------   d-----w-   c:\programdata\jqjde
2013-08-29 12:52 . 2013-08-29 14:56   --------   d-----w-   c:\programdata\kluc
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\program files\iTunes
2013-08-20 21:24 . 2013-08-20 21:24   --------   d-----w-   c:\program files\iPod
2013-08-13 21:22 . 2013-07-09 05:52   224256   ----a-w-   c:\windows\system32\wintrust.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 23:06 . 2012-10-28 22:45   71048   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-20 23:06 . 2012-10-28 22:45   692104   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 23:06 . 2013-06-12 09:06   17139080   ----a-w-   c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-08-14 08:01 . 2012-10-23 02:25   78161360   ----a-w-   c:\windows\system32\MRT.exe
2013-08-07 09:22 . 2010-11-21 03:27   278800   ------w-   c:\windows\system32\MpSigStub.exe
2013-07-10 22:59 . 2013-04-20 20:50   312232   ----a-w-   c:\windows\system32\javaws.exe
2013-07-10 22:59 . 2013-04-20 20:50   189352   ----a-w-   c:\windows\system32\javaw.exe
2013-07-10 22:59 . 2013-04-20 20:50   108968   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
2013-07-10 22:59 . 2013-04-20 20:50   188840   ----a-w-   c:\windows\system32\java.exe
2013-07-10 22:59 . 2012-10-28 20:04   972712   ----a-w-   c:\windows\system32\deployJava1.dll
2013-07-10 22:59 . 2012-10-28 20:04   1093032   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-07-10 22:57 . 2013-07-10 22:57   96168   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-10 22:57 . 2012-11-04 01:17   867240   ----a-w-   c:\windows\SysWow64\npDeployJava1.dll
2013-07-10 22:57 . 2012-11-04 01:17   789416   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2013-07-10 22:28 . 2012-10-28 21:10   54728   ----a-w-   c:\windows\system32\drivers\Soluto.sys
2013-07-09 04:45 . 2013-08-13 21:22   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2013-07-03 12:01 . 2013-07-03 12:01   928288   ----a-w-   c:\windows\SysWow64\FTBSaver.scr
2013-07-01 19:28 . 2012-10-28 21:05   325920   ----a-w-   c:\windows\SysWow64\Sendori.dll
2013-06-19 02:50 . 2013-06-19 02:50   247216   ----a-w-   c:\windows\system32\drivers\MpFilter.sys
2013-06-19 02:50 . 2012-08-31 03:03   139616   ----a-w-   c:\windows\system32\drivers\NisDrvWFP.sys
2013-04-17 02:28 . 2013-04-17 02:27   9842040   ----a-w-   c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-02 23:59   222808   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 09:23   1724616   ----a-w-   c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   130736   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2012-10-30 23:49   159040   ----a-w-   c:\windows\SysWOW64\SSCbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="d:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-08-13 439360]
"SpybotSD TeaTimer"="d:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"FileHippo.com"="d:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
"Amazon Cloud Player"="c:\users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2013-06-21 3108864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-28 291608]
"SystemExplorerAutoStart"="d:\program files (x86)\System Explorer\SystemExplorer.exe" [2013-05-16 2851784]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-26 636032]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2011-03-30 87336]
"LWS"="d:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"Family Tree Builder Update"="d:\program files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe" [2013-07-03 2528256]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-12-28 75048]
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2013-04-25 1075296]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-12-23 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
.
c:\users\max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Fences.lnk - d:\program files (x86)\Stardock\Fences\Fences.exe /startup [2013-7-11 4013744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PrintKey-Pro.lnk - c:\windows\Installer\{5EFA4EA3-0604-458C-A06D-485F6B2724C9}\NewShortcut2_6999F52849E742A78F6F4501EF3B5A3A.exe [2012-10-28 1078]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2012-9-24 573536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\SysWOW64\SSCbFsMntNtf3.dll" [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"EldosMountNotificator"= {C28617FD-4FE7-4043-AD51-C8132CE90106} - c:\windows\SysWOW64\SSCbFsMntNtf3.dll [2012-10-30 159040]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
R3 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
