Jump to content

Recommended Posts

I suspect that i have been hijacked.  I am running Win 7 pro on 320GB hard drive partitioned as C: for the OS and M for data.  I have free space on each drive of approx 33 GB.

 

My network connection icon (in system tray) reflects limited connectivity but I actually have a full connection through my router.  I have rebooted the router.  No change.  I have connected to a different router.  No change. Efforts to run sfc/scannow (in regular and safe mode) fail with reports of corrupted system files.  Efforts to troubleshoot the connection fail -- I get a message that webio.dll is missing only it isn't missing.  I have run chkdsk/f and chkdsk/r several times and seem to have clean runs.  I have uninstalled and re-installed the drivers for the NIC without incident.  Firefox has crashed several times and could not be restarted until I reinstalled it.  Efforts to perform an in-place upgrade on Windows to reinstall the webio.dll have failed.

 

I have now run SpyBot S&D and Malwarebytes with clean exams of both drives.  My system regularly runs Avast free version.  All drives have been defragmented.  I tried to run Hitman Pro -- it would not start or if it started, it crashed.

 

Thoughts?

 

Attach.txt -- log

 

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 9/21/2010 8:19:58 PM
System Uptime: 1/3/2014 8:03:59 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0N6705
Processor: Intel® Core2 Duo CPU     T7250  @ 2.00GHz | Microprocessor | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 127 GiB total, 32.737 GiB free.
D: is CDROM ()
M: is FIXED (NTFS) - 171 GiB total, 33.755 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {1860459d-4692-4825-b761-44a725991050}
Description: Acronis Backup Archive Explorer
Device ID: ROOT\ACRONISDEVICES\0001
Manufacturer: Acronis, Inc.
Name: Acronis Backup Archive Explorer
PNP Device ID: ROOT\ACRONISDEVICES\0001
Service: timounter
.
Class GUID: {1378e71b-ab4d-4348-af26-cba56b12969e}
Description: StorLib bus (virtual storages support)
Device ID: ROOT\STORLIB\0000
Manufacturer: EldoS Corporation
Name: StorLib bus (virtual storages support)
PNP Device ID: ROOT\STORLIB\0000
Service: cbfs3
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IKEv2)
Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (IKEv2)
PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000
Service: RasAgileVpn
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (Network Monitor)
Device ID: ROOT\MS_NDISWANBH\0000
Manufacturer: Microsoft
Name: WAN Miniport (Network Monitor)
PNP Device ID: ROOT\MS_NDISWANBH\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink Fast Ethernet
Device ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02091028&REV_02\4&2902BDE7&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink Fast Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02091028&REV_02\4&2902BDE7&0&00E5
Service: b57nd60a
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (IPv6)
Device ID: ROOT\MS_NDISWANIPV6\0000
Manufacturer: Microsoft
Name: WAN Miniport (IPv6)
PNP Device ID: ROOT\MS_NDISWANIPV6\0000
Service: NdisWan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: WAN Miniport (SSTP)
Device ID: ROOT\MS_SSTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (SSTP)
PNP Device ID: ROOT\MS_SSTPMINIPORT\0000
Service: RasSstp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&167DD0C&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&167DD0C&0&2
Service: BthPan
.
Class GUID: 
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: 
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service: 
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8000 A809
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Officejet Pro 8000 A809
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service: 
.
==== System Restore Points ===================
.
RP1250: 1/3/2014 7:37:59 AM - Installed RT 7 Lite x64
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer
7-Zip 9.20 (x64 edition)
8000A809
8000A809_eDocs
8000A809_Help
ABC Amber LIT Converter
ABC Amber Outlook Converter
ABC Amber PDF Converter
Acronis True Image Home 2012
Adobe Acrobat 8 Professional
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Professional
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Advanced File Organizer 3.01
Advanced Fix 2013 version 2.1.3.83
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ARTS PDF Aerialist Professional 1.2
Ascendo DataVault 4.9.12
Ashampoo Burning Studio 2012 v10.0.15
Asterisk Key 10.0
Attribute Changer 6.20
Audacity 2.0.4
AutoSplit Pro Plug-In, v. 2.2
avast! EasyPass
avast! Free Antivirus
Belarc Advisor 7.2
Bonjour
Bonjour Print Services
BPDSoftware
BPDSoftware_Ini
BRAdmin Professional 3
Bring To OneNote for Office 2007 v3.0.0.10
Broadcom Gigabit Integrated Controller
Brother BRAgent 1.33.0000
Brother MFL-Pro Suite MFC-8870DW
BufferChm
Bytescout BarCode Generator 2.00.241 (FREEWARE)
calibre
CCleaner
CDBurnerXP
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco WebEx Meetings
CoolUtils Mail Viewer
Core Temp 1.0 RC3
CoreLib
Credenza
CrystalDiskInfo 3.1.1
Dell Driver Download Manager
Dell Resource CD
Dell System Detect
Dell Touchpad
Dell Wireless WLAN Card
Device Remover
DeviceDiscovery
DiskPie 2.1
Download Updater (AOL LLC)
Dropbox
DVDFab 8.0.5.6 (05/12/2010)
DYMO Label v.8
DYMO Stamps
EASEUS Partition Master 3.5 Unlimited Edition
Emsisoft Anti-Malware
Eraser 6.0.8.2273
ERUNT 1.1j
Ever2One Converter
Evernote v. 5.0.3
ExportOutlookNotestoOneNoteAddinSetup
eXpress TimeStamp Toucher
Family Tree Maker 2010
Fast Duplicate File Finder 1.1.0.0
FastStone Image Viewer 4.6
Fences 2
File Renamer
File Shredder 2.0
FoxTab PDF Creator
GnuCash 2.4.8
GoodSync
Google Chrome
Google Earth
Google Update Helper
GPBaseService2
GPL Ghostscript 9.00
GSview 4.9
gSyncit
Guifications Plugin (remove only)
HijackThis 1.99.1
HP Imaging Device Functions 14.0
HP Officejet Pro 8000 A809 Series
HP Solution Center 14.0
HPProductAssistant
iCloud
iClover 1.0.1
iFunbox (v2.1.2228.731), iFunbox DevTeam
Intel® Graphics Media Accelerator Driver
iPhone Backup Extractor
IrfanView (remove only)
iTunes
Java 7 Update 17 (64-bit)
Java 7 Update 45
Java Auto Updater
Java 6 Update 39 (64-bit)
jlGui 3.1
Karen's Directory Printer
Kernel Outlook PST Viewer ver 11.05.01
LAME v3.99.3 (for Windows)
Laptop Integrated Webcam Driver (1.04.01.1011)  
LastPass (uninstall only)
LexisNexis CaseMap 8
LexisNexis NoteMap 2
LexisNexis TextMap 5
LexisNexis TimeMap 4
LexisNexis® CD on Folio® 4
Livescribe Connect
Livescribe Desktop
LogonStudio
Malwarebytes Anti-Malware version 1.75.0.1300
Metrofax Outlook Fax AddIn
MetroFax Printer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4.5.1
Microsoft Filter Pack 1.0
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Gadgets for Windows SideShow
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Personal Folders Backup
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft WSE 3.0
Mindjet MindManager 8
Missing Attachment PowerToy Setup
MobileNoter
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSGTAG Status
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
myPhoneDesktop 2.0.3
NEO Pro
Network64
Nitro PDF Professional
Nuance OmniPage 17
Nuance PaperPort 12
ObjectDock Plus
Octoshape add-in for Adobe Flash Player
ODIR
ON Table of Content Setup
OneTouch 4.6
OutlookToOneNoteAddInSetup
Paint.NET v3.36
PaperPort Image Printer 64-bit
PDF-XChange 3
PhoneClean 2.2.0
Picasa 3
Pidgin
PressReader
ProductContext
Q-Dir
Quicken 2007
Quicken 2013
QuickTime
Recuva
Rename Master
Revo Uninstaller 1.95
RICOH R5C83x/84x Media Driver x64 Ver.5.03.03
RT 7 Lite (64-Bit)
RT 7 Lite x64
Sage Timeslips 2011
Samsung ML-2855 Series
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
SendtoOneNote
SigmaTel Audio
Simpo PDF to Text 2.1.5.0
Skype Toolbars
Skype™ 5.10
SlingPlayer
Smart Defrag 2
SmartDraw 2010
Snagit 10.0.1
Software Update Wizard (Redistributable) 4.5
SolutionCenter
SplashID iPhone Desktop 5.4
SplashID Safe 7.0.9
Spybot - Search & Destroy
Status
swMSM
Syncios version 2.1.3
SysTools Outlook PST Viewer 3.0
Tansee iPhone Transfer SMS 6.0.0.0
TEC-IT TFORMer 6.0
TeraCopy 1.22
The LaptopLock 0.94
Timeslips by Sage 2008
ToneSync for Windows
Toolbox
TouchChip USB Driver 2.6
TrayApp
TurboTax 2010
TurboTax 2010 wcaiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Manager
VersaCheck 2002 Home And Business
WavePad Sound Editor
WebReg
WebSlingPlayer ActiveX
WePrint
WIDCOMM Bluetooth Software 6.0.1.3100
WinDirStat 1.1.2
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
WinX Bluray DVD iPad Ripper 4.5.5
WinX iPhone Video Converter 4.0.12
Wondershare Dr.Fone for iOS(Build 3.1.0.111)
WordPerfect Office X3 - Home Edition Software Bundle
WordPerfect Office X3 - Home Edition, Task Manager
WordPerfect OfficeReady
WordPerfect® Office X3 - Home Edition
X1
Xerox DocuMate 252 Driver
XnView 1.95.4
xplorer² professional
XPS2OneNote
Xvid 1.2.2 final uninstall
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
1/3/2014 9:04:41 AM, Error: Service Control Manager [7023]  - The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error:  The specified module could not be found.
1/3/2014 8:30:27 AM, Error: Service Control Manager [7023]  - The Secure Socket Tunneling Protocol Service service terminated with the following error:  The specified module could not be found.
1/3/2014 8:30:27 AM, Error: Service Control Manager [7023]  - The Network Location Awareness service terminated with the following error:  The specified module could not be found.
1/3/2014 8:30:27 AM, Error: Service Control Manager [7001]  - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error:  The specified module could not be found.
1/3/2014 8:30:27 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The specified module could not be found.
1/3/2014 8:11:10 AM, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  The specified module could not be found.
1/3/2014 8:11:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007007e'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/3/2014 8:07:03 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/3/2014 8:06:06 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the WePrint Server service to connect.
1/3/2014 8:06:06 AM, Error: Service Control Manager [7000]  - The WinFLdrv service failed to start due to the following error:  The system cannot find the file specified.
1/3/2014 8:06:06 AM, Error: Service Control Manager [7000]  - The WePrint Server service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
1/3/2014 8:05:22 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147024769
1/3/2014 8:05:17 AM, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the file specified.
1/3/2014 8:05:11 AM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Neal\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.
1/3/2014 7:01:31 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 7:01:30 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/3/2014 7:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/3/2014 7:01:25 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/3/2014 7:01:23 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/3/2014 7:01:15 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/3/2014 6:59:50 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 6:59:46 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
1/3/2014 5:03:02 AM, Error: Service Control Manager [7022]  - The Intuit Update Service service hung on starting.
1/3/2014 4:21:41 AM, Error: Service Control Manager [7031]  - The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/3/2014 4:09:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003081ac5, 0xfffff880090a1930, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010314-49873-01.
1/3/2014 4:09:09 AM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
1/3/2014 4:04:19 AM, Error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
1/3/2014 4:01:19 AM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2014 3:59:54 AM, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/3/2014 3:52:45 AM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2014 9:46:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
1/2/2014 8:48:00 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/2/2014 8:44:48 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
1/2/2014 10:20:51 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
1/2/2014 10:20:51 PM, Error: Service Control Manager [7000]  - The SBSD Security Center Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
 
 
dds.txt -- log
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.45.2
Run by Neal at 8:59:19 on 2014-01-03
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4086.924 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PSIService.exe
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\SysWOW64\TSSchBkpService.exe
C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Timeslips\TSTimer.exe
C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\Neal\AppData\Local\Apps\2.0\A755BWEZ.TCB\ZR85D22V.M4B\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe
C:\Windows\OEM02Mon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\WePrint\WePrint Server.exe
C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Neal\Desktop\HijackThis.exe
C:\Program Files (x86)\NEO Pro\NEOPro.exe
C:\Windows\SysWOW64\W32MKDE.EXE
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Malwarebytes\mbam.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [MSGTAG] "C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe" /startup
uRun: [iSUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [skyDrive] "C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [TSTimer] C:\Program Files (x86)\Timeslips\TSTimer.exe
uRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ZedgeToneSync] C:\Users\Neal\AppData\Local\Apps\2.0\Data\QLT2KYKJ.HC9\N63NMC0M.HAV\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup
mRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
mRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [TheLaptopLock] C:\Program Files (x86)\The LaptopLock\LaptopLock.exe /startup
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPHON~1.LNK - C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEPRIN~1.LNK - C:\Program Files (x86)\WePrint\WePrint Server.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\METROF~1.LNK - C:\Windows\Installer\{34BF0FBD-6D45-4261-B329-678DE3542FFA}\FPStartupIcon.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bring to OneNote - C:\Program Files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201
IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: LastPass - C:\Users\Neal\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - C:\Users\Neal\AppData\LocalLow\LastPass\context.html?cmd=fillforms
IE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S&end to OneNote - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll/105
IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Save to DataVault - C:\Program Files (x86)\DataVault/iemenuext.htm
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send To CaseMap - C:\Windows\System32\lnToCM.htm
IE: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.254 192.168.2.1
TCP: Interfaces\{DBD55E58-7551-4964-8209-81541F359ED2} : DHCPNameServer = 192.168.1.254 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.nbcnews.com
FF - plugin: C:\Program Files (x86)\DataVault\npapi.dll
FF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dll
FF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
FF - ExtSQL: 2013-11-03 15:28; jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack; C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpi
FF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; C:\Program Files (x86)\DataVault\firefox
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 204880]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-8-4 137312]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-12-29 17720]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-8-4 211552]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-8-5 146528]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-12-28 26176]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-26 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-26 378944]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-28 4161512]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2010-9-21 86016]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-8-5 3459024]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-26 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-26 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-12 46808]
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-5 65536]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-3-21 341312]
R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-31 68928]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]
R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-2 11576]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-8-5 367200]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-12-28 70960]
S3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-20 57024]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-9-22 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-9-22 9096]
S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-9-30 17920]
S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-10-18 26112]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-15 57856]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [userChoice]
FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]
FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2014-01-03 12:38:53 -------- d-----w- C:\Windows\System32\RT 7 Lite
2014-01-03 12:38:48 -------- d-----w- C:\Program Files\Rockers Team
2014-01-03 11:52:46 -------- d-----w- C:\ProgramData\HitmanPro
2014-01-03 01:10:56 -------- d-----w- C:\Program Files (x86)\Advanced Fix 2013
2014-01-02 20:37:59 271256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-01-02 07:23:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll
2014-01-02 01:40:09 -------- d-----w- C:\Users\Neal\AppData\Roaming\Ascendo
2014-01-02 01:33:42 -------- d-----w- C:\Program Files (x86)\DataVault
2014-01-02 00:38:21 -------- d-----w- C:\Users\Neal\AppData\Local\PasswordSafe
2013-12-31 13:45:16 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll
2013-12-29 08:41:45 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe
2013-12-29 08:40:44 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys
2013-12-27 17:48:02 -------- d-----w- C:\MATS
2013-12-12 08:09:11 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:09:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:09:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:09:07 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2013-12-12 04:37:44 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-12-08 03:13:35 -------- d-----w- C:\Users\Neal\AppData\Local\mSeven_Software
.
==================== Find3M  ====================
.
2014-01-03 13:45:19 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2013-12-31 19:09:26 900 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys
2013-12-10 22:35:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:35:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-13 18:05:36 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-11 12:52:26 12767232 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-13 15:56:58 565827 ----a-w- C:\ProgramData\sqlite3.dll
2013-10-13 15:56:57 217088 ----a-w- C:\ProgramData\SDPlatformMgr.dll
2013-10-13 15:56:55 8972440 ----a-w- C:\ProgramData\SplashID%20Safe.exe
2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe
2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe
2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
.
============= FINISH:  9:04:51.39 ===============
 

 

Link to post
Share on other sites

  • Staff

Hello kinetix12

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Gringo -- I appreciate the help.  I have posted the requested logs below.  I ran adwcleaner this morning and post the log from that run as well. I will not run any others independently.

 

I note that I did not receive notification of your email even though I had previously marked the post to receive instant notification.  I have checked my email and there was no notice in my inbox, spam, junk or anywhere else.  I will continue to check back.

 

The symptoms continue -- the USB safe eject does not work, and the window that pops up is corrupted too.

 

Thanks,

 

kinetix12

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Professional x64
Ran by Neal on Mon 01/06/2014 at 19:40:47.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Windows\freecorder"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 20:00:16.09
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
I ran adwcleaner earlier today and post both logs below so you can see them both.  Needless to say, as you are now assisting, I will refrain from anything further independently.  
 
Thanks,
 
 
# AdwCleaner v3.016 - Report created 06/01/2014 at 10:55:05
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Neal - NEAL-PC
# Running from : C:\Users\Neal\AppData\Local\Temp\dlmCCBF.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Neal\AppData\Local\PackageAware
[x] Not Deleted : C:\Users\Neal\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Neal\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Neal\AppData\Roaming\thinstall
Folder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\Conduit
Folder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\ConduitEngine
Folder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\CT1060933
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Folder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
File Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\Extensions\wtxpcom@mybrowserbar.com
File Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\invalidprefs.js
File Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\searchplugins\Askcom.xml
File Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tansee iPhone Transfer SMS_is1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wavepad_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wavepad_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ]
 
Line Deleted : user_pref("CT1060933.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.FirstTime", "true");
Line Deleted : user_pref("CT1060933.FirstTimeFF3", "true");
Line Deleted : user_pref("CT1060933.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT1060933.RevertSettingsEnabled", false);
Line Deleted : user_pref("CT1060933.UserID", "UN33119168512001660");
Line Deleted : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT1060933.autoDisableScopes", 10);
Line Deleted : user_pref("CT1060933.cbcountry_001", "US");
Line Deleted : user_pref("CT1060933.cbfirsttime", "Wed Jul 18 2012 08:03:08 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1060933.defaultSearch", "false");
Line Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT1060933.enableAlerts", "false");
Line Deleted : user_pref("CT1060933.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT1060933.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT1060933.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT1060933.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT1060933.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT1060933.fixUrls", true);
Line Deleted : user_pref("CT1060933.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT1060933.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT1060933.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT1060933.isNewTabEnabled", true);
Line Deleted : user_pref("CT1060933.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT1060933.lastVersion", "10.15.0.562");
Line Deleted : user_pref("CT1060933.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.fieldstonsoftware.com%2Fsoftware%2Fgsyncit3%2Fdownload.shtml\",\"EB_MAIN_FRAME_TITLE\":\[...]
Line Deleted : user_pref("CT1060933.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.openThankYouPage", "false");
Line Deleted : user_pref("CT1060933.openUninstallPage", "true");
Line Deleted : user_pref("CT1060933.search.searchAppId", "128280995260143876");
Line Deleted : user_pref("CT1060933.search.searchCount", "0");
Line Deleted : user_pref("CT1060933.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1060933\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freecorder\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342497970188");
Line Deleted : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1342497972652");
Line Deleted : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1342526581236");
Line Deleted : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342497971668");
Line Deleted : user_pref("CT1060933.serviceLayer_services_location_lastUpdate", "1366670110679");
Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343059324255");
Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358785835659");
Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362603425098");
Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364159971333");
Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366670109875");
Line Deleted : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1342526585816");
Line Deleted : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342497971619");
Line Deleted : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1342497969008");
Line Deleted : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1366670109458");
Line Deleted : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342497970827");
Line Deleted : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1366670109670");
Line Deleted : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1366670109859");
Line Deleted : user_pref("CT1060933.settingsINI", true);
Line Deleted : user_pref("CT1060933.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT1060933.showToolbarPermission", "false");
Line Deleted : user_pref("CT1060933.smartbar.CTID", "CT1060933");
Line Deleted : user_pref("CT1060933.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT1060933.smartbar.isHidden", true);
Line Deleted : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");
Line Deleted : user_pref("CT1060933.startPage", "userChanged");
Line Deleted : user_pref("CT1060933.toolbarBornServerTime", "17-7-2012");
Line Deleted : user_pref("CT1060933.toolbarCurrentServerTime", "23-4-2013");
Line Deleted : user_pref("CT1060933.toolbarDisabled", "true");
Line Deleted : user_pref("CT1060933.toolbarLoginClientTime", "Sun Mar 24 2013 18:56:07 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1060933.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366669987443,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");
Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 29 2011 07:43:51 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 18 2011 14:51:05 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 11 2011 08:03:30 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "{880b6070-cc2b-470e-9c04-a2d09e505ff1}");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "5f4ad80d-7256-4d52-9b65-071fee2e25ea");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 01 2012 20:24:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 01 2012 20:24:33 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 01 2012 20:24:25 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "1157cb4b-9016-4769-bcae-8008ce5c9da2");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jul 12 2011 16:38:16 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 17");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 10:55:43 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 10:55:42 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN28985429268335630");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 15:50:58 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("ConduitEngine.usagesFlag", 2);
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]
AdwCleaner[s0].txt - [26448 octets] - [06/01/2014 10:55:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [26509 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
# AdwCleaner v3.016 - Report created 06/01/2014 at 19:33:58
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Neal - NEAL-PC
# Running from : C:\Users\Neal\AppData\Local\Temp\dlm11A0.tmp\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Neal\AppData\LocalLow\Conduit
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\FLEXnet
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v26.0 (en-US)
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ]
 
 
[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ]
 
 
-\\ Google Chrome v31.0.1650.63
 
[ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]
AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]
AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]
AdwCleaner[s1].txt - [2235 octets] - [06/01/2014 19:33:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2295 octets] ##########
 
Link to post
Share on other sites

  • Staff

Hello kinetix12

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Gringo --

 

I ran combofix with the following observations

1. i noted a reference to a problem with sbeserver.exe and a repair; I saw that issue before and a supposed repair.

2. there was an error message -- Cannot export APISvc:Error writing the file. There may be a disk or file system error.  I pressed "OK" and the window disappeared.

3. I did not realize I has Windows defender enabled when I ran the combofix; please let me know if I need to re-run.

The log file follows:

 

Thanks,,

 

Kinetix12

 

ComboFix 14-01-08.03 - Neal 01/09/2014  18:39:54.2.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4086.2114 [GMT -5:00]
Running from: m:\download\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Neal\AppData\Local\assembly\tmp
.
---- Previous Run -------
.
c:\programdata\SplashID.ico
c:\programdata\sqlite3.dll
c:\users\Neal\AppData\Local\Temp\IntResource.dll
c:\users\Neal\AppData\Roaming\inst.exe
c:\windows\Installer\{34BF0FBD-6D45-4261-B329-678DE3542FFA}\FPStartupIcon.exe
c:\windows\iun6002.exe
c:\windows\neoqaz2.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\regobj.dll
M:\install.exe
.
-- Previous Run --
.
Infected copy of c:\windows\ehome\CreateDisc\SBEServer.exe was found and disinfected 
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.1.7600.16385_none_7906f8e872eb5483\SBEServer.exe 
.
--------
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-09 to 2014-01-09  )))))))))))))))))))))))))))))))
.
.
2014-01-09 23:55 . 2014-01-09 23:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-01-09 23:55 . 2014-01-09 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-07 00:40 . 2014-01-07 00:40 -------- d-----w- c:\windows\ERUNT
2014-01-06 21:06 . 2014-01-06 21:06 -------- d-----w- C:\found.002
2014-01-06 15:49 . 2014-01-07 00:34 -------- d-----w- C:\AdwCleaner
2014-01-06 01:01 . 2011-11-17 05:35 314880 ----a-w- C:\webio.dll
2014-01-04 16:26 . 2014-01-04 16:26 -------- d-----w- c:\users\Neal\AppData\Roaming\Agile Web Solutions
2014-01-04 16:26 . 2013-08-15 20:50 1769984 ----a-w- c:\windows\SysWow64\ChilkatCert.dll
2014-01-04 16:26 . 2013-08-15 20:49 2403328 ----a-w- c:\windows\SysWow64\ChilkatSocket.dll
2014-01-04 16:26 . 2013-01-10 15:23 1580784 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll
2014-01-04 16:26 . 2012-08-06 22:39 2416640 ----a-w- c:\windows\SysWow64\ChilkatZip2.dll
2014-01-04 16:26 . 2014-01-05 01:24 -------- d-----w- c:\program files (x86)\1Password
2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files\Common Files\SPBA
2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files (x86)\Common Files\SPBA
2014-01-04 07:09 . 2014-01-05 02:33 -------- d-----w- c:\program files\Protector Suite
2014-01-04 01:49 . 2014-01-04 01:49 -------- d-----w- c:\program files (x86)\Dashlane
2014-01-04 01:47 . 2014-01-04 01:47 -------- d-----w- c:\users\Neal\AppData\Local\Packages
2014-01-03 21:42 . 2014-01-03 21:42 -------- d-----w- c:\users\Neal\AppData\Roaming\Tools
2014-01-03 13:26 . 2014-01-03 13:26 -------- d-----w- c:\program files\HijackThis
2014-01-03 11:52 . 2014-01-03 11:52 -------- d-----w- c:\programdata\HitmanPro
2014-01-03 01:10 . 2014-01-05 22:50 -------- d-----w- c:\program files (x86)\Advanced Fix 2013
2014-01-02 07:23 . 2014-01-05 08:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll
2014-01-02 01:40 . 2014-01-02 01:40 -------- d-----w- c:\users\Neal\AppData\Roaming\Ascendo
2014-01-02 01:33 . 2014-01-02 01:33 -------- d-----w- c:\program files (x86)\DataVault
2014-01-02 00:38 . 2014-01-02 01:31 -------- d-----w- c:\users\Neal\AppData\Local\PasswordSafe
2013-12-31 13:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll
2013-12-29 08:41 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2013-12-29 08:40 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- C:\MATS
2013-12-12 08:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2013-12-12 08:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2013-12-12 08:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2013-12-12 08:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2013-12-12 04:37 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-09 23:38 . 2012-10-24 15:41 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2013-12-10 22:35 . 2013-07-18 03:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:35 . 2013-07-18 03:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 19:42 . 2010-09-23 19:20 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-11-19 08:33 . 2010-09-22 00:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 18:05 . 2010-09-22 02:45 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2013-11-11 12:52 . 2013-11-11 12:52 12767232 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
2013-10-13 15:56 . 2013-08-15 22:07 217088 ----a-w- c:\programdata\SDPlatformMgr.dll
2013-10-13 15:56 . 2013-08-15 22:07 8972440 ----a-w- c:\programdata\SplashID%20Safe.exe
2013-10-12 02:30 . 2013-11-13 20:57 830464 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 20:57 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 20:57 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 20:57 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 20:57 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]
"SkyDrive"="c:\users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2013-12-28 167424]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]
"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]
"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
.
c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]
Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]
myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]
XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ   scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]
R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]
R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]
S2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 18:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]
.
2014-01-07 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 192.168.2.1
FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.nbcnews.com
FF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefox
FF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
ShellIconOverlayIdentifiers- - (no file)
AddRemove-asterisk key - e:\passware\un-ariskkey.exe
AddRemove-FastStone Image Viewer - e:\faststone image viewer\uninst.exe
AddRemove-Simpo PDF to Text_is1 - e:\simpo pdf to text\unins000.exe
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
AddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exe
AddRemove-{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1 - c:\program files (x86)\iMobie\PhoneClean\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WBA_Agent_Client]
"ImagePath"="c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebUpdate4]
"ImagePath"="c:\windows\SysWOW64\WebUpdateSvc4.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WePrint]
"ImagePath"="c:\program files (x86)\WePrint\WePrint Server.exe -s"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinFLdrv]
"ImagePath"="SysWOW64\WinFLdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUSB]
"ImagePath"="system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinVd32]
"ImagePath"="\??\c:\windows\WinVd32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]
"ImagePath"="%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]
"ImagePath"="system32\DRIVERS\WSDPrint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{2071812E-67B2-4BFF-B953-19A28561A1BC}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{41C0BAC8-4EAD-4DC3-B7B4-2EC6CC23D861}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6D4E804F-CD0B-40EA-821F-671EB6C5CF17}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7A813562-D451-4DEC-8345-B4F7A5B6FE47}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{90EB6286-19F2-46F6-AA36-D226A2BE9FA8}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D2914755-4D74-4C4F-B1D6-57B451B4E90E}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{DBD55E58-7551-4964-8209-81541F359ED2}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{EF442AFD-A2E9-47E4-A2A1-B97AB316F615}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3564563494-913306411-1808835572-1000\Software\Brother\ControlCenter\3.0\MFC-8870DW LAN\Tabs\0000\Button3\HardB*n\BtnAction]
"FoldeáPopup"=dword:00004301
"DestFolder"="c:\\Users\\Nea?\\Pi?tures\\ControlCe?ter?\\Scan"
"PrefixFileName"="CCF"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-01-09  19:00:28
ComboFix-quarantined-files.txt  2014-01-10 00:00
.
Pre-Run: 34,471,890,944 bytes free
Post-Run: 34,565,947,392 bytes free
.
- - End Of File - - 0B6492D524313771AC26539AB871CC01
A36C5E4F47E84449FF07ED3517B43A31
Link to post
Share on other sites

  • Staff

Hello kinetix12

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Gringo --

Thanks; the log file follows.  The computer appears to function but I have the following comments.

1. When I ran combofix, I received the following error message -- Cannot export APISvc: Error writing the file.  There may be a disk or file system error.  This is the same error message received previously.

2. The network icon in the system trays still shows a turning bright dot instead of the normal green stair step indicator of a network connection; there is a note when the  mouse hovers over the icon of limited connectivity but I think I actually have complete connectivity;

3. when I rebooted, I receive an error message for the program "eraser" (a file deletion program) and fences2  (a Stardock program) when they load as a part of the startup sequence.  The error message continues to reflect that there is a webio.dll error and the error message warns that the program cannot start as that file is missing.  In fact, both programs work fine.  The fingerprint reader program (Upek Protector Syite) still tried to load but can't  -- there continues to be an error message about an object reference being missing.  Previously I removed and reinstalled that program with no change but In all other respects the computer seems to be working.

 

the log follows:

 

ComboFix 14-01-08.03 - Neal 01/10/2014  13:52:13.3.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4086.1922 [GMT -5:00]

Running from: m:\download\ComboFix.exe

Command switches used :: c:\users\Neal\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Neal\AppData\Local\assembly\tmp

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-10 to 2014-01-10  )))))))))))))))))))))))))))))))

.

.

2014-01-10 19:05 . 2014-01-10 19:05         --------   d-----w-                c:\windows\system32\config\systemprofile\AppData\Local\temp

2014-01-10 19:05 . 2014-01-10 19:05         --------   d-----w-                c:\users\Default\AppData\Local\temp

2014-01-07 00:40 . 2014-01-07 00:40         --------   d-----w-                c:\windows\ERUNT

2014-01-06 21:06 . 2014-01-06 21:06         --------   d-----w-                C:\found.002

2014-01-06 15:49 . 2014-01-07 00:34         --------   d-----w-                C:\AdwCleaner

2014-01-06 01:01 . 2011-11-17 05:35         314880  ----a-w-                C:\webio.dll

2014-01-04 16:26 . 2014-01-04 16:26         --------   d-----w-                c:\users\Neal\AppData\Roaming\Agile Web Solutions

2014-01-04 16:26 . 2013-08-15 20:50         1769984                ----a-w-                c:\windows\SysWow64\ChilkatCert.dll

2014-01-04 16:26 . 2013-08-15 20:49         2403328                ----a-w-                c:\windows\SysWow64\ChilkatSocket.dll

2014-01-04 16:26 . 2013-01-10 15:23         1580784                ----a-w-                c:\windows\SysWow64\ChilkatCrypt2.dll

2014-01-04 16:26 . 2012-08-06 22:39         2416640                ----a-w-                c:\windows\SysWow64\ChilkatZip2.dll

2014-01-04 16:26 . 2014-01-05 01:24         --------   d-----w-                c:\program files (x86)\1Password

2014-01-04 07:09 . 2014-01-04 07:09         --------   d-----w-                c:\program files\Common Files\SPBA

2014-01-04 07:09 . 2014-01-04 07:09         --------   d-----w-                c:\program files (x86)\Common Files\SPBA

2014-01-04 07:09 . 2014-01-05 02:33         --------   d-----w-                c:\program files\Protector Suite

2014-01-04 01:49 . 2014-01-04 01:49         --------   d-----w-                c:\program files (x86)\Dashlane

2014-01-04 01:47 . 2014-01-04 01:47         --------   d-----w-                c:\users\Neal\AppData\Local\Packages

2014-01-03 21:42 . 2014-01-03 21:42         --------   d-----w-                c:\users\Neal\AppData\Roaming\Tools

2014-01-03 13:26 . 2014-01-03 13:26         --------   d-----w-                c:\program files\HijackThis

2014-01-03 11:52 . 2014-01-03 11:52         --------   d-----w-                c:\programdata\HitmanPro

2014-01-03 01:10 . 2014-01-05 22:50         --------   d-----w-                c:\program files (x86)\Advanced Fix 2013

2014-01-02 07:23 . 2014-01-10 11:36         75888    ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll

2014-01-02 01:40 . 2014-01-02 01:40         --------   d-----w-                c:\users\Neal\AppData\Roaming\Ascendo

2014-01-02 01:33 . 2014-01-02 01:33         --------   d-----w-                c:\program files (x86)\DataVault

2014-01-02 00:38 . 2014-01-02 01:31         --------   d-----w-                c:\users\Neal\AppData\Local\PasswordSafe

2013-12-31 13:45 . 2013-12-04 03:28         10315576             ----a-w-                c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll

2013-12-29 08:41 . 2013-05-22 23:49         32600    ----a-w-                c:\windows\system32\SmartDefragBootTime.exe

2013-12-29 08:40 . 2013-05-22 23:49         17720    ----a-w-                c:\windows\system32\drivers\SmartDefragDriver.sys

2013-12-27 17:48 . 2013-12-27 17:48         --------   d-----w-                C:\MATS

2013-12-12 08:09 . 2013-05-10 03:48         164864  ----a-w-                c:\program files (x86)\Windows Media Player\wmplayer.exe

2013-12-12 08:09 . 2013-05-10 04:30         167424  ----a-w-                c:\program files\Windows Media Player\wmplayer.exe

2013-12-12 08:09 . 2013-05-10 05:56         12625920             ----a-w-                c:\windows\system32\wmploc.DLL

2013-12-12 08:09 . 2013-05-10 04:56         12625408             ----a-w-                c:\windows\SysWow64\wmploc.DLL

2013-12-12 08:09 . 2013-05-10 05:56         14631424             ----a-w-                c:\windows\system32\wmp.dll

2013-12-12 04:37 . 2013-10-30 02:32         335360  ----a-w-                c:\windows\system32\msieftp.dll

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-10 18:56 . 2012-10-24 15:41         29           ----a-w-                c:\windows\SysWow64\TempWmicBatchFile.bat

2013-12-10 22:35 . 2013-07-18 03:12         71048    ----a-w-                c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-12-10 22:35 . 2013-07-18 03:12         692616  ----a-w-                c:\windows\SysWow64\FlashPlayerApp.exe

2013-12-01 19:42 . 2010-09-23 19:20         90708896             ----a-w-                c:\windows\system32\MRT.exe

2013-11-19 08:33 . 2010-09-22 00:27         267936  ------w- c:\windows\system32\MpSigStub.exe

2013-11-13 18:05 . 2010-09-22 02:45         47633    ----a-w-                c:\windows\SysWow64\wuwuninst.exe

2013-11-11 12:52 . 2013-11-11 12:52         12767232             ----a-w-                c:\program files (x86)\Common Files\lpuninstall.exe

2013-10-13 15:56 . 2013-08-15 22:07         217088  ----a-w-                c:\programdata\SDPlatformMgr.dll

2013-10-13 15:56 . 2013-08-15 22:07         8972440                ----a-w-                c:\programdata\SplashID%20Safe.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-14 15:03              222832  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-14 15:03              222832  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-14 15:03              222832  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              131248  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              131248  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              131248  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              131248  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]

"SkyDrive"="c:\users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]

"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2013-12-28 167424]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]

"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]

"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]

"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]

"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]

"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]

"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]

"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]

"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]

"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]

"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]

.

c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]

Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]

myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]

Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]

WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]

Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]

Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]

XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer5"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages     REG_MULTI_SZ                scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]

R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]

R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]

R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]

R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]

R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]

S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]

S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]

S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]

S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]

S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]

S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]

S2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt       REG_MULTI_SZ                hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 18:33              1210320                ----a-w-                c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]

.

2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]

.

2014-01-10 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-14 15:03              261744  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-14 15:03              261744  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-14 15:03              261744  ----a-w-                c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47              133840  ----a-w-                c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              164016  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              164016  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              164016  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-10 23:54              164016  ----a-w-                c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2012-10-23 17:47              5928296                ----a-w-                c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2012-10-23 17:47              5928296                ----a-w-                c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]

"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]

"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]

"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201

IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4

IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3

IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1

IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0

IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\users\Neal\AppData\LocalLow\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\users\Neal\AppData\LocalLow\LastPass\context.html?cmd=fillforms

IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html

IE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105

IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Save to DataVault - file://c:\program files (x86)\DataVault/iemenuext.htm

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: Send To CaseMap - c:\windows\system32\lnToCM.htm

IE: Show avast! EasyPass Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.1.254 192.168.2.1

FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - www.nbcnews.com

FF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefox

FF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

AddRemove-asterisk key - e:\passware\un-ariskkey.exe

AddRemove-FastStone Image Viewer - e:\faststone image viewer\uninst.exe

AddRemove-Simpo PDF to Text_is1 - e:\simpo pdf to text\unins000.exe

AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe

AddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exe

AddRemove-{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1 - c:\program files (x86)\iMobie\PhoneClean\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]

"ImagePath"="system32\DRIVERS\vwifibus.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]

"ImagePath"="system32\DRIVERS\vwififlt.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]

"ImagePath"="system32\DRIVERS\vwifimp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]

"ServiceDll"="%systemroot%\system32\w32time.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]

"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]

"ImagePath"="system32\DRIVERS\wanarp.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]

"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WBA_Agent_Client]

"ImagePath"="c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]

"ImagePath"="\"%systemroot%\system32\wbengine.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]

"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]

"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]

"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]

"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]

"ImagePath"="system32\drivers\Wdf01000.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]

"ServiceDll"="%SystemRoot%\system32\wdi.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]

"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebUpdate4]

"ImagePath"="c:\windows\SysWOW64\WebUpdateSvc4.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]

"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WePrint]

"ImagePath"="c:\program files (x86)\WePrint\WePrint Server.exe -s"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]

"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]

"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]

"ImagePath"="system32\DRIVERS\wfplwf.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]

"ImagePath"="system32\drivers\wimmount.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]

"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinFLdrv]

"ImagePath"="SysWOW64\WinFLdrv.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]

"ServiceDll"="winhttp.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]

"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]

"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUSB]

"ImagePath"="system32\DRIVERS\WinUSB.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinVd32]

"ImagePath"="\??\c:\windows\WinVd32.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]

"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]

"ImagePath"="%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]

"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]

"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]

"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]

"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]

"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]

"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]

"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]

"ImagePath"="system32\DRIVERS\WSDPrint.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]

"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]

"ServiceDll"="%systemroot%\system32\wuaueng.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]

"ImagePath"="system32\drivers\WudfPf.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]

"ImagePath"="system32\DRIVERS\WUDFRd.sys"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]

"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]

"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{2071812E-67B2-4BFF-B953-19A28561A1BC}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{41C0BAC8-4EAD-4DC3-B7B4-2EC6CC23D861}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6D4E804F-CD0B-40EA-821F-671EB6C5CF17}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7A813562-D451-4DEC-8345-B4F7A5B6FE47}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{90EB6286-19F2-46F6-AA36-D226A2BE9FA8}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D2914755-4D74-4C4F-B1D6-57B451B4E90E}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{DBD55E58-7551-4964-8209-81541F359ED2}]

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{EF442AFD-A2E9-47E4-A2A1-B97AB316F615}]

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3564563494-913306411-1808835572-1000\Software\Brother\ControlCenter\3.0\MFC-8870DW LAN\Tabs\0000\Button3\HardB*n\BtnAction]

"FoldeáPopup"=dword:00004301

"DestFolder"="c:\\Users\\Nea?\\Pi?tures\\ControlCe?ter?\\Scan"

"PrefixFileName"="CCF"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-01-10  14:10:09

ComboFix-quarantined-files.txt  2014-01-10 19:10

ComboFix2.txt  2014-01-10 00:00

.

Pre-Run: 33,614,520,320 bytes free

Post-Run: 34,527,744,000 bytes free

.

- - End Of File - - 38B5DF326D12DFA0F6E1C82EB3CD88A8

A36C5E4F47E84449FF07ED3517B43A31

Link to post
Share on other sites

  • Staff

Hello kinetix12

Those do not sound like they would be caused by malwarer

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo

When you are complete please send me both reports

Gringo

Link to post
Share on other sites

Gringo --

 

I ran mbar, which reported that no malware found -- report follows --  I did not re-run the program as it appeared there was no need.

 

Rogue killer would not run, at all, even as an administrator.  I received the following message:

 

                            "Program can't start because webio.dll is missing from your computer.  Try reinstalling the program to fix the problem."

 

I happen to know that file is present.  I obtained a clean copy of the file from an old backup (6+  months ago) and copied it into the c:\windows\syswow64 directory where the original is located.  SFC/Scannow is the preferred approach to reinstall that file.  It would not work.--- sfc/scannow  stopped after 61% with an error message telling me I had corrupted files and it could not complete the process.  I rebooted in safe mode and copied the dll file in, rebooted but still get the error message.  I thought the issue might be the need to re-register the dll file in the registry using regsvr but I could not get a clear idea of how to re-register the file.  I did try one approach and it failed.

 

Here is the mbar log file --

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16750

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, M:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4284526592, free: 2388701184

 

Downloaded database version: v2014.01.10.10

Downloaded database version: v2013.12.18.01

=======================================

Initializing...

------------ Kernel report ------------

     01/10/2014 19:48:08

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\DRIVERS\vsflt67.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\intelide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\vididr.sys

\SystemRoot\system32\DRIVERS\timntr.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\tdrpman.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\system32\DRIVERS\snapman.sys

\SystemRoot\System32\Drivers\SmartDefragDriver.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\system32\DRIVERS\fltsrv.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\aswVmm.sys

\SystemRoot\System32\Drivers\aswRvrt.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\usbuhci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\bcmwl664.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\sdbus.sys

\SystemRoot\system32\DRIVERS\rimmpx64.sys

\SystemRoot\system32\DRIVERS\rimspx64.sys

\SystemRoot\system32\DRIVERS\rixdpx64.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\drivers\stwrt64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\HdAudio.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_msahci.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\Drivers\tcusb.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\OEM02Dev.sys

\SystemRoot\system32\DRIVERS\OEM02Vfx.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\btusbflt.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\btwavdt.sys

\SystemRoot\system32\drivers\btwaudio.sys

\SystemRoot\system32\DRIVERS\btwrchid.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\hidusb.sys

\SystemRoot\system32\drivers\kbdhid.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\tifsfilt.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\system32\DRIVERS\afcdp.sys

\??\C:\Windows\WinVd32.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\system32\DRIVERS\udfs.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\normaliz.dll

\Windows\System32\comdlg32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\advapi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\nsi.dll

\Windows\System32\shell32.dll

\Windows\System32\lpk.dll

\Windows\System32\ws2_32.dll

\Windows\System32\kernel32.dll

\Windows\System32\msctf.dll

\Windows\System32\usp10.dll

\Windows\System32\iertutil.dll

\Windows\System32\imagehlp.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\imm32.dll

\Windows\System32\user32.dll

\Windows\System32\difxapi.dll

\Windows\System32\gdi32.dll

\Windows\System32\setupapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\sechost.dll

\Windows\System32\ole32.dll

\Windows\System32\urlmon.dll

\Windows\System32\shlwapi.dll

\Windows\System32\msvcrt.dll

\Windows\System32\wininet.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\wintrust.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\comctl32.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80044de060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\

Lower Device Object: 0xfffffa8004106060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80044de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80044deab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80044de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80044dde10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\

DevicePointer: 0xfffffa8004106060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E9B9DF99

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 266229117

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Extended with CSH (0x5)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 266229180  Numsec = 358908165

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1008

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16750

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, M:\ DRIVE_FIXED

CPU speed: 1.995000 GHz

Memory total: 4284526592, free: 2119540736

Link to post
Share on other sites

Gringo -- I have found the following information on the webio.dll issue-- http://www.howtofixdll.com/solutions/webio-dll-missing/

 

Someone is trying to sell a program, but they say  there is a realtionship between the webio.dll and malware -- Backdoor:Win32/Delf.OY infection is mainly targeted at webio dll --  Backdoor:Win32/Delf.OY can also automatically download malware RegSpy from http://www.symantec.com/connect/blogs/regspy-registry-capturing-tool to make a stronger control of your system. 

 

Does this make sense/help?

 

Kinetix12

Link to post
Share on other sites

  • Staff

Hello kinetix12

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

Gringo --

 

The program (64 bit) loads but does not appear to run.  It has been running for more than 2 hours and shows no indication of any progression on a scan.  It has an error message that "flashes" that the program is getting "Office Session Errors: 1911"

 

Within the past two days, I developed an issue with a program "Gsyncit" by Fieldstone Software designed to sync my iphone and MS Outlook 2007 (32 bit) though Gmail.  Fieldstone suggests I need to reinstall .net framework 4.+  There may be issues with net framework.

 

Should  I terminate and try to restart Farbar recovery as it does not seem to be working?  Should I try removing .net framework and reinstalling?

 

Thanks,

 

Kinetix12

 

.

Link to post
Share on other sites

Gringo -- 

I terminated the program and attempted to re-run it twice, once in safe mode.   In each instance, the program ran and then halted when it "hit"  the Office Systems error.  Two logs or partial logs were produced.  Set out below is the first -- the addition.txt file is attached (or will be once I figure out how to attach it).

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014
Ran by Neal (administrator) on NEAL-PC on 12-01-2014 11:03:14
Running from M:\Download
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\stacsv64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
() C:\Windows\SysWOW64\TSSchBkpService.exe
() C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Sage Software, Inc.) C:\Program Files (x86)\Timeslips\TSTimer.exe
(Microsoft Corporation) C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(MSGTAG) C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
(Dropbox, Inc.) C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(jProductivity, LLC) C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1211688 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)
HKLM-x32\...\Run: [TheLaptopLock] - C:\Program Files (x86)\The LaptopLock\LaptopLock.exe [397312 2007-02-01] (LaptopLock)
HKLM-x32\...\Run: [syncios device service] - C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Nuance OmniPage 17-reminder] - "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe [37656 2008-11-14] (Mindjet)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2009-08-27] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [brMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] - C:\Program Files (x86)\1Password\Agile1pAgent.exe [2247952 2013-12-18] (AgileBits)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)
HKCU\...\Run: [TSTimer] - C:\Program Files (x86)\Timeslips\TSTimer.exe [2515240 2010-09-07] (Sage Software, Inc.)
HKCU\...\Run: [skyDrive] - C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [MSGTAG] - C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe [1820160 2007-07-10] (MSGTAG)
HKCU\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKCU\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [gSyncit] - C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [167424 2014-01-01] (Fieldston Software)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKCU\...\Run: [NextLive] - C:\Users\Neal\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-13] (NewNextDotMe)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myPhoneDesktop.lnk
ShortcutTarget: myPhoneDesktop.lnk -> C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe (jProductivity, LLC)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnk
ShortcutTarget: WePrint Server.lnk -> C:\Program Files (x86)\WePrint\WePrint Server.exe (EuroSmartz Ltd)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=902615&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x780ADA30E68FCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {DAFBE03E-D490-4C49-B48F-B078CABC3A49} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
BHO-x32: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://flclerks.webex.com/client/WBXclient-T28L10NSP9-15980/webex/ieatgpc1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll ()
Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ascendo-inc/DataVault;version=1 - C:\Program Files (x86)\DataVault\npapi.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{FF201111-31F0-43FD-98C7-0E142411C415}] - C:\Program Files (x86)\Bring to OneNote for Office 2007\FF
FF Extension: Bring to OneNote - C:\Program Files (x86)\Bring to OneNote for Office 2007\FF [2012-01-02]
FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefox
FF Extension: DataVault Toolbar - C:\Program Files (x86)\DataVault\firefox [2014-01-01]
 
Chrome: 
=======
CHR Extension: (Downloads) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhnfghnbhfjhoiiaoibdhfnfpicfknh\0.9_0 [2013-11-28]
CHR Extension: (Bring to OneNote) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjdjahfjhafehbeoffchdnbllicbdkk\3.0.0.10_0 [2013-11-28]
CHR Extension: (Adblock Plus) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2013-12-19]
CHR Extension: (      "name": "myPhoneDesktop - Chrome Client") - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpiggoccjgdoecccbcmenmbcnoldalf\1.0.4_0 [2013-11-28]
CHR Extension: (i-Pusher) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipicaolkdicbbgajbddliflfbmjkgef\0.34_0 [2013-11-28]
CHR Extension: (PageZipper) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbbmnbomimdgmecfpbilhoafgmmeagef\1.3_0 [2013-11-28]
CHR Extension: (      "name": "Print this page with CleanPrint") - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.8.1_0 [2014-01-03]
CHR Extension: (Image In TabBar) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjbmcdccggidhgcigdfoblhnbdbickb\1.3_0 [2013-11-28]
CHR Extension: (Forget Me - Clean History, Cookies & more) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekpdemielcmiiiackmeoppdgaggjgda\1.1.0_0 [2013-11-28]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.3.2_0 [2013-11-28]
CHR Extension: (AdBlock) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-11-30]
CHR Extension: (History Eraser) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.7_0 [2013-12-18]
CHR Extension: (1Password) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk\3.9.20.99_0 [2014-01-04]
CHR Extension: (LastPass) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0 [2013-12-24]
CHR Extension: (Minimal) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0 [2013-11-28]
CHR Extension: (DataVault Extension) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.8.1_0 [2014-01-02]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0 [2013-11-28]
CHR Extension: (iPhone AppStore) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfjaojloelkjlgafconlihjodkpfjjb\1.1_0 [2013-11-28]
CHR Extension: (Cookies) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno\1.8_0 [2014-01-05]
CHR Extension: (Cookie Manager) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0 [2013-11-28]
CHR Extension: (Google Maps) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0 [2013-11-28]
CHR Extension: (WeatherBug) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mekeaeklopjambfhgndcddmpfbinkdpb\1.4_0 [2013-11-28]
CHR Extension: (iPhone Blog Browser) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfoejenmpapgdkibeogmbdniemjjnnbo\1.1_0 [2013-11-28]
CHR Extension: (Print) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj\1.1_0 [2013-11-28]
CHR Extension: (Google Wallet) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]
CHR Extension: (Any.do) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld\0.1.1.1_0 [2013-11-28]
CHR Extension: (Click&Clean App) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0 [2013-12-04]
CHR Extension: (Weather Underground) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0 [2013-11-28]
CHR Extension: (Quickrr Calculator) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjilkjgbkoabhnonkepkmibepodpdbhk\1.1_0 [2013-11-28]
CHR HKLM-x32\...\Chrome\Extension: [bnjdjahfjhafehbeoffchdnbllicbdkk] - C:\Program Files (x86)\Bring to OneNote for Office 2007\bringtoonenote.crx [2012-01-02]
CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09]
 
==================== Services (Whitelisted) =================
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2014-01-02] (Emsisoft GmbH)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)
R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-12-18] (AgileBits)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software)
R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [229376 2012-08-23] (Visioneer Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)
R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)
R2 TSScheduleBackup; C:\Windows\SysWOW64\TSSchBkpService.exe [705024 2010-06-04] ()
R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)
R2 WePrint; C:\Program Files (x86)\WePrint\WePrint Server.exe [3527816 2013-12-27] (EuroSmartz Ltd)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2705920 2007-12-08] (Dell Inc.)
 
==================== Drivers (Whitelisted) ====================
 
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-10-20] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-10-20] (Emsisoft GmbH)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-01-02] (Emsisoft GmbH)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2009-02-25] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [9728 2009-02-25] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2009-02-25] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [3072 2009-02-25] ()
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-11] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2010-10-18] (Windows ® Win 7 DDK provider)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()
R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.)
R2 WinVd32; C:\Windows\WinVd32.sys [197728 2011-05-23] ()
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
S2 WinFLdrv; SysWOW64\WinFLdrv.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-12 11:01 - 2014-01-12 11:01 - 00000000 ____D C:\FRST
2014-01-12 01:18 - 2014-01-12 01:18 - 00276984 _____ C:\Windows\Minidump\011214-28672-01.dmp
2014-01-12 00:42 - 2014-01-12 00:42 - 00276992 _____ C:\Windows\Minidump\011214-34819-01.dmp
2014-01-12 00:41 - 2014-01-12 00:41 - 00003344 ____N C:\bootsqm.dat
2014-01-12 00:38 - 2014-01-12 00:38 - 00000000 __SHD C:\found.004
2014-01-11 14:33 - 2014-01-12 07:25 - 00000000 ____D C:\Users\Neal\AppData\Roaming\newnext.me
2014-01-11 14:33 - 2014-01-11 15:18 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-11 14:33 - 2014-01-11 15:18 - 00000000 ____D C:\Users\Neal\AppData\Local\Mobogenie
2014-01-11 14:33 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Neal\AppData\Local\genienext
2014-01-11 14:33 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Neal\AppData\Local\cache
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\Documents\Mobogenie
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\.android
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 _____ C:\Users\Neal\daemonprocess.txt
2014-01-10 19:48 - 2014-01-10 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 19:48 - 2014-01-10 19:48 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-10 19:47 - 2014-01-10 20:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-10 19:47 - 2014-01-10 20:29 - 00000000 ____D C:\Users\Neal\Desktop\mbar
2014-01-10 14:10 - 2014-01-10 14:10 - 00040289 _____ C:\ComboFix.txt
2014-01-09 18:33 - 2014-01-09 18:33 - 00001925 _____ C:\Users\Neal\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-06 20:00 - 2014-01-06 20:00 - 00000846 _____ C:\Users\Neal\Desktop\JRT.txt
2014-01-06 19:40 - 2014-01-06 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 19:33 - 2014-01-06 19:32 - 01036305 _____ (Thisisu) C:\Users\Neal\Desktop\JRT.exe
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D C:\found.002
2014-01-06 15:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-06 15:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-06 15:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-06 15:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-06 15:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-06 15:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-06 15:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-06 15:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-06 11:45 - 2014-01-06 11:45 - 00002028 _____ C:\Users\Neal\Desktop\Customize Fences.lnk
2014-01-06 11:00 - 2014-01-12 01:18 - 488598498 _____ C:\Windows\MEMORY.DMP
2014-01-06 11:00 - 2014-01-06 11:00 - 00276928 _____ C:\Windows\Minidump\010614-27830-01.dmp
2014-01-06 10:57 - 2014-01-11 15:23 - 00017752 _____ C:\Windows\PFRO.log
2014-01-06 10:49 - 2014-01-06 19:34 - 00000000 ____D C:\AdwCleaner
2014-01-06 10:36 - 2014-01-06 10:36 - 00929928 _____ (CNET Download.com) C:\Users\Neal\Desktop\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe
2014-01-06 09:42 - 2014-01-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-05 20:01 - 2011-11-17 00:35 - 00314880 _____ (Microsoft Corporation) C:\webio.dll
2014-01-05 15:55 - 2014-01-05 15:56 - 00276992 _____ C:\Windows\Minidump\010514-20560-01.dmp
2014-01-05 12:59 - 2014-01-05 12:59 - 00006524 _____ C:\Users\Neal\Desktop\Windows Compatibility Report.htm
2014-01-04 21:33 - 2014-01-12 01:18 - 00002011 _____ C:\Windows\setupact.log
2014-01-04 21:33 - 2014-01-05 12:54 - 00000000 _____ C:\Windows\setuperr.log
2014-01-04 11:26 - 2014-01-04 20:24 - 00000000 ____D C:\Program Files (x86)\1Password
2014-01-04 11:26 - 2014-01-04 14:41 - 00000000 ____D C:\Users\Neal\Documents\1Password
2014-01-04 11:26 - 2014-01-04 11:26 - 00001021 _____ C:\Users\Neal\Desktop\1Password.lnk
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Agile Web Solutions
2014-01-04 11:26 - 2013-08-15 15:50 - 01769984 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCert.dll
2014-01-04 11:26 - 2013-08-15 15:49 - 02403328 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatSocket.dll
2014-01-04 11:26 - 2013-01-10 10:23 - 01580784 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCrypt2.dll
2014-01-04 11:26 - 2012-08-06 17:39 - 02416640 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatZip2.dll
2014-01-04 02:09 - 2014-01-04 21:33 - 00000000 ____D C:\Program Files\Protector Suite
2014-01-04 02:09 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Common Files\SPBA
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Program Files (x86)\Dashlane
2014-01-03 20:47 - 2014-01-03 20:47 - 00000000 ____D C:\Users\Neal\AppData\Local\Packages
2014-01-03 16:42 - 2014-01-03 16:42 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Tools
2014-01-03 16:29 - 2014-01-05 17:32 - 00005459 _____ C:\Windows\WindowsUpdate.log
2014-01-03 09:05 - 2014-01-03 09:06 - 00024512 _____ C:\Users\Neal\Desktop\attach.txt
2014-01-03 09:05 - 2014-01-03 09:04 - 00034638 _____ C:\Users\Neal\Desktop\dds.txt
2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 ____R (Swearware) C:\Users\Neal\Desktop\dds.com
2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 _____ (Swearware) C:\Users\Neal\Desktop\dds.scr
2014-01-03 08:26 - 2014-01-03 08:26 - 00000000 ____D C:\Program Files\HijackThis
2014-01-03 06:52 - 2014-01-03 06:52 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 20:10 - 2014-01-05 17:50 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2014-01-02 14:12 - 2014-01-02 14:12 - 00002626 _____ C:\Windows\CompatibilityIssues.txt
2014-01-02 09:07 - 2014-01-05 13:01 - 00001908 _____ C:\Windows\diagwrn.xml
2014-01-02 09:07 - 2014-01-05 13:01 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-01 20:40 - 2014-01-05 05:16 - 00204896 ____N C:\Users\Neal\Documents\DataVault.dat
2014-01-01 20:40 - 2014-01-01 20:40 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Ascendo
2014-01-01 20:34 - 2014-01-05 05:16 - 00000000 ____D C:\Users\Neal\Documents\Automatic backups
2014-01-01 20:33 - 2014-01-01 20:33 - 00001021 _____ C:\Users\Public\Desktop\Ascendo DataVault.lnk
2014-01-01 20:33 - 2014-01-01 20:33 - 00000000 ____D C:\Program Files (x86)\DataVault
2014-01-01 19:38 - 2014-01-01 20:31 - 00000000 ____D C:\Users\Neal\AppData\Local\PasswordSafe
2014-01-01 19:38 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\Documents\My Safes
2013-12-29 03:41 - 2013-12-29 03:41 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-29 03:41 - 2013-12-29 03:41 - 00003162 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-29 03:41 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe
2013-12-29 03:40 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys
2013-12-27 12:48 - 2013-12-27 12:48 - 00000000 ____D C:\MATS
2013-12-13 15:10 - 2013-12-13 15:24 - 00000000 ____D C:\Users\Neal\Desktop\Def Experts
2013-12-13 08:36 - 2014-01-01 16:41 - 00000000 ____D C:\Users\Neal\Desktop\Test
 
==================== One Month Modified Files and Folders =======
 
2014-01-12 11:01 - 2014-01-12 11:01 - 00000000 ____D C:\FRST
2014-01-12 11:00 - 2013-05-18 08:21 - 00000000 ____D C:\ProgramData\WePrint
2014-01-12 10:59 - 2012-10-24 10:41 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-01-12 10:58 - 2010-09-21 20:13 - 00000000 ____D C:\Users\Neal\AppData\Roaming\.purple
2014-01-12 10:46 - 2010-09-24 18:25 - 00000000 ____D C:\Users\Neal\AppData\Roaming\MSGTAG
2014-01-12 10:38 - 2010-09-24 23:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-12 10:35 - 2013-10-17 07:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-12 09:26 - 2010-09-24 01:30 - 00000000 ____D C:\Users\Neal\AppData\Roaming\gSyncit
2014-01-12 07:25 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Roaming\newnext.me
2014-01-12 06:38 - 2012-07-16 23:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job
2014-01-12 04:03 - 2011-03-31 13:18 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Dropbox
2014-01-12 01:32 - 2012-06-29 07:51 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Credenza
2014-01-12 01:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-12 01:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-12 01:26 - 2012-11-11 17:51 - 00000000 ____D C:\Users\Neal\Documents\WePrint
2014-01-12 01:25 - 2010-09-23 20:46 - 00000462 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job
2014-01-12 01:25 - 2010-09-22 06:45 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Nitro PDF
2014-01-12 01:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-12 01:18 - 2014-01-12 01:18 - 00276984 _____ C:\Windows\Minidump\011214-28672-01.dmp
2014-01-12 01:18 - 2014-01-06 11:00 - 488598498 _____ C:\Windows\MEMORY.DMP
2014-01-12 01:18 - 2014-01-04 21:33 - 00002011 _____ C:\Windows\setupact.log
2014-01-12 01:18 - 2010-09-22 07:22 - 00000000 ____D C:\Windows\Minidump
2014-01-12 00:42 - 2014-01-12 00:42 - 00276992 _____ C:\Windows\Minidump\011214-34819-01.dmp
2014-01-12 00:41 - 2014-01-12 00:41 - 00003344 ____N C:\bootsqm.dat
2014-01-12 00:38 - 2014-01-12 00:38 - 00000000 __SHD C:\found.004
2014-01-11 17:10 - 2012-09-18 06:38 - 00000000 ____D C:\Users\Neal\AppData\Local\CrashDumps
2014-01-11 15:23 - 2014-01-06 10:57 - 00017752 _____ C:\Windows\PFRO.log
2014-01-11 15:18 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
2014-01-11 15:18 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\Mobogenie
2014-01-11 15:17 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\genienext
2014-01-11 15:17 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\cache
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\Documents\Mobogenie
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\.android
2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 _____ C:\Users\Neal\daemonprocess.txt
2014-01-11 14:33 - 2010-09-21 19:20 - 00000000 ____D C:\Users\Neal
2014-01-11 08:34 - 2010-09-23 13:30 - 00000900 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2014-01-10 20:32 - 2014-01-10 19:47 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-10 20:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2014-01-10 20:29 - 2014-01-10 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-10 20:29 - 2014-01-10 19:47 - 00000000 ____D C:\Users\Neal\Desktop\mbar
2014-01-10 19:48 - 2014-01-10 19:48 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-01-10 14:13 - 2010-09-21 20:31 - 00000000 ____D C:\Users\Neal\AppData\Local\X1 Desktop Search
2014-01-10 14:13 - 2009-05-22 09:57 - 00041861 _____ C:\emailscan.log
2014-01-10 14:10 - 2014-01-10 14:10 - 00040289 _____ C:\ComboFix.txt
2014-01-10 14:10 - 2010-01-17 12:10 - 00000000 ____D C:\Qoobox
2014-01-10 14:06 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2014-01-09 21:26 - 2011-04-25 21:29 - 00000000 ____D C:\Users\Neal\AppData\Local\Apps\2.0
2014-01-09 19:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2014-01-09 18:33 - 2014-01-09 18:33 - 00001925 _____ C:\Users\Neal\Desktop\ComboFix.exe - Shortcut.lnk
2014-01-06 20:05 - 2013-09-02 20:09 - 00000193 _____ C:\Windows\WORDPAD.INI
2014-01-06 20:00 - 2014-01-06 20:00 - 00000846 _____ C:\Users\Neal\Desktop\JRT.txt
2014-01-06 19:40 - 2014-01-06 19:40 - 00000000 ____D C:\Windows\ERUNT
2014-01-06 19:34 - 2014-01-06 10:49 - 00000000 ____D C:\AdwCleaner
2014-01-06 19:32 - 2014-01-06 19:33 - 01036305 _____ (Thisisu) C:\Users\Neal\Desktop\JRT.exe
2014-01-06 16:57 - 2009-07-14 00:13 - 00006410 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D C:\found.002
2014-01-06 15:33 - 2010-09-22 15:21 - 00000000 ____D C:\Windows\ERDNT
2014-01-06 11:45 - 2014-01-06 11:45 - 00002028 _____ C:\Users\Neal\Desktop\Customize Fences.lnk
2014-01-06 11:45 - 2010-09-21 20:50 - 00000000 ____D C:\Program Files (x86)\Stardock
2014-01-06 11:45 - 2010-09-21 19:20 - 00000000 ___RD C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-06 11:00 - 2014-01-06 11:00 - 00276928 _____ C:\Windows\Minidump\010614-27830-01.dmp
2014-01-06 10:36 - 2014-01-06 10:36 - 00929928 _____ (CNET Download.com) C:\Users\Neal\Desktop\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe
2014-01-06 09:43 - 2012-05-31 06:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-06 09:42 - 2014-01-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-05 18:12 - 2012-12-15 14:35 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2014-01-05 18:12 - 2010-09-21 20:11 - 00000000 ____D C:\Program Files (x86)\Pidgin
2014-01-05 18:11 - 2010-09-21 20:39 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2014-01-05 18:01 - 2013-09-14 15:00 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Syncios
2014-01-05 17:58 - 2013-09-18 23:34 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Audacity
2014-01-05 17:50 - 2014-01-02 20:10 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 2013
2014-01-05 17:48 - 2011-04-25 21:29 - 00000000 ____D C:\Users\Neal\AppData\Local\Deployment
2014-01-05 17:40 - 2009-07-14 00:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-05 17:38 - 2011-07-14 02:42 - 00000000 ____D C:\Windows\pss
2014-01-05 17:32 - 2014-01-03 16:29 - 00005459 _____ C:\Windows\WindowsUpdate.log
2014-01-05 15:56 - 2014-01-05 15:55 - 00276992 _____ C:\Windows\Minidump\010514-20560-01.dmp
2014-01-05 13:01 - 2014-01-02 09:07 - 00001908 _____ C:\Windows\diagwrn.xml
2014-01-05 13:01 - 2014-01-02 09:07 - 00001908 _____ C:\Windows\diagerr.xml
2014-01-05 12:59 - 2014-01-05 12:59 - 00006524 _____ C:\Users\Neal\Desktop\Windows Compatibility Report.htm
2014-01-05 12:54 - 2014-01-04 21:33 - 00000000 _____ C:\Windows\setuperr.log
2014-01-05 11:55 - 2010-09-24 00:32 - 00000000 ___HD C:\Users\Neal\Desktop\_gsdata_
2014-01-05 11:54 - 2010-09-22 07:41 - 00000000 ____D C:\Users\Neal\AppData\Roaming\GoodSync
2014-01-05 05:16 - 2014-01-01 20:40 - 00204896 ____N C:\Users\Neal\Documents\DataVault.dat
2014-01-05 05:16 - 2014-01-01 20:34 - 00000000 ____D C:\Users\Neal\Documents\Automatic backups
2014-01-04 21:33 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Protector Suite
2014-01-04 20:24 - 2014-01-04 11:26 - 00000000 ____D C:\Program Files (x86)\1Password
2014-01-04 14:41 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\Documents\1Password
2014-01-04 11:26 - 2014-01-04 11:26 - 00001021 _____ C:\Users\Neal\Desktop\1Password.lnk
2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Agile Web Solutions
2014-01-04 10:52 - 2010-10-02 10:30 - 00000000 ____D C:\Users\Neal\AppData\Local\Downloaded Installations
2014-01-04 02:09 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Common Files\SPBA
2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Program Files (x86)\Dashlane
2014-01-03 20:47 - 2014-01-03 20:47 - 00000000 ____D C:\Users\Neal\AppData\Local\Packages
2014-01-03 16:42 - 2014-01-03 16:42 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Tools
2014-01-03 09:06 - 2014-01-03 09:05 - 00024512 _____ C:\Users\Neal\Desktop\attach.txt
2014-01-03 09:04 - 2014-01-03 09:05 - 00034638 _____ C:\Users\Neal\Desktop\dds.txt
2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 ____R (Swearware) C:\Users\Neal\Desktop\dds.com
2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 _____ (Swearware) C:\Users\Neal\Desktop\dds.scr
2014-01-03 08:54 - 2010-12-26 00:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-03 08:26 - 2014-01-03 08:26 - 00000000 ____D C:\Program Files\HijackThis
2014-01-03 07:08 - 2012-11-11 17:51 - 00000000 ____D C:\Program Files (x86)\WePrint
2014-01-03 06:52 - 2014-01-03 06:52 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-02 21:13 - 2012-11-13 10:24 - 00000089 _____ C:\Windows\SysWOW64\BRAgent.dat
2014-01-02 14:12 - 2014-01-02 14:12 - 00002626 _____ C:\Windows\CompatibilityIssues.txt
2014-01-02 09:23 - 2012-11-13 13:49 - 00000000 ____D C:\ProgramData\Kofax
2014-01-01 20:40 - 2014-01-01 20:40 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Ascendo
2014-01-01 20:33 - 2014-01-01 20:33 - 00001021 _____ C:\Users\Public\Desktop\Ascendo DataVault.lnk
2014-01-01 20:33 - 2014-01-01 20:33 - 00000000 ____D C:\Program Files (x86)\DataVault
2014-01-01 20:31 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\AppData\Local\PasswordSafe
2014-01-01 19:38 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\Documents\My Safes
2014-01-01 16:41 - 2013-12-13 08:36 - 00000000 ____D C:\Users\Neal\Desktop\Test
2013-12-30 15:26 - 2010-09-22 13:08 - 00000000 ____D C:\Windows\Downloaded Installations
2013-12-30 14:15 - 2010-09-22 16:17 - 00000000 ____D C:\Users\Neal\AppData\Roaming\.oit
2013-12-29 20:42 - 2010-09-21 21:44 - 00000000 ____D C:\Users\Neal\Documents\SplashData
2013-12-29 19:55 - 2010-10-25 19:00 - 00040390 _____ C:\Windows\SysWOW64\WebUpdateSvc4.log
2013-12-29 19:55 - 2010-10-25 19:00 - 00000031 _____ C:\Windows\WebUpdateSvc4.INI
2013-12-29 11:40 - 2010-09-22 07:07 - 00000000 ____D C:\ProgramData\InstallShield
2013-12-29 11:39 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew
2013-12-29 03:41 - 2013-12-29 03:41 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup
2013-12-29 03:41 - 2013-12-29 03:41 - 00003162 _____ C:\Windows\System32\Tasks\SmartDefragUpdate
2013-12-27 22:29 - 2010-09-22 20:21 - 00000813 _____ C:\Windows\Q-Dir.ini
2013-12-27 22:29 - 2010-09-22 20:21 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Q-Dir
2013-12-27 20:58 - 2013-01-30 15:31 - 00000000 ____D C:\Program Files (x86)\iMobie
2013-12-27 20:56 - 2010-09-22 12:41 - 00000000 ____D C:\Program Files (x86)\Chrometa 2.0
2013-12-27 12:48 - 2013-12-27 12:48 - 00000000 ____D C:\MATS
2013-12-26 20:19 - 2010-09-22 06:37 - 00000000 ____D C:\ProgramData\FLEXnet
2013-12-25 20:19 - 2010-09-24 01:02 - 00000000 ____D C:\Users\Neal\Documents\Family Tree Maker
2013-12-22 22:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-22 17:46 - 2011-12-25 22:15 - 00000000 ____D C:\Program Files (x86)\iExplorer
2013-12-22 17:44 - 2012-12-15 14:35 - 00000000 ____D C:\Users\Neal\AppData\Roaming\iFunbox_UserCache
2013-12-20 21:40 - 2013-09-14 21:51 - 00000000 ____D C:\Users\Neal\Documents\iClover
2013-12-19 01:06 - 2011-12-26 13:03 - 00000000 ____D C:\ProgramData\IObit
2013-12-18 16:31 - 2011-12-25 12:46 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-15 08:28 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\system32\MRT
2013-12-13 18:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-12-13 15:24 - 2013-12-13 15:10 - 00000000 ____D C:\Users\Neal\Desktop\Def Experts
 
Files to move or delete:
====================
C:\ProgramData\SDPlatformMgr.dll
C:\ProgramData\SplashID%20Safe.exe
 
 
Some content of TEMP:
====================
C:\Users\Neal\AppData\Local\Temp\IntResource.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
Link to post
Share on other sites

Gringo -- Here is the second scan -- my screen does not show any means for file attachment -- 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2014
Ran by Neal at 2014-01-12 11:06:36
Running from M:\Download
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
1Password 1.0.9.340 (x32 Version: 1.0 - AgileBits)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
8000A809 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_eDocs (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
ABC Amber LIT Converter (x32 Version:  - )
ABC Amber Outlook Converter (x32 Version:  - )
ABC Amber PDF Converter (x32 Version:  - )
Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden
Adobe Acrobat 8 Professional (x32 Version: 8.3.1 - Adobe Systems) Hidden
Adobe Acrobat 8.3.1 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1 - Adobe Systems)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Advanced File Organizer 3.01 (x32 Version: 3.01 - SoftPrime Development)
Amazon Kindle (x32 Version:  - Amazon)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ARTS PDF Aerialist Professional 1.2 (x32 Version: 1.2 - ARTS PDF)
Ascendo DataVault 4.9.12 (x32 Version: 4.9.12 - Ascendo)
Ashampoo Burning Studio 2012 v10.0.15 (x32 Version: 10.0.15 - Ashampoo GmbH & Co. KG)
Asterisk Key 10.0 (x32 Version:  - )
Attribute Changer 6.20 (x32 Version: 6.20 - Romain Petges)
AutoSplit Pro Plug-In, v. 2.2 (x32 Version:  - EverMap Company, LLC.)
avast! EasyPass (x32 Version: 7-7-8-128 - AVAST Software)
avast! Free Antivirus (x32 Version: 8.0.1497.0 - AVAST Software)
Belarc Advisor 7.2 (x32 Version:  - )
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (Version: 2.0.2.0 - Apple Inc.)
BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BRAdmin Professional 3 (x32 Version: 3.47.0005 - Brother)
Bring To OneNote for Office 2007 v3.0.0.10 (x32 Version: 3.0.0.10 - James.Linton)
Broadcom Gigabit Integrated Controller (Version: 10.52.12 - Broadcom Corporation)
Brother BRAgent 1.33.0000 (x32 Version: 1.33.0000 - Brother)
Brother MFL-Pro Suite MFC-8870DW (x32 Version: 1.0.0.0 - Brother Industries, Ltd.)
BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Bytescout BarCode Generator 2.00.241 (FREEWARE) (x32 Version:  - Bytescout Software)
calibre (x32 Version: 0.8.68 - Kovid Goyal)
CCleaner (Version: 4.00 - Piriform)
CDBurnerXP (x32 Version: 4.2.5.1490 - CDBurnerXP)
Cisco Connect (x32 Version: 1.3.11006.1 - Cisco Consumer Products LLC)
Cisco EAP-FAST Module (x32 Version: 2.0.26 - Cisco Systems, Inc.)
Cisco LEAP Module (x32 Version: 1.0.11 - Cisco Systems, Inc.)
Cisco PEAP Module (x32 Version: 1.0.12 - Cisco Systems, Inc.)
Cisco WebEx Meetings (x32 Version:  - Cisco WebEx LLC)
CoolUtils Mail Viewer (x32 Version: 2.5 - Softplicity, Inc.)
Core Temp 1.0 RC3 (Version: 1.0 - Alcpu)
CoreLib (x32 Version: 1.00.0001 - Nuance Communications, Inc.)
Credenza (x32 Version: 3.0.0.55 - Credenza Software Inc.)
CrystalDiskInfo 3.1.1 (x32 Version: 3.1.1 - Crystal Dew World)
Dell Driver Download Manager (HKCU Version: 2.1.0.0 - Dell Inc.)
Dell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU Version: 3.3.2.1 - Dell)
Dell Touchpad (Version: 10.1.2.0 - Synaptics)
Dell Touchpad (Version: 7.102.101.223 - ALPS ELECTRIC CO., LTD.)
Dell Wireless WLAN Card (Version: 4.170.25.12 - Dell Inc.)
Device Remover (Version: 0.9 - Kerem Gümrükcü)
DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
DiskPie 2.1 (x32 Version: 2.1 - Ziff Davis Media, Inc.)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
DVDFab 8.0.5.6 (05/12/2010) (x32 Version:  - Fengtao Software Inc.)
DYMO Label v.8 (x32 Version: 8.3.0.1242 - Sanford, L.P.)
DYMO Stamps (x32 Version: 3.3 - Endicia Internet Postage)
EASEUS Partition Master 3.5 Unlimited Edition (x32 Version:  - EASEUS)
Emsisoft Anti-Malware (x32 Version: 6.0 - Emsi Software GmbH)
Eraser 6.0.8.2273 (Version: 6.0.2273 - The Eraser Project)
ERUNT 1.1j (x32 Version:  - Lars Hederer)
Ever2One Converter (x32 Version: 1.0.1 - BusinessWare Technologies Inc)
Evernote v. 5.0.3 (x32 Version: 5.0.3.1614 - Evernote Corp.)
ExportOutlookNotestoOneNoteAddinSetup (x32 Version: 1.0.0 - Default Company Name)
eXpress TimeStamp Toucher (HKCU Version:  - )
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com)
Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) Hidden
Fast Duplicate File Finder 1.1.0.0 (x32 Version: 1.1.0.0 - MindGems, Inc.)
FastStone Image Viewer 4.6 (x32 Version: 4.6 - FastStone Soft)
Fences 2 (x32 Version: 2.01 - Stardock Corporation)
File Renamer (x32 Version:  - )
File Shredder 2.0 (x32 Version:  - WipeSoft)
FoxTab PDF Creator (HKCU Version:  - ) <==== ATTENTION
GnuCash 2.4.8 (x32 Version:  - GnuCash Development Team)
GoodSync (Version: 8.3.5.5 - Siber Systems)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
GPL Ghostscript 9.00 (x32 Version:  - )
GSview 4.9 (x32 Version:  - )
gSyncit (x32 Version: 2.2.44 - David Levinson)
gSyncit (x32 Version: 2.3.52 - Fieldston Software)
gSyncit (x32 Version: 3.8.68 - Fieldston Software)
Guifications Plugin (remove only) (x32 Version:  - )
HijackThis 1.99.1 (x32 Version: 1.99.1 - Soeperman Enterprises Ltd.)
HP Imaging Device Functions 14.0 (Version: 14.0 - HP)
HP Officejet Pro 8000 A809 Series (Version: 14.0 - HP)
HP Solution Center 14.0 (Version: 14.0 - HP)
HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
iCloud (Version: 3.1.0.40 - Apple Inc.)
iClover 1.0.1 (x32 Version: 1.0.1 - Xiamen Tongbu Network Ltd.)
iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731 - )
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)
iPhone Backup Extractor (HKCU Version: 4.6.6.0 - Reincubate Ltd)
IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 39 (64-bit) (Version: 6.0.390 - Oracle)
jlGui 3.1 (HKCU Version:  - Music Player for the Java Platform)
Karen's Directory Printer (x32 Version: 5.3.0.2 - Karen Kenworthy)
Kernel Outlook PST Viewer ver 11.05.01 (x32 Version:  - Lepide Software Pvt. Ltd.)
LAME v3.99.3 (for Windows) (x32 Version:  - )
Laptop Integrated Webcam Driver (1.04.01.1011)   (Version:  - )
LastPass (uninstall only) (x32 Version:  - LastPass)
LexisNexis CaseMap 8 (x32 Version: 8.50.399.02 - LexisNexis CaseSoft) Hidden
LexisNexis NoteMap 2 (x32 Version: 2.10.12.1 - LexisNexis CaseSoft)
LexisNexis TextMap 5 (x32 Version: 5.00.177.01 - LexisNexis CaseSoft)
LexisNexis TimeMap 4 (x32 Version: 4.10.14.1 - LexisNexis CaseSoft) Hidden
LexisNexis® CD on Folio® 4 (x32 Version: 2.0 - LNCD4x)
Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) Hidden
Livescribe Connect (x32 Version: 1.2.1.58498 - Livescribe Inc)
Livescribe Desktop (x32 Version: 2.8.3 - Livescribe Inc)
LogonStudio (x32 Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Metrofax Outlook Fax AddIn (HKCU Version: 1.0.0.60 - Metrofax Outlook Fax AddIn)
MetroFax Printer (x32 Version: 3.0.4842.24832 - MetroFax, Inc.)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Filter Pack 1.0 (x32 Version: 12.0.4518.1104 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Gadgets for Windows SideShow (x32 Version: 1.0.7252.0 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 (x32 Version: 3.0.5305.0 - Microsoft Corporation)
Mindjet MindManager 8 (x32 Version: 8.0.217 - Mindjet LLC)
Missing Attachment PowerToy Setup (x32 Version: 1.00.0011 - Fortis Software LLC)
MobileNoter (HKCU Version: 2.4.11.887 - BusinessWare Technologies Inc.)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSGTAG Status (x32 Version:  - MSGTAG)
MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
myPhoneDesktop 2.0.3 (x32 Version: 2.0.3 - jProductivity, LLC)
NEO Pro (x32 Version: 5.04.561 - Caelo Software BV)
Network64 (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Nitro PDF Professional (Version: 6.2.1.10 - Nitro PDF Software)
Nuance OmniPage 17 (x32 Version: 17.0.0000 - Nuance Communications, Inc.)
Nuance PaperPort 12 (x32 Version: 12.0.0000 - Nuance Communications, Inc.)
ObjectDock Plus (x32 Version:  - )
Octoshape add-in for Adobe Flash Player (HKCU Version:  - )
ODIR (x32 Version:  - Vaita)
ON Table of Content Setup (x32 Version: 1.0.0 - Microsoft)
OneTouch 4.6 (x32 Version: 4.6.1112.8238 - Visioneer Inc.)
OutlookToOneNoteAddInSetup (x32 Version: 1.0.0 - Default Company Name)
Paint.NET v3.36 (Version: 3.36.0 - dotPDN LLC)
PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)
PDF-XChange 3 (Version:  - Tracker Software)
PhoneClean 2.2.0 (x32 Version: 2.2.0 - iMobie Inc.)
Picasa 3 (x32 Version: 3.8 - Google, Inc.)
Pidgin (x32 Version: 2.10.0 - )
PressReader (x32 Version: 5.12.0927.0 -  NewspaperDirect Inc.)
ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden
Protector Suite 2012 (Version: 5.9.8.7278 - Authentec Inc.)
Q-Dir (x32 Version:  - )
Quicken 2007 (x32 Version: 16.1.2.25 - Intuit)
Quicken 2013 (x32 Version: 22.1.12.7 - Intuit)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Recuva (Version: 1.38 - Piriform)
Rename Master (x32 Version:  - )
Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)
RICOH R5C83x/84x Media Driver x64 Ver.5.03.03 (x32 Version: 5.03.03 - )
Sage Timeslips 2011 (x32 Version: 19.0.0.0 - Sage)
Samsung ML-2855 Series (x32 Version:  - Samsung Electronics CO.,LTD)
SeaTools for Windows (x32 Version: 1.2.0.7 - Seagate Technology)
SendtoOneNote (x32 Version: 1.1.0 - LLC)
SigmaTel Audio (x32 Version: 5.10.5210.0 - SigmaTel)
Simpo PDF to Text 2.1.5.0 (x32 Version:  - )
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SlingPlayer (x32 Version: 2.0.4521 - Sling Media)
SlingPlayer (x32 Version: 2.0.4521 - Sling Media) Hidden
Smart Defrag 2 (x32 Version: 2.9 - IObit)
SmartDraw 2010 (HKCU Version:  - )
Snagit 10.0.1 (x32 Version: 10.0.1 - TechSmith Corporation)
Software Update Wizard (Redistributable) 4.5 (x32 Version: 4.5 - PowerProgrammer)
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
SplashID iPhone Desktop 5.4 (x32 Version: 5.4 - SplashData)
SplashID Safe 7.0.9 (x32 Version: 7.0.9 - SplashData)
Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SysTools Outlook PST Viewer 3.0 (x32 Version:  - )
TEC-IT TFORMer 6.0 (Version: 6.0.3.14226 - TEC-IT Datenverarbeitung GmbH)
TeraCopy 1.22 (x32 Version:  - Code Sector Inc.)
The LaptopLock 0.94 (x32 Version: 0.94 - The LaptopLock)
Timeslips by Sage 2008 (x32 Version: 16.0.0.0 - Sage Software SB, Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TouchChip USB Driver 2.6 (Version: 2.6.0.0097 - UPEK Inc.) Hidden
TrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
TurboTax 2010 (x32 Version:  - Intuit, Inc)
TurboTax 2010 wcaiper (x32 Version: 010.000.1393 - Intuit Inc.) Hidden
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)
TurboTax 2012 wcaiper (x32 Version: 012.000.1430 - Intuit Inc.) Hidden
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
VersaCheck 2002 Home And Business (x32 Version: 7.0.1.0 - G7 Productivity Systems, Inc.)
VersaCheck 2002 Home And Business (x32 Version: 7.0.1.0 - G7 Productivity Systems, Inc.) Hidden
WavePad Sound Editor (x32 Version:  - NCH Software)
WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) Hidden
WebSlingPlayer ActiveX (x32 Version: 1.5.2125 - Sling Media)
WePrint (x32 Version:  - EuroSmartz Ltd)
WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100 - Dell)
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Media Encoder 9 Series (x32 Version:  - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (Version:  - )
WinX Bluray DVD iPad Ripper 4.5.5 (x32 Version:  - Digiarty Software,Inc.)
WinX iPhone Video Converter 4.0.12 (x32 Version:  - Digiarty Software, Inc.)
Wondershare Dr.Fone for iOS(Build 3.1.0.111) (x32 Version: 3.1.0.111 - Wondershare Software Co.,Ltd.)
WordPerfect Office X3 - Home Edition Software Bundle (x32 Version: 13 - Corel)
WordPerfect Office X3 - Home Edition, Task Manager (x32 Version: 13.0 - Corel Corporation)
WordPerfect OfficeReady (x32 Version:  - )
WordPerfect® Office X3 - Home Edition (x32 Version:  - Corel Corporation)
WordPerfect® Office X3 - Home Edition (x32 Version: 13.3 - Corel Corporation) Hidden
X1 (x32 Version:  - )
Xerox DocuMate 252 Driver (x32 Version: 4.6.10034 - Visioneer Inc.)
XnView 1.95.4 (x32 Version: 1.95.4 - Gougelet Pierre-e)
xplorer² professional (x32 Version: 1.71 - Zabkat)
XPS2OneNote (x32 Version: 1.1.0 - CodePlex)
Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))
Yahoo! Detect (x32 Version:  - )
 
==================== Restore Points  =========================
 
12-01-2014 04:50:14 Scheduled Checkpoint
12-01-2014 14:12:36 Installed gSyncit
 
==================== Hosts content: ==========================
 
2013-09-14 00:07 - 2014-01-06 15:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {054FCAE8-24CE-400D-B8BB-04B383D90E84} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
Task: {097D9110-CAB4-4C49-B270-F41AC48F4B2A} - System32\Tasks\{BDED33F9-4C67-4220-9D1B-E0CED8B3C464} => D:\eFilmLt.exe
Task: {09F2942B-5EA1-45E3-9FAD-DA1C05316103} - \Microsoft\Windows\SideShow\GadgetManager No Task File
Task: {0BEAE0E8-4735-481B-9028-69F69FD06380} - System32\Tasks\{11A11680-42BB-4F99-B96A-A474F0B1CFD5} => C:\Program Files (x86)\Syncios\Syncios.exe
Task: {0C9CCB36-1B13-4DA1-BC6D-C504B364F140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {0D369C51-5B9B-47F1-9A0C-B67FA463A5F2} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {0E4E83E6-B2CF-48BA-8897-561178C414FF} - System32\Tasks\{88785863-B8BC-4F24-88E1-468A4C2AE477} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {13146D14-3F49-4C86-A4A6-F600135EBF04} - System32\Tasks\{BB04BBA5-B473-4433-9A6C-6136E340BC06} => D:\eFilmLt.exe
Task: {177AE80E-4378-44EF-A507-421FE06EEDA8} - System32\Tasks\{CF6E43FB-6028-49DD-A5E1-F76920727AF5} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {2088594B-5181-4282-9D84-C5B18B698DB5} - System32\Tasks\{7DAF5FB7-EE7C-499C-B01F-2EF2DBDCAA92} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {25F83B4F-E61D-4DA1-8EC3-530799931A82} - System32\Tasks\{71F5E962-0C39-4961-B208-808A43B14EF0} => D:\eFilmLt.exe
Task: {28B96460-70C9-4473-9195-B683C20DBD80} - System32\Tasks\{22196905-5959-410E-929B-ECDED408BE16} => D:\eFilmLt.exe
Task: {2CC8CB93-A771-44A8-B294-4A96DC96BE7C} - System32\Tasks\{94497B6F-CD91-4098-839D-50D514C86094} => D:\Launch.exe
Task: {37C6AD7F-D422-4D47-A88D-5BE44E307026} - System32\Tasks\{5E445465-C75E-4DA0-9439-2A979F7FC568} => D:\eFilmLt.exe
Task: {491C9B38-510C-462F-8784-72E7D34BB27F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {4960F2A8-B289-42D5-A43B-CD430B33B09D} - System32\Tasks\{1128B882-DD62-49F8-83EA-22A67F852FC6} => D:\eFilmLt.exe
Task: {4D4FA996-DCDE-4E79-B336-15CE980DDBC0} - System32\Tasks\{31010270-E2CE-45BD-B3C4-A9CE5E302663} => M:\Download\DataRecovery_EN\DataRecovery_EN\DataRecovery.exe
Task: {53C13203-3E3D-47D3-912B-6E0BFDAF80E7} - System32\Tasks\{4F2D8FA2-A7E4-4033-84D3-40ADCDC05D1C} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {66C999A8-4BD6-4CAB-B78C-85578BC3A540} - System32\Tasks\{FFD0E658-01A0-4A5E-B62A-FD716D9216DF} => D:\eFilmLt.exe
Task: {6F0A6663-33AE-4BFC-9868-F1F394711360} - System32\Tasks\{6F23EFFA-7179-4F8F-BBA3-A6958A9DF0C1} => D:\eFilmLt.exe
Task: {6F59614A-868E-4F37-8A64-1F9D5E9EB6CD} - System32\Tasks\{40FA3E3B-C2AF-48FD-9EE3-1BB67768D278} => D:\eFilmLt.exe
Task: {71313239-14B1-4A48-B419-A892941FBD72} - System32\Tasks\{10171195-AA36-43A0-BD4F-0340806B2FF8} => D:\eFilmLt.exe
Task: {756DE6FB-37AF-4C50-897A-FE368275DA29} - System32\Tasks\{B943A872-D98B-4511-8FA2-8F6C93822198} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {777589E7-1ABE-40D8-B68F-E09470326AB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {7C71DD1C-5E87-4732-BC79-0F17B7C67699} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)
Task: {7F268CFD-CA33-41D3-AB51-D9869EB91D92} - System32\Tasks\{F4C885A1-C575-4E6A-A0F4-F9E84A0A136F} => D:\eFilmLt.exe
Task: {8828443B-A96C-4A2C-8842-BEAC2A77AC3B} - \Microsoft\Windows\SideShow\AutoWake No Task File
Task: {88304FA3-41A1-4FE3-99EB-0BE16FA3F1D9} - System32\Tasks\{2B28E087-076B-458B-BB0C-9D02AA35BC09} => D:\eFilmLt.exe
Task: {8DE711C9-0E76-44D6-B45F-302AEDA1C395} - System32\Tasks\{4545EC5E-9D53-4216-B21F-4954CCE4B9EE} => D:\eFilmLt.exe
Task: {8E7FDD4D-73AE-4D4F-8B24-94579107CB8E} - System32\Tasks\{37859531-2EB1-4308-8187-38C725D1F0F7} => C:\Program Files (x86)\Syncios\Syncios.exe
Task: {9C2F7985-32C1-4140-B76F-DB84BAEE4621} - System32\Tasks\{2EBBB472-A065-4C63-894F-210573353B4E} => D:\eFilmLt.exe
Task: {9F23CF96-37F6-4B1E-8C02-704FB15A4469} - System32\Tasks\{2A6D6C14-82F7-42E4-9F18-9432A1D30806} => D:\eFilmLt.exe
Task: {A4041380-5ABF-4282-BE27-B27EF8B19172} - System32\Tasks\{E18246B8-5EBD-443D-8771-8A82F19FAA8E} => D:\eFilmLt.exe
Task: {A590D411-F606-498E-89EF-CA9683DDA64E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5F4BB1E-0120-4798-9C97-5245F116DD59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {A72F92B5-6349-403B-BDAC-02C2920EE822} - System32\Tasks\{750CC6F5-5D24-4623-8BCC-5AA1274366B6} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {A7959233-5685-48B4-A684-FA2643F46B5A} - System32\Tasks\{05702656-D592-41ED-BD12-F5EFC2A7EDF8} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task File
Task: {B041C486-CCF5-4076-9F1C-1ACD91D8BD8D} - \Microsoft\Windows\SideShow\SystemDataProviders No Task File
Task: {B48B1A56-D226-44BE-AE0C-4F2DA824F0C5} - System32\Tasks\{CC9BE3AB-9D9B-4B58-86CE-47A6DCF73E70} => D:\eFilmLt.exe
Task: {B62D09A6-32F5-4482-A21E-AAAF9DA578B9} - System32\Tasks\{9E739A08-0F70-4861-A534-B6A09C831745} => M:\LexisNexis\FLCIVT\disc1\Setup.exe [2006-05-24] (Macrovision Corporation)
Task: {B7D98932-4D44-452A-897A-1BF555E39258} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()
Task: {BE7F59AC-1F1B-481F-8261-916405502242} - System32\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)
Task: {CBC92B0C-347F-44C8-A89C-9C998F758B28} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-10-26] (Siber Systems)
Task: {D40A6EE2-F93A-4533-8648-74146567C63A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)
Task: {D5F38702-99A2-4E49-9B39-22CBB424E937} - \Microsoft\Windows\SideShow\SessionAgent No Task File
Task: {D96EF37E-9754-4834-96C6-1B4E9AF65673} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {DABD6CFB-227F-453E-A206-F52AC1253201} - System32\Tasks\{DB9622E1-BAE2-4370-B1DA-A51B4BB569C4} => M:\LexisNexis\FLCIVT\disc1\Setup.exe [2006-05-24] (Macrovision Corporation)
Task: {E56B6142-6484-48AD-A0CE-0D19ABD2977A} - System32\Tasks\{8AB40158-FE9D-416F-96F8-6AFC978821D1} => D:\eFilmLt.exe
Task: {E7BFFE1A-47C4-4992-A865-CB48A147CBB1} - System32\Tasks\{49AF100A-95BF-485F-B845-AECECE04D644} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exe
Task: {E90863AC-A813-4034-83D2-F1DEE6EDCEBE} - System32\Tasks\{044CAB91-85F8-4F41-9636-E56729AF4B62} => D:\eFilmLt.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-09-21 20:50 - 2007-04-23 15:53 - 00020752 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Dock64.dll
2010-09-21 20:30 - 2009-08-16 16:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-09-24 09:13 - 2013-09-24 04:24 - 02103296 _____ () C:\Program Files\AVAST Software\Avast\defs\13092400\algo.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-10-27 17:56 - 2011-10-27 17:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll
2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2011-04-18 18:26 - 2013-09-11 19:06 - 00048960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
2010-09-21 20:50 - 2007-04-24 14:22 - 00112400 _____ () C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll
2010-09-22 22:35 - 2002-08-13 05:09 - 00684032 _____ () C:\Program Files (x86)\MSGTAG Status\libeay32.dll
2010-09-22 22:35 - 2002-08-13 05:10 - 00155648 _____ () C:\Program Files (x86)\MSGTAG Status\ssleay32.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Neal\AppData\Roaming\Dropbox\bin\libcef.dll
2012-07-23 08:47 - 2013-08-27 20:50 - 00118784 _____ () C:\Program Files (x86)\myPhoneDesktop\bin\moyocore.dll
2012-07-23 08:47 - 2013-09-08 17:14 - 00132608 _____ () C:\Program Files (x86)\myPhoneDesktop\.install4j\i4jinst.dll
2010-09-21 20:50 - 2007-04-19 13:23 - 00095944 _____ () C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll
2010-09-21 20:50 - 2007-04-21 12:47 - 00059592 _____ () C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll
2010-09-21 20:50 - 2002-11-19 13:11 - 00139264 _____ () C:\Program Files (x86)\Common Files\Stardock\ODImg.dll
2008-11-14 02:34 - 2008-11-14 02:34 - 00115968 _____ () C:\Program Files (x86)\Mindjet\MindManager 8\zlib.dll
2014-01-04 11:26 - 2013-04-23 09:59 - 00376832 _____ () C:\Program Files (x86)\1Password\js3215R.dll
2012-11-13 09:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-07-11 10:04 - 2013-07-11 10:04 - 00507432 _____ () C:\Credenza\Outlook Client\adxloader.dll
2013-07-16 07:55 - 2013-07-16 07:55 - 00317952 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\bb3e07f2\00f87e1e_3f7ece01\OneLogic.Core.DLL
2013-07-16 07:55 - 2013-07-16 07:55 - 00627200 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\9ac49f1b\00ac4323_3f7ece01\OneLogic.LegalObjects.DLL
2013-07-16 07:55 - 2013-07-16 07:55 - 00243200 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\8b248bf3\0025b01f_3f7ece01\OneLogic.OutlookProxy.DLL
2013-07-16 08:10 - 2013-07-16 08:10 - 00137728 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\319b81fb\00ac4323_3f7ece01\OneLogic.NavPane.DLL
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2011-08-20 12:05 - 2011-08-20 12:05 - 00582656 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00143096 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00535264 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00219305 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00055808 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00482872 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00095189 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 01213633 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00013426 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00006751 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00017910 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00009712 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00007645 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll
2007-12-16 21:15 - 2007-12-16 21:15 - 00651785 _____ () C:\Program Files (x86)\Pidgin\plugins\guifications.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00012380 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00006875 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00011517 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00011029 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00009084 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00251285 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00070345 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00180516 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00010015 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00075085 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00288309 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00119368 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00086376 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00087918 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00093250 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00173805 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00147158 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 02719062 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 01206642 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00043176 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00016371 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00325180 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00016330 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00190214 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00013291 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00038873 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00014269 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00006954 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00021699 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00010521 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00022242 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00008878 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00008927 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00009055 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00061569 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00018706 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00006526 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00009476 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00023339 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00022446 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00012953 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00016291 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00021753 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00021709 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00029185 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00033896 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00417501 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll
2010-09-21 20:11 - 2010-09-21 20:11 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 00866159 _____ () C:\Program Files (x86)\Pidgin\spellcheck\lib\enchant\libenchant_ispell.dll
2011-08-20 12:05 - 2011-08-20 12:05 - 01332245 _____ () C:\Program Files (x86)\Pidgin\spellcheck\lib\enchant\libenchant_myspell.dll
2013-11-19 15:19 - 2009-08-04 13:33 - 00389120 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll
2013-11-19 15:19 - 2007-03-22 12:38 - 02748416 ____R () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\LIBMYSQLD.dll
2013-12-05 13:37 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-05 13:37 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-05 13:37 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-05 13:37 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-05 13:37 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows:
AlternateDataStreams: C:\Windows:nlsPreferences
AlternateDataStreams: C:\ProgramData\TEMP:01C66DD9
AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
Name: Acronis Backup Archive Explorer
Description: Acronis Backup Archive Explorer
Class Guid: {1860459d-4692-4825-b761-44a725991050}
Manufacturer: Acronis, Inc.
Service: timounter
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: EldoS Corporation
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
 
Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Broadcom NetLink Fast Ethernet
Description: Broadcom NetLink Fast Ethernet
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60a
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Bluetooth Device (Personal Area Network)
Description: Bluetooth Device (Personal Area Network)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
Name: Officejet Pro 8600
Description: Officejet Pro 8600
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Officejet Pro 8000 A809
Description: Officejet Pro 8000 A809
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/12/2014 01:23:48 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file '_lmx.afm_idu_FPW_petsysae_lacol_tib23_rgnerepw_' cannot be installed because the file cannot be found in cabinet file 'TurboTax.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
 
Error: (01/12/2014 01:16:58 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:56 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:52 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:50 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:45 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
Error: (01/12/2014 01:16:41 AM) (Source: Application Error) (User: )
Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438b
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677
Exception code: 0xe0434f4d
Fault offset: 0x000000000000940d
Faulting process id: 0x%9
Faulting application start time: 0xbcmwltry.exe0
Faulting application path: bcmwltry.exe1
Faulting module path: bcmwltry.exe2
Report Id: bcmwltry.exe3
 
 
System errors:
=============
Error: (01/12/2014 11:04:31 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 10:45:22 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 10:26:14 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 10:07:06 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 09:47:58 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 09:28:50 AM) (Source: Service Control Manager) (User: )
Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: 
%%126
 
Error: (01/12/2014 09:24:59 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%126
 
Error: (01/12/2014 09:24:59 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with the following error: 
%%126
 
Error: (01/12/2014 09:19:29 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%126
 
Error: (01/12/2014 09:19:29 AM) (Source: Service Control Manager) (User: )
Description: The Network Location Awareness service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
Error: (01/09/2014 06:33:29 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 117038 seconds with 8400 seconds of active time.  This session ended with a crash.
 
Error: (12/30/2013 04:36:39 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 251 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (12/30/2013 04:00:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1570 seconds with 480 seconds of active time.  This session ended with a crash.
Link to post
Share on other sites

  • Staff

Hello kinetix12

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Gringo -- 

 

The requested logs follow;  I ran the Adw twice and picked up one small change in registry keys -- both Adw logs follow as does the JRT, which I think was clean.

 

The computer continues to function but I also continue to receive the webio.dll file error when the program "fences"  is loaded at startup, and the network connection icon on the system tray continues to show limited connection even though i think the connection is fine.

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 08:34:29

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Neal - NEAL-PC

# Running from : C:\Users\Neal\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Neal\AppData\Local\genienext

Folder Deleted : C:\Users\Neal\AppData\Local\Mobogenie

Folder Deleted : C:\Users\Neal\AppData\Roaming\newnext.me

Folder Deleted : C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

Folder Deleted : C:\Users\Neal\Documents\Mobogenie

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]

Key Deleted : HKCU\Software\FLEXnet

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16750

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]

AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]

AdwCleaner[R2].txt - [2938 octets] - [15/01/2014 08:25:48]

AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]

AdwCleaner[s1].txt - [2375 octets] - [06/01/2014 19:33:58]

AdwCleaner[s2].txt - [2846 octets] - [15/01/2014 08:34:29]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2906 octets] ##########

 

 

# AdwCleaner v3.017 - Report created 15/01/2014 at 08:46:20

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Neal - NEAL-PC

# Running from : C:\Users\Neal\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKCU\Software\FLEXnet

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16750

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ]

 

 

[ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ]

 

 

-\\ Google Chrome v31.0.1650.63

 

[ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]

AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]

AdwCleaner[R2].txt - [2938 octets] - [15/01/2014 08:25:48]

AdwCleaner[R3].txt - [2513 octets] - [15/01/2014 08:43:48]

AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]

AdwCleaner[s1].txt - [2375 octets] - [06/01/2014 19:33:58]

AdwCleaner[s2].txt - [2986 octets] - [15/01/2014 08:34:29]

AdwCleaner[s3].txt - [2395 octets] - [15/01/2014 08:46:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2455 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Professional x64

Ran by Neal on Wed 01/15/2014 at  8:56:22.19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/15/2014 at  9:16:58.02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

  • Staff

Hello kinetix12

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Gringo --

 

The log is noted below.  The computer is somewhat unstable and has crashed several times.  I think I have stabilized it for the moment.  Two MS Outlook add-ins have had to be re-installed.  The network icon issue remains and I still periodically get the webio.dll file issue error message.  I am wondering if a re-install of windows and other programs is going to be necessary.  At least my data is on another partition.

 

Thanks

 

 

ComboFix 14-01-16.03 - Neal 01/16/2014  18:45:39.4.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4086.1366 [GMT -5:00]

Running from: C:\Users\Neal\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\ProgramData\SplashID.ico

C:\ProgramData\sqlite3.dll

C:\Users\Neal\AppData\Local\assembly\tmp

C:\Users\Neal\AppData\Local\assembly\tmp\LFT8BXL4\__AssemblyInfo__.ini

C:\Users\Neal\AppData\Local\assembly\tmp\LFT8BXL4\OneLogic.LegalForms.DLL

C:\Users\Neal\AppData\Local\Temp\IntResource.dll

 

 

(((((((((((((((((((((((((   Files Created from 2013-12-17 to 2014-01-17  )))))))))))))))))))))))))))))))
Link to post
Share on other sites

The log was incomplete so I re-ran the program. It took a couple of tries and cleaning out a prior installation.  The new complete log follows.  I note that the system crashed and Chrome browser is having som issues.  I need to reinstall it.

 

 

ComboFix 14-01-16.03 - Neal 01/16/2014  22:09:54.6.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4086.1953 [GMT -5:00]
Running from: c:\users\Neal\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Neal\AppData\Local\assembly\tmp
.
(((((((((((((((((((((((((   Files Created from 2013-12-17 to 2014-01-17  )))))))))))))))))))))))))))))))
.
2014-01-17 03:23 . 2014-01-17 03:23    --------    d-----w-    c:\windows\system32\config\systemprofile\AppData\Local\temp
2014-01-17 03:23 . 2014-01-17 03:23    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-01-17 01:01 . 2013-12-04 03:28    10315576    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C341D4D8-4E81-40E8-ADFD-4C7BFC31BFFA}\mpengine.dll
2014-01-16 18:45 . 2014-01-16 18:49    108968    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-01-15 20:08 . 2014-01-15 20:08    --------    d-----w-    C:\Credenza
2014-01-15 17:00 . 2014-01-15 17:00    --------    d-----w-    c:\users\Neal\AppData\Roaming\AVAST Software
2014-01-15 16:56 . 2014-01-15 16:56    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2014-01-15 16:55 . 2014-01-15 17:26    79672    ----a-w-    c:\windows\system32\drivers\aswstm.sys
2014-01-13 01:32 . 2014-01-13 01:32    --------    d-----w-    c:\windows\SysWow64\URTTEMP
2014-01-12 16:01 . 2014-01-12 16:01    --------    d-----w-    C:\FRST
2014-01-12 05:38 . 2014-01-12 05:38    --------    d-----w-    C:\found.004
2014-01-11 19:33 . 2014-01-11 19:33    --------    d-----w-    c:\users\Neal\.android
2014-01-11 19:33 . 2014-01-11 20:17    --------    d-----w-    c:\users\Neal\AppData\Local\cache
2014-01-11 00:48 . 2014-01-11 01:29    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-01-11 00:48 . 2014-01-11 00:48    117464    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-01-11 00:47 . 2014-01-11 01:32    89304    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-01-07 00:40 . 2014-01-07 00:40    --------    d-----w-    c:\windows\ERUNT
2014-01-06 21:06 . 2014-01-06 21:06    --------    d-----w-    C:\found.002
2014-01-06 15:49 . 2014-01-15 13:46    --------    d-----w-    C:\AdwCleaner
2014-01-06 01:01 . 2011-11-17 05:35    314880    ----a-w-    C:\webio.dll
2014-01-04 16:26 . 2014-01-04 16:26    --------    d-----w-    c:\users\Neal\AppData\Roaming\Agile Web Solutions
2014-01-04 16:26 . 2013-08-15 20:50    1769984    ----a-w-    c:\windows\SysWow64\ChilkatCert.dll
2014-01-04 16:26 . 2013-08-15 20:49    2403328    ----a-w-    c:\windows\SysWow64\ChilkatSocket.dll
2014-01-04 16:26 . 2013-01-10 15:23    1580784    ----a-w-    c:\windows\SysWow64\ChilkatCrypt2.dll
2014-01-04 16:26 . 2012-08-06 22:39    2416640    ----a-w-    c:\windows\SysWow64\ChilkatZip2.dll
2014-01-04 16:26 . 2014-01-05 01:24    --------    d-----w-    c:\program files (x86)\1Password
2014-01-04 07:09 . 2014-01-04 07:09    --------    d-----w-    c:\program files\Common Files\SPBA
2014-01-04 07:09 . 2014-01-04 07:09    --------    d-----w-    c:\program files (x86)\Common Files\SPBA
2014-01-04 07:09 . 2014-01-05 02:33    --------    d-----w-    c:\program files\Protector Suite
2014-01-04 01:49 . 2014-01-04 01:49    --------    d-----w-    c:\program files (x86)\Dashlane
2014-01-04 01:47 . 2014-01-04 01:47    --------    d-----w-    c:\users\Neal\AppData\Local\Packages
2014-01-03 21:42 . 2014-01-03 21:42    --------    d-----w-    c:\users\Neal\AppData\Roaming\Tools
2014-01-03 13:26 . 2014-01-03 13:26    --------    d-----w-    c:\program files\HijackThis
2014-01-03 11:52 . 2014-01-03 11:52    --------    d-----w-    c:\programdata\HitmanPro
2014-01-03 01:10 . 2014-01-05 22:50    --------    d-----w-    c:\program files (x86)\Advanced Fix 2013
2014-01-02 01:40 . 2014-01-02 01:40    --------    d-----w-    c:\users\Neal\AppData\Roaming\Ascendo
2014-01-02 01:33 . 2014-01-02 01:33    --------    d-----w-    c:\program files (x86)\DataVault
2014-01-02 00:38 . 2014-01-02 01:31    --------    d-----w-    c:\users\Neal\AppData\Local\PasswordSafe
2013-12-29 08:41 . 2013-05-22 23:49    32600    ----a-w-    c:\windows\system32\SmartDefragBootTime.exe
2013-12-29 08:40 . 2013-05-22 23:49    17720    ----a-w-    c:\windows\system32\drivers\SmartDefragDriver.sys
2013-12-27 17:48 . 2013-12-27 17:48    --------    d-----w-    C:\MATS
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-17 03:17 . 2012-10-24 15:41    29    ----a-w-    c:\windows\SysWow64\TempWmicBatchFile.bat
2014-01-16 19:03 . 2013-08-15 22:07    217088    ----a-w-    c:\programdata\SDPlatformMgr.dll
2014-01-16 19:03 . 2013-08-15 22:07    9035416    ----a-w-    c:\programdata\SplashID%20Safe.exe
2014-01-15 16:55 . 2013-03-08 07:24    65776    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-15 16:55 . 2013-03-08 07:24    207904    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-15 16:55 . 2012-10-26 11:17    422216    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2014-01-15 16:55 . 2012-10-26 11:17    1034464    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-15 16:55 . 2012-10-26 11:17    78648    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-15 16:55 . 2012-10-26 11:17    334136    ----a-w-    c:\windows\system32\aswBoot.exe
2014-01-15 16:55 . 2012-10-26 11:17    92544    ----a-w-    c:\windows\system32\drivers\aswRdr2.sys
2014-01-15 16:55 . 2012-10-26 11:16    43152    ----a-w-    c:\windows\avastSS.scr
2013-12-10 22:35 . 2013-07-18 03:12    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 22:35 . 2013-07-18 03:12    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-01 19:42 . 2010-09-23 19:20    90708896    ----a-w-    c:\windows\system32\MRT.exe
2013-11-23 18:26 . 2013-12-12 04:37    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-12 04:37    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
2013-11-19 08:33 . 2010-09-22 00:27    267936    ------w-    c:\windows\system32\MpSigStub.exe
2013-11-13 18:05 . 2010-09-22 02:45    47633    ----a-w-    c:\windows\SysWow64\wuwuninst.exe
2013-11-12 02:23 . 2013-12-12 04:37    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-12 04:37    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2013-11-11 12:52 . 2013-11-11 12:52    12767232    ----a-w-    c:\program files (x86)\Common Files\lpuninstall.exe
2013-10-30 02:32 . 2013-12-12 04:37    335360    ----a-w-    c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-12 04:37    301568    ----a-w-    c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-12 04:37    3155968    ----a-w-    c:\windows\system32\win32k.sys
2013-10-25 06:19 . 2013-12-12 08:05    51712    ----a-w-    c:\windows\system32\ie4uinit.exe
2013-10-25 06:19 . 2013-12-12 08:05    2241536    ----a-w-    c:\windows\system32\wininet.dll
2013-10-25 06:19 . 2013-12-12 08:05    1365504    ----a-w-    c:\windows\system32\urlmon.dll
2013-10-25 06:18 . 2013-12-12 08:05    19271168    ----a-w-    c:\windows\system32\mshtml.dll
2013-10-25 06:18 . 2013-12-12 08:05    603136    ----a-w-    c:\windows\system32\msfeeds.dll
2013-10-25 06:17 . 2013-12-12 08:05    855552    ----a-w-    c:\windows\system32\jscript.dll
2013-10-25 06:17 . 2013-12-12 08:05    3959808    ----a-w-    c:\windows\system32\jscript9.dll
2013-10-25 06:17 . 2013-12-12 08:05    53248    ----a-w-    c:\windows\system32\jsproxy.dll
2013-10-25 06:17 . 2013-12-12 08:05    526336    ----a-w-    c:\windows\system32\ieui.dll
2013-10-25 06:17 . 2013-12-12 08:05    67072    ----a-w-    c:\windows\system32\iesetup.dll
2013-10-25 06:17 . 2013-12-12 08:05    39936    ----a-w-    c:\windows\system32\iernonce.dll
2013-10-25 06:17 . 2013-12-12 08:05    136704    ----a-w-    c:\windows\system32\iesysprep.dll
2013-10-25 06:17 . 2013-12-12 08:05    2648576    ----a-w-    c:\windows\system32\iertutil.dll
2013-10-25 06:17 . 2013-12-12 08:05    15404032    ----a-w-    c:\windows\system32\ieframe.dll
2013-10-25 04:45 . 2013-12-12 08:05    1767936    ----a-w-    c:\windows\SysWow64\wininet.dll
2013-10-25 04:43 . 2013-12-12 08:05    2877952    ----a-w-    c:\windows\SysWow64\jscript9.dll
2013-10-25 04:43 . 2013-12-12 08:05    61440    ----a-w-    c:\windows\SysWow64\iesetup.dll
2013-10-25 04:43 . 2013-12-12 08:05    109056    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2013-10-25 04:07 . 2013-12-12 08:05    2706432    ----a-w-    c:\windows\system32\mshtml.tlb
2013-10-25 03:41 . 2013-12-12 08:05    2706432    ----a-w-    c:\windows\SysWow64\mshtml.tlb
2013-10-25 03:17 . 2013-12-12 08:05    89600    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2013-10-25 02:49 . 2013-12-12 08:05    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-17 00:23    222832    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-17 00:23    222832    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-17 00:23    222832    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    131248    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]
"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2014-01-02 167424]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]
"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]
"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]
"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-15 3764024]
.
c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]
Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2013-11-26 4031152]
myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]
Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]
WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]
XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages    REG_MULTI_SZ       scecli c:\program files\Protector Suite\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]
R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]
R2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]
R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]
R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]
S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]
S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-16 14:43    1211672    ----a-w-    c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]
.
2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26]
.
2014-01-17 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-01-17 00:23    261744    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-01-17 00:23    261744    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-01-17 00:23    261744    ----a-w-    c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-15 16:55    287280    ----a-w-    c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54    164016    ----a-w-    c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2012-10-23 17:47    5928296    ----a-w-    c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2012-10-23 17:47    5928296    ----a-w-    c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]
"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-11-26 4031152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-11-26 521904]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201
IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4
IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000


IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105


IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Send To CaseMap - c:\windows\system32\lnToCM.htm

Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254 192.168.2.1
FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.nbcnews.com
FF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefox
FF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi
.
 

Link to post
Share on other sites