R3 CLKMSVC10_38F51D56;CyberLink Product - 2012/10/13 03:11;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys;c:\windows\SYSNATIVE\drivers\dgderdrv.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 file_unlock;file_unlock;c:\users\max\AppData\Local\file_unlock.sys;c:\users\max\AppData\Local\file_unlock.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 gfiark;gfiark;c:\windows\system32\drivers\gfiark.sys;c:\windows\SYSNATIVE\drivers\gfiark.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R3 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [x]
R3 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys;c:\windows\SYSNATIVE\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe;c:\program files\Soluto\SolutoRemoteService.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 usb3Hub;USB-IF USB 3.0 Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R3 XHCIPort;USB-IF xHCI USB Host Controller;c:\windows\system32\DRIVERS\XHCIPort.sys;c:\windows\SYSNATIVE\DRIVERS\XHCIPort.sys [x]
R3 XobniService;XobniService;d:\program files (x86)\Xobni\XobniService.exe;d:\program files (x86)\Xobni\XobniService.exe [x]
R3 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys;c:\windows\SYSNATIVE\drivers\gfibto.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys;c:\windows\SYSNATIVE\DRIVERS\Soluto.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPPRXSVC;HPPRXSVC;c:\program files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe;c:\program files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Multiplicity;Stardock Multiplicity 2 Service;d:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe;d:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe;c:\program files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [x]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys;c:\windows\SYSNATIVE\DRIVERS\sbapifs.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;d:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe;c:\program files\Soluto\SolutoLauncherService.exe [x]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe;c:\program files\Soluto\SolutoService.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys;c:\windows\SYSNATIVE\drivers\bcbtums.sys [x]
S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys;c:\windows\SYSNATIVE\DRIVERS\btwdpan.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 ISCT;Intel® Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\drivers\Smb_driver.sys;c:\windows\SYSNATIVE\drivers\Smb_driver.sys [x]
S3 SSCBFS3;SugarSync CallBack File System driver v3;c:\windows\system32\DRIVERS\sscbfs3.sys;c:\windows\SYSNATIVE\DRIVERS\sscbfs3.sys [x]
S3 SystemExplorerHelpService;System Explorer Service;d:\program files (x86)\System Explorer\service\SystemExplorerService64.exe;d:\program files (x86)\System Explorer\service\SystemExplorerService64.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SBAPIFS
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-04 19:13   1177552   ----a-w-   c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-28 23:06]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 21:04]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-28 21:04]
.
2013-09-06 c:\windows\Tasks\HPCeeScheduleFormax.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-05-02 23:59   261704   ----a-w-   c:\users\max\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-07-13 10:47   2328776   ----a-w-   c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12   164016   ----a-w-   c:\users\max\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{69925D1B-6A0F-4413-861A-81AB98039DB9}"
[HKEY_CLASSES_ROOT\CLSID\{69925D1B-6A0F-4413-861A-81AB98039DB9}]
2012-10-30 23:49   191808   ----a-w-   c:\windows\System32\SSCbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 21:11   778704   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{39D54CC2-69CF-43b4-B167-577D25E7F496}"
[HKEY_CLASSES_ROOT\CLSID\{39D54CC2-69CF-43b4-B167-577D25E7F496}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncSharedPending]
@="{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}"
[HKEY_CLASSES_ROOT\CLSID\{F7395C2E-A5D8-4a32-9536-5C6A9F1DC450}]
2013-06-05 18:50   2157408   ----a-w-   c:\program files (x86)\SugarSync\x64\SugarSyncShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-01-04 1425408]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-01-08 441840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-28 170264]
"Fences"="d:\program files (x86)\Stardock\Fences\Fences.exe" [2013-07-11 4013744]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [bU]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-07-10 1230912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-07-11 552112]
"{C28617FD-4FE7-4043-AD51-C8132CE90106}"= "c:\windows\system32\SSCbFsMntNtf3.dll" [2012-10-30 191808]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;192.168.*.*

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105
Trusted Zone: adobe.com\www
Trusted Zone: genSmarts.com\searches
Trusted Zone: ilsos.gov
Trusted Zone: mywells.com\support
Trusted Zone: ohiohistory.org
Trusted Zone: storcenter1tb
Trusted Zone: storcenter2tb
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}: NameServer = 75.75.76.76,75.75.75.75
TCP: Interfaces\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}\84F4D454D214631423: NameServer = 75.75.76.76,75.75.75.75
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\max\AppData\Roaming\Mozilla\Firefox\Profiles\4s2fk7th.default\
FF - prefs.js: browser.search.selectedEngine - SecureSearch
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SSODL-EldosMountNotificator    REG_SZ    {C28617FD-4FE7-4043-AD51-C8132CE90106}- - (no file)
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
"Key"="http://schemas.microsoft.com/office/smartdocuments/2003"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-07 20:40:34
ComboFix-quarantined-files.txt 2013-09-08 01:40
ComboFix2.txt 2013-09-07 23:36
.
Pre-Run: 12,588,089,344 bytes free
Post-Run: 11,898,232,832 bytes free
.
- - End Of File - - 7B640BCAAB84E6327719E2B2F79EAD1E

gringo_pr · September 8, 2013

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

This small application you may want to keep and use once a week to keep the computer clean.
Download CCleaner from here CCleaner
- Run the installer to install the application.
- When it gives you the option to install Yahoo toolbar uncheck the box next to it.
- Run CCleaner. default settings are fine
- Click Run Cleaner.
- Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

Double-click mbam icon
go to the update tab at the top
click on check for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
- If you accidentally close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

Go Here to download HijackThis program
Save HijackThis to your desktop.
Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
copy and paste hijackthis report into the topic

"information and logs"

In your next post I need the following
- Log From MBAM
- report from Hijackthis
- let me know of any problems you may have had
- How is the computer doing now?

Gringo

mheffler · September 8, 2013

Already had ccleaner install:

DMalwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
max :: MAX-LAP [administrator]

9/7/2013 9:21:48 PM
mbam-log-2013-09-07 (21-21-48).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 260622
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

mheffler · September 8, 2013

Thanks for all of your help. I have just purchased your product due to the incredible support you have given me

gringo_pr · September 8, 2013

Did you run the HijackThis program?

gringo

mheffler · September 8, 2013

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 8:08:41 AM, on 9/8/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)

FIREFOX: 23.0.1 (en-US)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Stardock\Multiplicity2\Multipl2.exe
D:\Program Files (x86)\Stardock\Multiplicity2\MP2Drag.exe
D:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
D:\Program Files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\System Explorer\SystemExplorer.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe
D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
D:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
D:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Users\max\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [systemExplorerAutoStart] "D:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [LWS] D:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Family Tree Builder Update] D:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [bCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [WinPatrol] D:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [spybotSD TeaTimer] D:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [FileHippo.com] "D:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [Amazon Cloud Player] C:\Users\max\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
O4 - Startup: Fences.lnk = D:\Program Files (x86)\Stardock\Fences\Fences.exe
O4 - Global Startup: PrintKey-Pro.lnk = ?
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.adobe.com
O15 - Trusted Zone: http://searches.genSmarts.com

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8B446D1-40A0-4380-B8F4-8EDB762BFA1E}: NameServer = 75.75.76.76,75.75.75.75
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Security Service (BTHSSecurityMgr) - Intel® Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: CyberLink Product - 2012/10/13 03:11:29 (CLKMSVC10_38F51D56) - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HPPRXSVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISCT Always Updated Agent (ISCTAgent) - Unknown owner - C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Microsoft Antimalware Service (MsMpSvc) - Unknown owner - C:\Program Files\Microsoft Security Client\MsMpEng.exe (file missing)
O23 - Service: Stardock Multiplicity 2 Service (Multiplicity) - Stardock Software, Inc - D:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NisSrv - Unknown owner - C:\Program Files\Microsoft Security Client\NisSrv.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - GlavSoft LLC. - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: System Explorer Service (SystemExplorerHelpService) - Mister Group - D:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - D:\Program Files (x86)\Xobni\XobniService.exe
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 27100 bytes

Got the Interpol "Your computer has been blocked" malware

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites