kinetix12 Posted January 3, 2014 ID:772864 Share Posted January 3, 2014 I suspect that i have been hijacked. I am running Win 7 pro on 320GB hard drive partitioned as C: for the OS and M for data. I have free space on each drive of approx 33 GB. My network connection icon (in system tray) reflects limited connectivity but I actually have a full connection through my router. I have rebooted the router. No change. I have connected to a different router. No change. Efforts to run sfc/scannow (in regular and safe mode) fail with reports of corrupted system files. Efforts to troubleshoot the connection fail -- I get a message that webio.dll is missing only it isn't missing. I have run chkdsk/f and chkdsk/r several times and seem to have clean runs. I have uninstalled and re-installed the drivers for the NIC without incident. Firefox has crashed several times and could not be restarted until I reinstalled it. Efforts to perform an in-place upgrade on Windows to reinstall the webio.dll have failed. I have now run SpyBot S&D and Malwarebytes with clean exams of both drives. My system regularly runs Avast free version. All drives have been defragmented. I tried to run Hitman Pro -- it would not start or if it started, it crashed. Thoughts? Attach.txt -- log DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 9/21/2010 8:19:58 PMSystem Uptime: 1/3/2014 8:03:59 AM (1 hours ago).Motherboard: Dell Inc. | | 0N6705Processor: Intel® Core2 Duo CPU T7250 @ 2.00GHz | Microprocessor | 2001/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 127 GiB total, 32.737 GiB free.D: is CDROM ()M: is FIXED (NTFS) - 171 GiB total, 33.755 GiB free..==== Disabled Device Manager Items =============.Class GUID: {1860459d-4692-4825-b761-44a725991050}Description: Acronis Backup Archive ExplorerDevice ID: ROOT\ACRONISDEVICES\0001Manufacturer: Acronis, Inc.Name: Acronis Backup Archive ExplorerPNP Device ID: ROOT\ACRONISDEVICES\0001Service: timounter.Class GUID: {1378e71b-ab4d-4348-af26-cba56b12969e}Description: StorLib bus (virtual storages support)Device ID: ROOT\STORLIB\0000Manufacturer: EldoS CorporationName: StorLib bus (virtual storages support)PNP Device ID: ROOT\STORLIB\0000Service: cbfs3.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (IKEv2)Device ID: ROOT\MS_AGILEVPNMINIPORT\0000Manufacturer: MicrosoftName: WAN Miniport (IKEv2)PNP Device ID: ROOT\MS_AGILEVPNMINIPORT\0000Service: RasAgileVpn.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (L2TP)Device ID: ROOT\MS_L2TPMINIPORT\0000Manufacturer: MicrosoftName: WAN Miniport (L2TP)PNP Device ID: ROOT\MS_L2TPMINIPORT\0000Service: Rasl2tp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (Network Monitor)Device ID: ROOT\MS_NDISWANBH\0000Manufacturer: MicrosoftName: WAN Miniport (Network Monitor)PNP Device ID: ROOT\MS_NDISWANBH\0000Service: NdisWan.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (IP)Device ID: ROOT\MS_NDISWANIP\0000Manufacturer: MicrosoftName: WAN Miniport (IP)PNP Device ID: ROOT\MS_NDISWANIP\0000Service: NdisWan.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Broadcom NetLink Fast EthernetDevice ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02091028&REV_02\4&2902BDE7&0&00E5Manufacturer: BroadcomName: Broadcom NetLink Fast EthernetPNP Device ID: PCI\VEN_14E4&DEV_1713&SUBSYS_02091028&REV_02\4&2902BDE7&0&00E5Service: b57nd60a.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (IPv6)Device ID: ROOT\MS_NDISWANIPV6\0000Manufacturer: MicrosoftName: WAN Miniport (IPv6)PNP Device ID: ROOT\MS_NDISWANIPV6\0000Service: NdisWan.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (PPPOE)Device ID: ROOT\MS_PPPOEMINIPORT\0000Manufacturer: MicrosoftName: WAN Miniport (PPPOE)PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000Service: RasPppoe.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (PPTP)Device ID: ROOT\MS_PPTPMINIPORT\0000Manufacturer: MicrosoftName: WAN Miniport (PPTP)PNP Device ID: ROOT\MS_PPTPMINIPORT\0000Service: PptpMiniport.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: WAN Miniport (SSTP)Device ID: ROOT\MS_SSTPMINIPORT\0000Manufacturer: MicrosoftName: WAN Miniport (SSTP)PNP Device ID: ROOT\MS_SSTPMINIPORT\0000Service: RasSstp.Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}Description: Bluetooth Device (Personal Area Network)Device ID: BTH\MS_BTHPAN\7&167DD0C&0&2Manufacturer: MicrosoftName: Bluetooth Device (Personal Area Network)PNP Device ID: BTH\MS_BTHPAN\7&167DD0C&0&2Service: BthPan.Class GUID: Description: Officejet Pro 8600Device ID: ROOT\MULTIFUNCTION\0000Manufacturer: Name: Officejet Pro 8600PNP Device ID: ROOT\MULTIFUNCTION\0000Service: .Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet Pro 8000 A809Device ID: ROOT\MULTIFUNCTION\0002Manufacturer: HPName: Officejet Pro 8000 A809PNP Device ID: ROOT\MULTIFUNCTION\0002Service: .==== System Restore Points ===================.RP1250: 1/3/2014 7:37:59 AM - Installed RT 7 Lite x64.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)64 Bit HP CIO Components Installer7-Zip 9.20 (x64 edition)8000A8098000A809_eDocs8000A809_HelpABC Amber LIT ConverterABC Amber Outlook ConverterABC Amber PDF ConverterAcronis True Image Home 2012Adobe Acrobat 8 ProfessionalAdobe Acrobat 8.3.1 - CPSID_83708Adobe Acrobat 8.3.1 ProfessionalAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdvanced File Organizer 3.01Advanced Fix 2013 version 2.1.3.83Amazon KindleApple Application SupportApple Mobile Device SupportApple Software UpdateARTS PDF Aerialist Professional 1.2Ascendo DataVault 4.9.12Ashampoo Burning Studio 2012 v10.0.15Asterisk Key 10.0Attribute Changer 6.20Audacity 2.0.4AutoSplit Pro Plug-In, v. 2.2avast! EasyPassavast! Free AntivirusBelarc Advisor 7.2BonjourBonjour Print ServicesBPDSoftwareBPDSoftware_IniBRAdmin Professional 3Bring To OneNote for Office 2007 v3.0.0.10Broadcom Gigabit Integrated ControllerBrother BRAgent 1.33.0000Brother MFL-Pro Suite MFC-8870DWBufferChmBytescout BarCode Generator 2.00.241 (FREEWARE)calibreCCleanerCDBurnerXPCisco ConnectCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCisco WebEx MeetingsCoolUtils Mail ViewerCore Temp 1.0 RC3CoreLibCredenzaCrystalDiskInfo 3.1.1Dell Driver Download ManagerDell Resource CDDell System DetectDell TouchpadDell Wireless WLAN CardDevice RemoverDeviceDiscoveryDiskPie 2.1Download Updater (AOL LLC)DropboxDVDFab 8.0.5.6 (05/12/2010)DYMO Label v.8DYMO StampsEASEUS Partition Master 3.5 Unlimited EditionEmsisoft Anti-MalwareEraser 6.0.8.2273ERUNT 1.1jEver2One ConverterEvernote v. 5.0.3ExportOutlookNotestoOneNoteAddinSetupeXpress TimeStamp ToucherFamily Tree Maker 2010Fast Duplicate File Finder 1.1.0.0FastStone Image Viewer 4.6Fences 2File RenamerFile Shredder 2.0FoxTab PDF CreatorGnuCash 2.4.8GoodSyncGoogle ChromeGoogle EarthGoogle Update HelperGPBaseService2GPL Ghostscript 9.00GSview 4.9gSyncitGuifications Plugin (remove only)HijackThis 1.99.1HP Imaging Device Functions 14.0HP Officejet Pro 8000 A809 SeriesHP Solution Center 14.0HPProductAssistantiCloudiClover 1.0.1iFunbox (v2.1.2228.731), iFunbox DevTeamIntel® Graphics Media Accelerator DriveriPhone Backup ExtractorIrfanView (remove only)iTunesJava 7 Update 17 (64-bit)Java 7 Update 45Java Auto UpdaterJava 6 Update 39 (64-bit)jlGui 3.1Karen's Directory PrinterKernel Outlook PST Viewer ver 11.05.01LAME v3.99.3 (for Windows)Laptop Integrated Webcam Driver (1.04.01.1011) LastPass (uninstall only)LexisNexis CaseMap 8LexisNexis NoteMap 2LexisNexis TextMap 5LexisNexis TimeMap 4LexisNexis® CD on Folio® 4Livescribe ConnectLivescribe DesktopLogonStudioMalwarebytes Anti-Malware version 1.75.0.1300Metrofax Outlook Fax AddInMetroFax PrinterMicrosoft .NET Framework 1.1Microsoft .NET Framework 4.5.1Microsoft Filter Pack 1.0Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook Gadgets for Windows SideShowMicrosoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Outlook Personal Folders BackupMicrosoft Primary Interoperability Assemblies 2005Microsoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server Compact 3.5 SP1 EnglishMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio 2010 Tools for Office Runtime (x64)Microsoft WSE 3.0Mindjet MindManager 8Missing Attachment PowerToy SetupMobileNoterMozilla Firefox 24.0 (x86 en-US)Mozilla Maintenance ServiceMSGTAG StatusMSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)myPhoneDesktop 2.0.3NEO ProNetwork64Nitro PDF ProfessionalNuance OmniPage 17Nuance PaperPort 12ObjectDock PlusOctoshape add-in for Adobe Flash PlayerODIRON Table of Content SetupOneTouch 4.6OutlookToOneNoteAddInSetupPaint.NET v3.36PaperPort Image Printer 64-bitPDF-XChange 3PhoneClean 2.2.0Picasa 3PidginPressReaderProductContextQ-DirQuicken 2007Quicken 2013QuickTimeRecuvaRename MasterRevo Uninstaller 1.95RICOH R5C83x/84x Media Driver x64 Ver.5.03.03RT 7 Lite (64-Bit)RT 7 Lite x64Sage Timeslips 2011Samsung ML-2855 SeriesSeaTools for WindowsSecurity Update for CAPICOM (KB931906)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition SendtoOneNoteSigmaTel AudioSimpo PDF to Text 2.1.5.0Skype ToolbarsSkype™ 5.10SlingPlayerSmart Defrag 2SmartDraw 2010Snagit 10.0.1Software Update Wizard (Redistributable) 4.5SolutionCenterSplashID iPhone Desktop 5.4SplashID Safe 7.0.9Spybot - Search & DestroyStatusswMSMSyncios version 2.1.3SysTools Outlook PST Viewer 3.0Tansee iPhone Transfer SMS 6.0.0.0TEC-IT TFORMer 6.0TeraCopy 1.22The LaptopLock 0.94Timeslips by Sage 2008ToneSync for WindowsToolboxTouchChip USB Driver 2.6TrayAppTurboTax 2010TurboTax 2010 wcaiperTurboTax 2010 WinPerFedFormsetTurboTax 2010 WinPerReleaseEngineTurboTax 2010 WinPerTaxSupportTurboTax 2010 wrapperTurboTax 2012TurboTax 2012 wcaiperTurboTax 2012 WinPerFedFormsetTurboTax 2012 WinPerReleaseEngineTurboTax 2012 WinPerTaxSupportTurboTax 2012 wrapperUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update ManagerVersaCheck 2002 Home And BusinessWavePad Sound EditorWebRegWebSlingPlayer ActiveXWePrintWIDCOMM Bluetooth Software 6.0.1.3100WinDirStat 1.1.2Windows Media Encoder 9 SeriesWindows Media Player Firefox PluginWinRAR archiverWinX Bluray DVD iPad Ripper 4.5.5WinX iPhone Video Converter 4.0.12Wondershare Dr.Fone for iOS(Build 3.1.0.111)WordPerfect Office X3 - Home Edition Software BundleWordPerfect Office X3 - Home Edition, Task ManagerWordPerfect OfficeReadyWordPerfect® Office X3 - Home EditionX1Xerox DocuMate 252 DriverXnView 1.95.4xplorer² professionalXPS2OneNoteXvid 1.2.2 final uninstallYahoo! Detect.==== Event Viewer Messages From Past Week ========.1/3/2014 9:04:41 AM, Error: Service Control Manager [7023] - The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: The specified module could not be found.1/3/2014 8:30:27 AM, Error: Service Control Manager [7023] - The Secure Socket Tunneling Protocol Service service terminated with the following error: The specified module could not be found.1/3/2014 8:30:27 AM, Error: Service Control Manager [7023] - The Network Location Awareness service terminated with the following error: The specified module could not be found.1/3/2014 8:30:27 AM, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Secure Socket Tunneling Protocol Service service which failed to start because of the following error: The specified module could not be found.1/3/2014 8:30:27 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The specified module could not be found.1/3/2014 8:11:10 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The specified module could not be found.1/3/2014 8:11:10 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007007e'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.1/3/2014 8:07:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}1/3/2014 8:06:06 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WePrint Server service to connect.1/3/2014 8:06:06 AM, Error: Service Control Manager [7000] - The WinFLdrv service failed to start due to the following error: The system cannot find the file specified.1/3/2014 8:06:06 AM, Error: Service Control Manager [7000] - The WePrint Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/3/2014 8:05:22 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470247691/3/2014 8:05:17 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the file specified.1/3/2014 8:05:11 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Neal\ntuser.dat' was corrupted and it has been recovered. Some data might have been lost.1/3/2014 7:01:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.1/3/2014 7:01:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}1/3/2014 7:01:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}1/3/2014 7:01:25 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}1/3/2014 7:01:23 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}1/3/2014 7:01:15 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}1/3/2014 6:59:50 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.1/3/2014 6:59:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.1/3/2014 5:03:02 AM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.1/3/2014 4:21:41 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.1/3/2014 4:09:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff80003081ac5, 0xfffff880090a1930, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010314-49873-01.1/3/2014 4:09:09 AM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.1/3/2014 4:04:19 AM, Error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 3 time(s).1/3/2014 4:01:19 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/3/2014 3:59:54 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/3/2014 3:52:45 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/2/2014 9:46:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}1/2/2014 8:48:00 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.1/2/2014 8:44:48 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.1/2/2014 10:20:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.1/2/2014 10:20:51 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== dds.txt -- log DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.45.2Run by Neal at 8:59:19 on 2014-01-03Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.924 [GMT -5:00].AV: avast! Antivirus *Enabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Enabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\WLTRYSVC.EXEC:\Windows\System32\bcmwltry.exeC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exeC:\Prey\platform\windows\cronsvc.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exeC:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exeC:\Windows\SysWOW64\NLSSRV32.EXEC:\Program Files (x86)\CDBurnerXP\NMSAccessU.exeC:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exeC:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exeC:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\SysWOW64\PSIService.exeC:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exeC:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\SysWOW64\TSSchBkpService.exeC:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exeC:\Windows\SysWOW64\WebUpdateSvc4.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\ProgramData\FLEXnet\Connect\11\ISUSPM.exeC:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Timeslips\TSTimer.exeC:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Users\Neal\AppData\Local\Apps\2.0\A755BWEZ.TCB\ZR85D22V.M4B\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exeC:\Windows\OEM02Mon.exeC:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exeC:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exeC:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exeC:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exeC:\Program Files (x86)\WePrint\WePrint Server.exeC:\Program Files (x86)\Syncios\SynciosDeviceService.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeC:\Program Files (x86)\Stardock\ObjectDock\Dock64.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXEC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Neal\Desktop\HijackThis.exeC:\Program Files (x86)\NEO Pro\NEOPro.exeC:\Windows\SysWOW64\W32MKDE.EXEC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\iTunes\iTunes.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exeC:\Windows\sysWow64\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\Malwarebytes\mbam.exeC:\Windows\system32\igfxsrvc.exeC:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uURLSearchHooks: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dllBHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllBHO: CmjBrowserHelperObject Object: {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dllBHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dllBHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllBHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllTB: avast! EasyPass Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllTB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllTB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dllTB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dllEB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dllEB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dlluRun: [MSGTAG] "C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe" /startupuRun: [iSUSPM Startup] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startupuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunuRun: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduleruRun: [skyDrive] "C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [TSTimer] C:\Program Files (x86)\Timeslips\TSTimer.exeuRun: [gSyncit] C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exeuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ZedgeToneSync] C:\Users\Neal\AppData\Local\Apps\2.0\Data\QLT2KYKJ.HC9\N63NMC0M.HAV\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startupmRun: [OEM02Mon.exe] C:\Windows\OEM02Mon.exemRun: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -startmRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorunmRun: [TheLaptopLock] C:\Program Files (x86)\The LaptopLock\LaptopLock.exe /startupmRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [PPort12reminder] "C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\12\Config\Ereg\Ereg.ini"mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /noguimRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUNmRun: [syncios device service] C:\Program Files (x86)\Syncios\SynciosDeviceService.exemRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exeStartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPHON~1.LNK - C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exeStartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exeStartupFolder: C:\Users\Neal\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WEPRIN~1.LNK - C:\Program Files (x86)\WePrint\WePrint Server.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~2.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INSTAL~1.LNK - C:\Program Files (x86)\Common Files\lpuninstall.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\METROF~1.LNK - C:\Windows\Installer\{34BF0FBD-6D45-4261-B329-678DE3542FFA}\FPStartupIcon.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:0mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableLUA = dword:0mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0mPolicies-System: DisableCAD = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Bring to OneNote - C:\Program Files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201IE: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000IE: LastPass - C:\Users\Neal\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - C:\Users\Neal\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: S&end to OneNote - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll/105IE: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Save to DataVault - C:\Program Files (x86)\DataVault/iemenuext.htmIE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Send To CaseMap - C:\Windows\System32\lnToCM.htmIE: Show avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dllIE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.htmlIE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmTrusted Zone: dell.comTCP: NameServer = 192.168.1.254 192.168.2.1TCP: Interfaces\{DBD55E58-7551-4964-8209-81541F359ED2} : DHCPNameServer = 192.168.1.254 192.168.2.1Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dllHandler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mWinlogon: Userinit = C:\Windows\System32\userinit.exex64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dllx64-BHO: avast! EasyPass Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllx64-BHO: LastPass Vault: {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllx64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dllx64-TB: avast! EasyPass Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-TB: DataVault Bar: {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dllx64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exex64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startupx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dllx64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dllx64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htmx64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>x64-Handler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - www.nbcnews.comFF - plugin: C:\Program Files (x86)\DataVault\npapi.dllFF - plugin: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dllFF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllFF - plugin: C:\Program Files (x86)\LastPass\nplastpass.dllFF - plugin: C:\Program Files (x86)\LastPass\nplastpass64.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dllFF - plugin: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\coralietab@mozdev.org\plugins\npCoralIETab.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllFF - ExtSQL: 2013-11-03 15:28; jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack; C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\jid0-5R3LLpyrG0a1kPDXAA8ZKmM0bgM@jetpack.xpiFF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; C:\Program Files (x86)\DataVault\firefox.---- FIREFOX POLICIES ----FF - user.js: browser.cache.memory.capacity - 65536FF - user.js: browser.chrome.favicons - falesFF - user.js: browser.display.show_image_placeholders - trueFF - user.js: browser.turbo.enabled - trueFF - user.js: browser.urlbar.autocomplete.enabled - trueFF - user.js: browser.urlbar.autofill - trueFF - user.js: content.interrupt.parsing - trueFF - user.js: content.max.tokenizing.time - 2250000FF - user.js: content.notify.backoffcount - 5FF - user.js: content.notify.interval - 750000FF - user.js: content.notify.ontimer - trueFF - user.js: content.switch.threshold - 750000FF - user.js: network.http.max-connections - 48FF - user.js: network.http.max-connections-per-server - 16FF - user.js: network.http.max-persistent-connections-per-proxy - 16FF - user.js: network.http.max-persistent-connections-per-server - 8FF - user.js: network.http.pipelining - trueFF - user.js: network.http.pipelining.firstrequest - trueFF - user.js: network.http.pipelining.maxrequests - 8FF - user.js: network.http.proxy.pipelining - trueFF - user.js: network.http.request.max-start-delay - 0FF - user.js: nglayout.initialpaint.delay - 0FF - user.js: plugin.expose_full_path - trueFF - user.js: ui.submenuDelay - 0.============= SERVICES / DRIVERS ===============.R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-8 204880]R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-8-4 137312]R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2013-12-29 17720]R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-8-4 211552]R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-8-5 146528]R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-12-28 26176]R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-10-26 1030952]R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-10-26 378944]R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2011-12-28 4161512]R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [2010-9-21 86016]R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-8-5 3459024]R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-10-26 33400]R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-10-26 80816]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-12 46808]R2 BRA_Scheduler;Brother BRAdminPro Scheduler;C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [2012-12-5 65536]R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2011-1-28 32336]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2011-3-21 341312]R2 nlsX86cc;NLS Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-1-31 68928]R2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2009-8-27 144672]R2 PenCommService;Livescribe Pulse Smartpen Service;C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [2011-10-27 470528]R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-12-2 11576]R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-8-5 367200]R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2011-12-28 70960]S3 cleanhlp;cleanhlp;C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [2013-10-20 57024]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-9-22 16776]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-9-22 9096]S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-9-30 17920]S3 PulseUsb;Livescribe Smartpen USB Driver;C:\Windows\System32\drivers\PulseUsb.sys [2010-10-18 26112]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-15 19456]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-15 57856].=============== File Associations ===============.FileExt: .reg: regfile=regedit.exe "%1" [userChoice]FileExt: .txt: textfile="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]FileExt: .inf: inffile=C:\Windows\System32\NOTEPAD.EXE %1 [userChoice].=============== Created Last 30 ================.2014-01-03 12:38:53 -------- d-----w- C:\Windows\System32\RT 7 Lite2014-01-03 12:38:48 -------- d-----w- C:\Program Files\Rockers Team2014-01-03 11:52:46 -------- d-----w- C:\ProgramData\HitmanPro2014-01-03 01:10:56 -------- d-----w- C:\Program Files (x86)\Advanced Fix 20132014-01-02 20:37:59 271256 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2014-01-02 07:23:37 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll2014-01-02 01:40:09 -------- d-----w- C:\Users\Neal\AppData\Roaming\Ascendo2014-01-02 01:33:42 -------- d-----w- C:\Program Files (x86)\DataVault2014-01-02 00:38:21 -------- d-----w- C:\Users\Neal\AppData\Local\PasswordSafe2013-12-31 13:45:16 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll2013-12-29 08:41:45 32600 ----a-w- C:\Windows\System32\SmartDefragBootTime.exe2013-12-29 08:40:44 17720 ----a-w- C:\Windows\System32\drivers\SmartDefragDriver.sys2013-12-27 17:48:02 -------- d-----w- C:\MATS2013-12-12 08:09:11 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2013-12-12 08:09:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2013-12-12 08:09:08 12625920 ----a-w- C:\Windows\System32\wmploc.DLL2013-12-12 08:09:07 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL2013-12-12 04:37:44 335360 ----a-w- C:\Windows\System32\msieftp.dll2013-12-08 03:13:35 -------- d-----w- C:\Users\Neal\AppData\Local\mSeven_Software.==================== Find3M ====================.2014-01-03 13:45:19 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat2013-12-31 19:09:26 900 --sha-w- C:\Windows\SysWow64\KGyGaAvL.sys2013-12-10 22:35:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 22:35:22 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe2013-11-13 18:05:36 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2013-11-11 12:52:26 12767232 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-10-25 06:19:22 2241536 ----a-w- C:\Windows\System32\wininet.dll2013-10-25 06:17:57 3959808 ----a-w- C:\Windows\System32\jscript9.dll2013-10-25 06:17:52 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-10-25 06:17:52 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-10-25 04:45:11 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-10-25 04:43:42 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-10-25 04:43:38 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-10-25 04:43:38 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-10-25 04:07:48 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-10-25 03:41:01 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-10-25 03:17:49 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-10-25 02:49:34 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll2013-10-13 15:56:58 565827 ----a-w- C:\ProgramData\sqlite3.dll2013-10-13 15:56:57 217088 ----a-w- C:\ProgramData\SDPlatformMgr.dll2013-10-13 15:56:55 8972440 ----a-w- C:\ProgramData\SplashID%20Safe.exe2013-10-12 02:32:04 150016 ----a-w- C:\Windows\System32\wshom.ocx2013-10-12 02:31:04 202752 ----a-w- C:\Windows\System32\scrrun.dll2013-10-12 02:30:42 830464 ----a-w- C:\Windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL2013-10-12 02:04:36 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx2013-10-12 02:03:31 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll2013-10-12 02:03:08 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL2013-10-12 01:33:39 156160 ----a-w- C:\Windows\System32\cscript.exe2013-10-12 01:33:26 168960 ----a-w- C:\Windows\System32\wscript.exe2013-10-12 01:15:48 141824 ----a-w- C:\Windows\SysWow64\wscript.exe2013-10-12 01:15:48 126976 ----a-w- C:\Windows\SysWow64\cscript.exe2013-10-08 12:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll.============= FINISH: 9:04:51.39 =============== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 6, 2014 Staff ID:774398 Share Posted January 6, 2014 Hello kinetix12 I would like to welcome you to the Malware Removal section of the forum. Around here they call me Gringo and I will be glad to help you with your malware problems. Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster. NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer. NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions. These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool- Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running. Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 7, 2014 Author ID:774658 Share Posted January 7, 2014 Gringo -- I appreciate the help. I have posted the requested logs below. I ran adwcleaner this morning and post the log from that run as well. I will not run any others independently. I note that I did not receive notification of your email even though I had previously marked the post to receive instant notification. I have checked my email and there was no notice in my inbox, spam, junk or anywhere else. I will continue to check back. The symptoms continue -- the USB safe eject does not work, and the window that pops up is corrupted too. Thanks, kinetix12 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.9 (01.01.2014:1)OS: Windows 7 Professional x64Ran by Neal on Mon 01/06/2014 at 19:40:47.41~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441179} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Windows\freecorder" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 01/06/2014 at 20:00:16.09End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I ran adwcleaner earlier today and post both logs below so you can see them both. Needless to say, as you are now assisting, I will refrain from anything further independently. Thanks, # AdwCleaner v3.016 - Report created 06/01/2014 at 10:55:05# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Neal - NEAL-PC# Running from : C:\Users\Neal\AppData\Local\Temp\dlmCCBF.tmp\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AskFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\NCH SoftwareFolder Deleted : C:\Program Files (x86)\registry mechanicFolder Deleted : C:\Program Files (x86)\Common Files\Software Update UtilityFolder Deleted : C:\Users\Neal\AppData\Local\PackageAware[x] Not Deleted : C:\Users\Neal\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Neal\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Neal\AppData\Roaming\thinstallFolder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\ConduitFolder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\ConduitEngineFolder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\CT1060933Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.deFolder Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\Extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}File Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\Extensions\wtxpcom@mybrowserbar.comFile Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\invalidprefs.jsFile Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\searchplugins\Askcom.xmlFile Deleted : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [lesstabs@lesstabs.com]Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXEKey Deleted : HKLM\SOFTWARE\Classes\Conduit.EngineKey Deleted : HKLM\SOFTWARE\Classes\dnUpdateKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowserKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControllerKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Giant Savings_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Tansee iPhone Transfer SMS_is1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wavepad_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_wavepad_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKCU\Software\Ask&RecordKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\FLEXnetKey Deleted : HKCU\Software\NCH SoftwareKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\NCH SoftwareKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ] Line Deleted : user_pref("CT1060933.1000082.isPlayDisplay", "true");Line Deleted : user_pref("CT1060933.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.FirstTime", "true");Line Deleted : user_pref("CT1060933.FirstTimeFF3", "true");Line Deleted : user_pref("CT1060933.LoginRevertSettingsEnabled", true);Line Deleted : user_pref("CT1060933.RevertSettingsEnabled", false);Line Deleted : user_pref("CT1060933.UserID", "UN33119168512001660");Line Deleted : user_pref("CT1060933.addressBarTakeOverEnabledInHidden", "true");Line Deleted : user_pref("CT1060933.autoDisableScopes", 10);Line Deleted : user_pref("CT1060933.cbcountry_001", "US");Line Deleted : user_pref("CT1060933.cbfirsttime", "Wed Jul 18 2012 08:03:08 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CT1060933.defaultSearch", "false");Line Deleted : user_pref("CT1060933.embeddedsData", "[{\"appId\":\"128280995260143876\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]Line Deleted : user_pref("CT1060933.enableAlerts", "false");Line Deleted : user_pref("CT1060933.enableFix404ByUser", "TRUE");Line Deleted : user_pref("CT1060933.enableSearchFromAddressBar", "true");Line Deleted : user_pref("CT1060933.firstTimeDialogOpened", "true");Line Deleted : user_pref("CT1060933.fixPageNotFoundError", "true");Line Deleted : user_pref("CT1060933.fixPageNotFoundErrorByUser", "true");Line Deleted : user_pref("CT1060933.fixPageNotFoundErrorInHidden", "true");Line Deleted : user_pref("CT1060933.fixUrls", true);Line Deleted : user_pref("CT1060933.installId", "ConduitNSISIntegration");Line Deleted : user_pref("CT1060933.installType", "ConduitNSISIntegration");Line Deleted : user_pref("CT1060933.isCheckedStartAsHidden", true);Line Deleted : user_pref("CT1060933.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.isFirstTimeToolbarLoading", "false");Line Deleted : user_pref("CT1060933.isNewTabEnabled", true);Line Deleted : user_pref("CT1060933.isPerformedSmartBarTransition", "true");Line Deleted : user_pref("CT1060933.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");Line Deleted : user_pref("CT1060933.lastVersion", "10.15.0.562");Line Deleted : user_pref("CT1060933.migrateAppsAndComponents", true);Line Deleted : user_pref("CT1060933.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.fieldstonsoftware.com%2Fsoftware%2Fgsyncit3%2Fdownload.shtml\",\"EB_MAIN_FRAME_TITLE\":\[...]Line Deleted : user_pref("CT1060933.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.openThankYouPage", "false");Line Deleted : user_pref("CT1060933.openUninstallPage", "true");Line Deleted : user_pref("CT1060933.search.searchAppId", "128280995260143876");Line Deleted : user_pref("CT1060933.search.searchCount", "0");Line Deleted : user_pref("CT1060933.searchInNewTabEnabledByUser", "true");Line Deleted : user_pref("CT1060933.searchInNewTabEnabledInHidden", "true");Line Deleted : user_pref("CT1060933.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT1060933\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freecorder\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");Line Deleted : user_pref("CT1060933.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");Line Deleted : user_pref("CT1060933.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1342497970188");Line Deleted : user_pref("CT1060933.serviceLayer_services_appTracking_lastUpdate", "1342497972652");Line Deleted : user_pref("CT1060933.serviceLayer_services_appsMetadata_lastUpdate", "1342526581236");Line Deleted : user_pref("CT1060933.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1342497971668");Line Deleted : user_pref("CT1060933.serviceLayer_services_location_lastUpdate", "1366670110679");Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.10.20.14_lastUpdate", "1343059324255");Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358785835659");Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.40.128_lastUpdate", "1362603425098");Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364159971333");Line Deleted : user_pref("CT1060933.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366670109875");Line Deleted : user_pref("CT1060933.serviceLayer_services_optimizer_lastUpdate", "1342526585816");Line Deleted : user_pref("CT1060933.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1342497971619");Line Deleted : user_pref("CT1060933.serviceLayer_services_searchAPI_lastUpdate", "1342497969008");Line Deleted : user_pref("CT1060933.serviceLayer_services_serviceMap_lastUpdate", "1366670109458");Line Deleted : user_pref("CT1060933.serviceLayer_services_toolbarContextMenu_lastUpdate", "1342497970827");Line Deleted : user_pref("CT1060933.serviceLayer_services_toolbarSettings_lastUpdate", "1366670109670");Line Deleted : user_pref("CT1060933.serviceLayer_services_translation_lastUpdate", "1366670109859");Line Deleted : user_pref("CT1060933.settingsINI", true);Line Deleted : user_pref("CT1060933.shouldFirstTimeDialog", "false");Line Deleted : user_pref("CT1060933.showToolbarPermission", "false");Line Deleted : user_pref("CT1060933.smartbar.CTID", "CT1060933");Line Deleted : user_pref("CT1060933.smartbar.Uninstall", "0");Line Deleted : user_pref("CT1060933.smartbar.isHidden", true);Line Deleted : user_pref("CT1060933.smartbar.toolbarName", "Freecorder ");Line Deleted : user_pref("CT1060933.startPage", "userChanged");Line Deleted : user_pref("CT1060933.toolbarBornServerTime", "17-7-2012");Line Deleted : user_pref("CT1060933.toolbarCurrentServerTime", "23-4-2013");Line Deleted : user_pref("CT1060933.toolbarDisabled", "true");Line Deleted : user_pref("CT1060933.toolbarLoginClientTime", "Sun Mar 24 2013 18:56:07 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CT1060933.upgradeFromClearSBVersion", true);Line Deleted : user_pref("CT1060933_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1366669987443,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");Line Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");Line Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");Line Deleted : user_pref("CommunityToolbar.IsEngineShown", false);Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine");Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Jun 29 2011 07:43:51 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Mon Jul 18 2011 14:51:05 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Aug 11 2011 08:03:30 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);Line Deleted : user_pref("CommunityToolbar.alert.userId", "{880b6070-cc2b-470e-9c04-a2d09e505ff1}");Line Deleted : user_pref("CommunityToolbar.globalUserId", "5f4ad80d-7256-4d52-9b65-071fee2e25ea");Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jul 01 2012 20:24:25 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jul 01 2012 20:24:33 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jul 01 2012 20:24:25 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);Line Deleted : user_pref("CommunityToolbar.notifications.userId", "1157cb4b-9016-4769-bcae-8008ce5c9da2");Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Tue Jul 12 2011 16:38:16 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.FirstServerDate", "03/26/2011 17");Line Deleted : user_pref("ConduitEngine.FirstTime", true);Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);Line Deleted : user_pref("ConduitEngine.Initialize", true);Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Mar 26 2011 10:55:43 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Mar 26 2011 10:55:42 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.UserID", "UN28985429268335630");Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Mar 26 2011 10:55:44 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Mar 26 2011 15:50:58 GMT-0400 (Eastern Daylight Time)");Line Deleted : user_pref("ConduitEngine.initDone", true);Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);Line Deleted : user_pref("ConduitEngine.usagesFlag", 2);Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");Line Deleted : user_pref("browser.search.order.1", "Ask.com"); [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]AdwCleaner[s0].txt - [26448 octets] - [06/01/2014 10:55:05] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [26509 octets] ########## # AdwCleaner v3.016 - Report created 06/01/2014 at 19:33:58# Updated 23/12/2013 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Neal - NEAL-PC# Running from : C:\Users\Neal\AppData\Local\Temp\dlm11A0.tmp\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Neal\AppData\LocalLow\Conduit ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\FLEXnet ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]AdwCleaner[s1].txt - [2235 octets] - [06/01/2014 19:33:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [2295 octets] ########## Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 9, 2014 Staff ID:775895 Share Posted January 9, 2014 Hello kinetix12 I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 10, 2014 Author ID:775918 Share Posted January 10, 2014 Gringo -- I ran combofix with the following observations1. i noted a reference to a problem with sbeserver.exe and a repair; I saw that issue before and a supposed repair.2. there was an error message -- Cannot export APISvc:Error writing the file. There may be a disk or file system error. I pressed "OK" and the window disappeared.3. I did not realize I has Windows defender enabled when I ran the combofix; please let me know if I need to re-run.The log file follows: Thanks,, Kinetix12 ComboFix 14-01-08.03 - Neal 01/09/2014 18:39:54.2.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.2114 [GMT -5:00]Running from: m:\download\ComboFix.exeAV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Neal\AppData\Local\assembly\tmp.---- Previous Run -------.c:\programdata\SplashID.icoc:\programdata\sqlite3.dllc:\users\Neal\AppData\Local\Temp\IntResource.dllc:\users\Neal\AppData\Roaming\inst.exec:\windows\Installer\{34BF0FBD-6D45-4261-B329-678DE3542FFA}\FPStartupIcon.exec:\windows\iun6002.exec:\windows\neoqaz2.dllc:\windows\SysWow64\DEBUG.logc:\windows\SysWow64\regobj.dllM:\install.exe.-- Previous Run --.Infected copy of c:\windows\ehome\CreateDisc\SBEServer.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.1.7600.16385_none_7906f8e872eb5483\SBEServer.exe .--------..((((((((((((((((((((((((( Files Created from 2013-12-09 to 2014-01-09 )))))))))))))))))))))))))))))))..2014-01-09 23:55 . 2014-01-09 23:55 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-01-09 23:55 . 2014-01-09 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-07 00:40 . 2014-01-07 00:40 -------- d-----w- c:\windows\ERUNT2014-01-06 21:06 . 2014-01-06 21:06 -------- d-----w- C:\found.0022014-01-06 15:49 . 2014-01-07 00:34 -------- d-----w- C:\AdwCleaner2014-01-06 01:01 . 2011-11-17 05:35 314880 ----a-w- C:\webio.dll2014-01-04 16:26 . 2014-01-04 16:26 -------- d-----w- c:\users\Neal\AppData\Roaming\Agile Web Solutions2014-01-04 16:26 . 2013-08-15 20:50 1769984 ----a-w- c:\windows\SysWow64\ChilkatCert.dll2014-01-04 16:26 . 2013-08-15 20:49 2403328 ----a-w- c:\windows\SysWow64\ChilkatSocket.dll2014-01-04 16:26 . 2013-01-10 15:23 1580784 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll2014-01-04 16:26 . 2012-08-06 22:39 2416640 ----a-w- c:\windows\SysWow64\ChilkatZip2.dll2014-01-04 16:26 . 2014-01-05 01:24 -------- d-----w- c:\program files (x86)\1Password2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files\Common Files\SPBA2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files (x86)\Common Files\SPBA2014-01-04 07:09 . 2014-01-05 02:33 -------- d-----w- c:\program files\Protector Suite2014-01-04 01:49 . 2014-01-04 01:49 -------- d-----w- c:\program files (x86)\Dashlane2014-01-04 01:47 . 2014-01-04 01:47 -------- d-----w- c:\users\Neal\AppData\Local\Packages2014-01-03 21:42 . 2014-01-03 21:42 -------- d-----w- c:\users\Neal\AppData\Roaming\Tools2014-01-03 13:26 . 2014-01-03 13:26 -------- d-----w- c:\program files\HijackThis2014-01-03 11:52 . 2014-01-03 11:52 -------- d-----w- c:\programdata\HitmanPro2014-01-03 01:10 . 2014-01-05 22:50 -------- d-----w- c:\program files (x86)\Advanced Fix 20132014-01-02 07:23 . 2014-01-05 08:25 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll2014-01-02 01:40 . 2014-01-02 01:40 -------- d-----w- c:\users\Neal\AppData\Roaming\Ascendo2014-01-02 01:33 . 2014-01-02 01:33 -------- d-----w- c:\program files (x86)\DataVault2014-01-02 00:38 . 2014-01-02 01:31 -------- d-----w- c:\users\Neal\AppData\Local\PasswordSafe2013-12-31 13:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll2013-12-29 08:41 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-12-29 08:40 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- C:\MATS2013-12-12 08:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-12 08:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-12 08:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-12 08:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-12 08:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-12 04:37 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-09 23:38 . 2012-10-24 15:41 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat2013-12-10 22:35 . 2013-07-18 03:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 22:35 . 2013-07-18 03:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-01 19:42 . 2010-09-23 19:20 90708896 ----a-w- c:\windows\system32\MRT.exe2013-11-19 08:33 . 2010-09-22 00:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-13 18:05 . 2010-09-22 02:45 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe2013-11-11 12:52 . 2013-11-11 12:52 12767232 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe2013-10-13 15:56 . 2013-08-15 22:07 217088 ----a-w- c:\programdata\SDPlatformMgr.dll2013-10-13 15:56 . 2013-08-15 22:07 8972440 ----a-w- c:\programdata\SplashID%20Safe.exe2013-10-12 02:30 . 2013-11-13 20:57 830464 ----a-w- c:\windows\system32\nshwfp.dll2013-10-12 02:29 . 2013-11-13 20:57 859648 ----a-w- c:\windows\system32\IKEEXT.DLL2013-10-12 02:29 . 2013-11-13 20:57 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL2013-10-12 02:03 . 2013-11-13 20:57 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll2013-10-12 02:01 . 2013-11-13 20:57 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]"SkyDrive"="c:\users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2013-12-28 167424]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056].c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer5"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]S2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 18:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35].2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-07 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Send To CaseMap - c:\windows\system32\lnToCM.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.254 192.168.2.1FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - www.nbcnews.comFF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefoxFF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi.- - - - ORPHANS REMOVED - - - -.URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)ShellIconOverlayIdentifiers- - (no file)ShellIconOverlayIdentifiers- - (no file)ShellIconOverlayIdentifiers- - (no file)AddRemove-asterisk key - e:\passware\un-ariskkey.exeAddRemove-FastStone Image Viewer - e:\faststone image viewer\uninst.exeAddRemove-Simpo PDF to Text_is1 - e:\simpo pdf to text\unins000.exeAddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exeAddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exeAddRemove-{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1 - c:\program files (x86)\iMobie\PhoneClean\unins000.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]"ImagePath"="system32\DRIVERS\vwifibus.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]"ImagePath"="system32\DRIVERS\vwififlt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]"ImagePath"="system32\DRIVERS\vwifimp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]"ServiceDll"="%systemroot%\system32\w32time.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WBA_Agent_Client]"ImagePath"="c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]"ImagePath"="\"%systemroot%\system32\wbengine.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]"ImagePath"="system32\drivers\Wdf01000.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]"ServiceDll"="%SystemRoot%\System32\webclnt.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebUpdate4]"ImagePath"="c:\windows\SysWOW64\WebUpdateSvc4.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]"ServiceDll"="%SystemRoot%\system32\wecsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WePrint]"ImagePath"="c:\program files (x86)\WePrint\WePrint Server.exe -s".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]"ServiceDll"="%SystemRoot%\System32\WerSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]"ImagePath"="system32\DRIVERS\wfplwf.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]"ImagePath"="system32\drivers\wimmount.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinFLdrv]"ImagePath"="SysWOW64\WinFLdrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]"ServiceDll"="winhttp.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUSB]"ImagePath"="system32\DRIVERS\WinUSB.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinVd32]"ImagePath"="\??\c:\windows\WinVd32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]"ServiceDll"="%SystemRoot%\System32\wlansvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]"ImagePath"="%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]"ImagePath"="system32\DRIVERS\WSDPrint.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]"ServiceDll"="%systemroot%\system32\wuaueng.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]"ImagePath"="system32\drivers\WudfPf.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]"ImagePath"="system32\DRIVERS\WUDFRd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]"ServiceDll"="%SystemRoot%\System32\wwansvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{2071812E-67B2-4BFF-B953-19A28561A1BC}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{41C0BAC8-4EAD-4DC3-B7B4-2EC6CC23D861}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6D4E804F-CD0B-40EA-821F-671EB6C5CF17}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7A813562-D451-4DEC-8345-B4F7A5B6FE47}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{90EB6286-19F2-46F6-AA36-D226A2BE9FA8}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D2914755-4D74-4C4F-B1D6-57B451B4E90E}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{DBD55E58-7551-4964-8209-81541F359ED2}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{EF442AFD-A2E9-47E4-A2A1-B97AB316F615}].--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3564563494-913306411-1808835572-1000\Software\Brother\ControlCenter\3.0\MFC-8870DW LAN\Tabs\0000\Button3\HardB*n\BtnAction]"FoldeáPopup"=dword:00004301"DestFolder"="c:\\Users\\Nea?\\Pi?tures\\ControlCe?ter?\\Scan""PrefixFileName"="CCF".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-09 19:00:28ComboFix-quarantined-files.txt 2014-01-10 00:00.Pre-Run: 34,471,890,944 bytes freePost-Run: 34,565,947,392 bytes free.- - End Of File - - 0B6492D524313771AC26539AB871CC01A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 10, 2014 Staff ID:776195 Share Posted January 10, 2014 Hello kinetix12 At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.:Run CFScript:Please start by opening Notepad and copy/paste the text in the box into the window:ClearJavaCache:: Save it to your desktop as CFScript.txtReferring to the picture above, drag CFScript.txt into ComboFix.exeThis will let ComboFix run again.Restart if you have to.Save the produced logfile to your desktop.Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingreport from Combofixlet me know of any problems you may have hadHow is the computer doing now after running the script?Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 10, 2014 Author ID:776252 Share Posted January 10, 2014 Gringo --Thanks; the log file follows. The computer appears to function but I have the following comments.1. When I ran combofix, I received the following error message -- Cannot export APISvc: Error writing the file. There may be a disk or file system error. This is the same error message received previously.2. The network icon in the system trays still shows a turning bright dot instead of the normal green stair step indicator of a network connection; there is a note when the mouse hovers over the icon of limited connectivity but I think I actually have complete connectivity;3. when I rebooted, I receive an error message for the program "eraser" (a file deletion program) and fences2 (a Stardock program) when they load as a part of the startup sequence. The error message continues to reflect that there is a webio.dll error and the error message warns that the program cannot start as that file is missing. In fact, both programs work fine. The fingerprint reader program (Upek Protector Syite) still tried to load but can't -- there continues to be an error message about an object reference being missing. Previously I removed and reinstalled that program with no change but In all other respects the computer seems to be working. the log follows: ComboFix 14-01-08.03 - Neal 01/10/2014 13:52:13.3.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.1922 [GMT -5:00]Running from: m:\download\ComboFix.exeCommand switches used :: c:\users\Neal\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Neal\AppData\Local\assembly\tmp..((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))..2014-01-10 19:05 . 2014-01-10 19:05 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-01-10 19:05 . 2014-01-10 19:05 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-07 00:40 . 2014-01-07 00:40 -------- d-----w- c:\windows\ERUNT2014-01-06 21:06 . 2014-01-06 21:06 -------- d-----w- C:\found.0022014-01-06 15:49 . 2014-01-07 00:34 -------- d-----w- C:\AdwCleaner2014-01-06 01:01 . 2011-11-17 05:35 314880 ----a-w- C:\webio.dll2014-01-04 16:26 . 2014-01-04 16:26 -------- d-----w- c:\users\Neal\AppData\Roaming\Agile Web Solutions2014-01-04 16:26 . 2013-08-15 20:50 1769984 ----a-w- c:\windows\SysWow64\ChilkatCert.dll2014-01-04 16:26 . 2013-08-15 20:49 2403328 ----a-w- c:\windows\SysWow64\ChilkatSocket.dll2014-01-04 16:26 . 2013-01-10 15:23 1580784 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll2014-01-04 16:26 . 2012-08-06 22:39 2416640 ----a-w- c:\windows\SysWow64\ChilkatZip2.dll2014-01-04 16:26 . 2014-01-05 01:24 -------- d-----w- c:\program files (x86)\1Password2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files\Common Files\SPBA2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files (x86)\Common Files\SPBA2014-01-04 07:09 . 2014-01-05 02:33 -------- d-----w- c:\program files\Protector Suite2014-01-04 01:49 . 2014-01-04 01:49 -------- d-----w- c:\program files (x86)\Dashlane2014-01-04 01:47 . 2014-01-04 01:47 -------- d-----w- c:\users\Neal\AppData\Local\Packages2014-01-03 21:42 . 2014-01-03 21:42 -------- d-----w- c:\users\Neal\AppData\Roaming\Tools2014-01-03 13:26 . 2014-01-03 13:26 -------- d-----w- c:\program files\HijackThis2014-01-03 11:52 . 2014-01-03 11:52 -------- d-----w- c:\programdata\HitmanPro2014-01-03 01:10 . 2014-01-05 22:50 -------- d-----w- c:\program files (x86)\Advanced Fix 20132014-01-02 07:23 . 2014-01-10 11:36 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\offreg.dll2014-01-02 01:40 . 2014-01-02 01:40 -------- d-----w- c:\users\Neal\AppData\Roaming\Ascendo2014-01-02 01:33 . 2014-01-02 01:33 -------- d-----w- c:\program files (x86)\DataVault2014-01-02 00:38 . 2014-01-02 01:31 -------- d-----w- c:\users\Neal\AppData\Local\PasswordSafe2013-12-31 13:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DD8D408D-C3B0-4F13-97DC-179941C4A4E8}\mpengine.dll2013-12-29 08:41 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-12-29 08:40 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- C:\MATS2013-12-12 08:09 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe2013-12-12 08:09 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe2013-12-12 08:09 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL2013-12-12 08:09 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL2013-12-12 08:09 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll2013-12-12 04:37 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-10 18:56 . 2012-10-24 15:41 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat2013-12-10 22:35 . 2013-07-18 03:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 22:35 . 2013-07-18 03:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-01 19:42 . 2010-09-23 19:20 90708896 ----a-w- c:\windows\system32\MRT.exe2013-11-19 08:33 . 2010-09-22 00:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-13 18:05 . 2010-09-22 02:45 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe2013-11-11 12:52 . 2013-11-11 12:52 12767232 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe2013-10-13 15:56 . 2013-08-15 22:07 217088 ----a-w- c:\programdata\SDPlatformMgr.dll2013-10-13 15:56 . 2013-08-15 22:07 8972440 ----a-w- c:\programdata\SplashID%20Safe.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-08-14 15:03 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]"SkyDrive"="c:\users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2013-12-28 167424]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056].c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-12-17 30714312]Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer5"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]S2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-12-05 18:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35].2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-10 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2013-08-14 15:03 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-05 980368]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Customize Menu - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: LastPass - file://c:\users\Neal\AppData\LocalLow\LastPass\context.html?cmd=lastpassIE: LastPass Fill Forms - file://c:\users\Neal\AppData\LocalLow\LastPass\context.html?cmd=fillformsIE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105IE: Save Forms - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.htmlIE: Save to DataVault - file://c:\program files (x86)\DataVault/iemenuext.htmIE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Send To CaseMap - c:\windows\system32\lnToCM.htmIE: Show avast! EasyPass Toolbar - file://c:\program files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.254 192.168.2.1FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - www.nbcnews.comFF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefoxFF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi.- - - - ORPHANS REMOVED - - - -.ShellIconOverlayIdentifiers- - (no file)ShellIconOverlayIdentifiers- - (no file)ShellIconOverlayIdentifiers- - (no file)AddRemove-asterisk key - e:\passware\un-ariskkey.exeAddRemove-FastStone Image Viewer - e:\faststone image viewer\uninst.exeAddRemove-Simpo PDF to Text_is1 - e:\simpo pdf to text\unins000.exeAddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exeAddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exeAddRemove-{E980ED1F-AOF8-PF7E-B174-59POS2BOIUVB}}_is1 - c:\program files (x86)\iMobie\PhoneClean\unins000.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]"ImagePath"="system32\DRIVERS\vwifibus.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]"ImagePath"="system32\DRIVERS\vwififlt.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]"ImagePath"="system32\DRIVERS\vwifimp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]"ServiceDll"="%systemroot%\system32\w32time.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]"ImagePath"="system32\DRIVERS\wanarp.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatAdminSvc]"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WBA_Agent_Client]"ImagePath"="c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]"ImagePath"="\"%systemroot%\system32\wbengine.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]"ImagePath"="system32\drivers\Wdf01000.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]"ServiceDll"="%SystemRoot%\system32\wdi.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]"ServiceDll"="%SystemRoot%\System32\webclnt.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebUpdate4]"ImagePath"="c:\windows\SysWOW64\WebUpdateSvc4.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]"ServiceDll"="%SystemRoot%\system32\wecsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WePrint]"ImagePath"="c:\program files (x86)\WePrint\WePrint Server.exe -s".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]"ServiceDll"="%SystemRoot%\System32\WerSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]"ImagePath"="system32\DRIVERS\wfplwf.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]"ImagePath"="system32\drivers\wimmount.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinFLdrv]"ImagePath"="SysWOW64\WinFLdrv.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]"ServiceDll"="winhttp.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinUSB]"ImagePath"="system32\DRIVERS\WinUSB.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinVd32]"ImagePath"="\??\c:\windows\WinVd32.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]"ServiceDll"="%SystemRoot%\System32\wlansvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wltrysvc]"ImagePath"="%SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\"".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ws2ifsl]"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSDPrintDevice]"ImagePath"="system32\DRIVERS\WSDPrint.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]"ServiceDll"="%systemroot%\system32\wuaueng.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]"ImagePath"="system32\drivers\WudfPf.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]"ImagePath"="system32\DRIVERS\WUDFRd.sys".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]"ServiceDll"="%SystemRoot%\System32\wwansvc.dll".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{2071812E-67B2-4BFF-B953-19A28561A1BC}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{41C0BAC8-4EAD-4DC3-B7B4-2EC6CC23D861}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{6D4E804F-CD0B-40EA-821F-671EB6C5CF17}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7A813562-D451-4DEC-8345-B4F7A5B6FE47}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{90EB6286-19F2-46F6-AA36-D226A2BE9FA8}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{D2914755-4D74-4C4F-B1D6-57B451B4E90E}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{DBD55E58-7551-4964-8209-81541F359ED2}].[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{EF442AFD-A2E9-47E4-A2A1-B97AB316F615}].--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\S-1-5-21-3564563494-913306411-1808835572-1000\Software\Brother\ControlCenter\3.0\MFC-8870DW LAN\Tabs\0000\Button3\HardB*n\BtnAction]"FoldeáPopup"=dword:00004301"DestFolder"="c:\\Users\\Nea?\\Pi?tures\\ControlCe?ter?\\Scan""PrefixFileName"="CCF".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-01-10 14:10:09ComboFix-quarantined-files.txt 2014-01-10 19:10ComboFix2.txt 2014-01-10 00:00.Pre-Run: 33,614,520,320 bytes freePost-Run: 34,527,744,000 bytes free.- - End Of File - - 38B5DF326D12DFA0F6E1C82EB3CD88A8A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 11, 2014 Staff ID:776394 Share Posted January 11, 2014 Hello kinetix12 Those do not sound like they would be caused by malwarer Malwarebytes Anti-Rootkit 1.Download Malwarebytes Anti-Rootkit 2.Unzip the contents to a folder in a convenient location. 3.Open the folder where the contents were unzipped and run mbar.exe 4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats. 5.Click on the Cleanup button to remove any threats and reboot if prompted to do so. 6.Wait while the system shuts down and the cleanup process is performed. 7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. 8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:•Internet access •Windows Update •Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot. 10.Verify that your system is now functioning normally. --RogueKiller-- Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started.Please disconnect any external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.the scan will make two reports the one I would like to see is called RKreport[2].txt on your DesktopExit/Close RogueKiller+send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time. Gringo When you are complete please send me both reports Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 11, 2014 Author ID:776452 Share Posted January 11, 2014 Gringo -- I ran mbar, which reported that no malware found -- report follows -- I did not re-run the program as it appeared there was no need. Rogue killer would not run, at all, even as an administrator. I received the following message: "Program can't start because webio.dll is missing from your computer. Try reinstalling the program to fix the problem." I happen to know that file is present. I obtained a clean copy of the file from an old backup (6+ months ago) and copied it into the c:\windows\syswow64 directory where the original is located. SFC/Scannow is the preferred approach to reinstall that file. It would not work.--- sfc/scannow stopped after 61% with an error message telling me I had corrupted files and it could not complete the process. I rebooted in safe mode and copied the dll file in, rebooted but still get the error message. I thought the issue might be the need to re-register the dll file in the registry using regsvr but I could not get a clear idea of how to re-register the file. I did try one approach and it failed. Here is the mbar log file -- ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16750 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, M:\ DRIVE_FIXEDCPU speed: 1.995000 GHzMemory total: 4284526592, free: 2388701184 Downloaded database version: v2014.01.10.10Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 01/10/2014 19:48:08------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\system32\DRIVERS\vsflt67.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\drivers\intelide.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\vmbus.sys\SystemRoot\system32\drivers\winhv.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\DRIVERS\vididr.sys\SystemRoot\system32\DRIVERS\timntr.sys\SystemRoot\system32\drivers\vmstorfl.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\tdrpman.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\system32\DRIVERS\snapman.sys\SystemRoot\System32\Drivers\SmartDefragDriver.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\system32\DRIVERS\fltsrv.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\System32\Drivers\aswVmm.sys\SystemRoot\System32\Drivers\aswRvrt.sys\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\aswSnx.SYS\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\Drivers\aswTdi.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\Drivers\aswrdr2.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\system32\drivers\csc.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\System32\Drivers\aswSP.SYS\??\C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\usbuhci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\bcmwl664.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\drivers\1394ohci.sys\SystemRoot\system32\drivers\sdbus.sys\SystemRoot\system32\DRIVERS\rimmpx64.sys\SystemRoot\system32\DRIVERS\rimspx64.sys\SystemRoot\system32\DRIVERS\rixdpx64.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\rdpbus.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\drivers\stwrt64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\HdAudio.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\Drivers\tcusb.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\OEM02Dev.sys\SystemRoot\system32\DRIVERS\OEM02Vfx.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\btusbflt.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\btwavdt.sys\SystemRoot\system32\drivers\btwaudio.sys\SystemRoot\system32\DRIVERS\btwrchid.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\hidusb.sys\SystemRoot\system32\drivers\kbdhid.sys\SystemRoot\system32\DRIVERS\mouhid.sys\SystemRoot\system32\drivers\luafv.sys\??\C:\Windows\system32\drivers\aswMonFlt.sys\SystemRoot\System32\Drivers\aswFsBlk.SYS\SystemRoot\system32\DRIVERS\tifsfilt.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\??\C:\Windows\system32\Drivers\SSPORT.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\afcdp.sys\??\C:\Windows\WinVd32.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\asyncmac.sys\SystemRoot\system32\DRIVERS\udfs.sys\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\normaliz.dll\Windows\System32\comdlg32.dll\Windows\System32\Wldap32.dll\Windows\System32\advapi32.dll\Windows\System32\oleaut32.dll\Windows\System32\nsi.dll\Windows\System32\shell32.dll\Windows\System32\lpk.dll\Windows\System32\ws2_32.dll\Windows\System32\kernel32.dll\Windows\System32\msctf.dll\Windows\System32\usp10.dll\Windows\System32\iertutil.dll\Windows\System32\imagehlp.dll\Windows\System32\rpcrt4.dll\Windows\System32\psapi.dll\Windows\System32\imm32.dll\Windows\System32\user32.dll\Windows\System32\difxapi.dll\Windows\System32\gdi32.dll\Windows\System32\setupapi.dll\Windows\System32\clbcatq.dll\Windows\System32\sechost.dll\Windows\System32\ole32.dll\Windows\System32\urlmon.dll\Windows\System32\shlwapi.dll\Windows\System32\msvcrt.dll\Windows\System32\wininet.dll\Windows\System32\cfgmgr32.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll\Windows\System32\wintrust.dll\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll\Windows\System32\devobj.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa80044de060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\Lower Device Object: 0xfffffa8004106060Lower Device Driver Name: \Driver\atapi\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa80044de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa80044deab0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa80044de060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa80044dde10, DeviceName: Unknown, DriverName: \Driver\vidsflt67\DevicePointer: 0xfffffa8004106060, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: E9B9DF99 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 63 Numsec = 266229117 Partition file system is NTFS Partition is bootable Partition 1 type is Extended with CSH (0x5) Partition is NOT ACTIVE. Partition starts at LBA: 266229180 Numsec = 358908165 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_63_i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1008 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16750 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, M:\ DRIVE_FIXEDCPU speed: 1.995000 GHzMemory total: 4284526592, free: 2119540736 Link to post Share on other sites More sharing options...
kinetix12 Posted January 11, 2014 Author ID:776691 Share Posted January 11, 2014 Gringo -- I have found the following information on the webio.dll issue-- http://www.howtofixdll.com/solutions/webio-dll-missing/ Someone is trying to sell a program, but they say there is a realtionship between the webio.dll and malware -- Backdoor:Win32/Delf.OY infection is mainly targeted at webio dll -- Backdoor:Win32/Delf.OY can also automatically download malware RegSpy from http://www.symantec.com/connect/blogs/regspy-registry-capturing-tool to make a stronger control of your system. Does this make sense/help? Kinetix12 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 12, 2014 Staff ID:777056 Share Posted January 12, 2014 Hello kinetix12 Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 12, 2014 Author ID:777099 Share Posted January 12, 2014 Gringo -- The program (64 bit) loads but does not appear to run. It has been running for more than 2 hours and shows no indication of any progression on a scan. It has an error message that "flashes" that the program is getting "Office Session Errors: 1911" Within the past two days, I developed an issue with a program "Gsyncit" by Fieldstone Software designed to sync my iphone and MS Outlook 2007 (32 bit) though Gmail. Fieldstone suggests I need to reinstall .net framework 4.+ There may be issues with net framework. Should I terminate and try to restart Farbar recovery as it does not seem to be working? Should I try removing .net framework and reinstalling? Thanks, Kinetix12 . Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 12, 2014 Staff ID:777121 Share Posted January 12, 2014 Yes go ahead and restart the computer and try farbARS AGAIN PLEASE Link to post Share on other sites More sharing options...
kinetix12 Posted January 12, 2014 Author ID:777149 Share Posted January 12, 2014 Gringo -- I terminated the program and attempted to re-run it twice, once in safe mode. In each instance, the program ran and then halted when it "hit" the Office Systems error. Two logs or partial logs were produced. Set out below is the first -- the addition.txt file is attached (or will be once I figure out how to attach it). Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2014Ran by Neal (administrator) on NEAL-PC on 12-01-2014 11:03:14Running from M:\DownloadWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 10Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe() C:\Windows\System32\WLTRYSVC.EXE(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Authentec Inc.) C:\Program Files\Protector Suite\upeksvr.exe(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe() C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE() C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe(Livescribe) C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe() C:\Windows\SysWOW64\PSIService.exe(Sling Media Inc.) C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\stacsv64.exe(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe() C:\Windows\SysWOW64\TSSchBkpService.exe() C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe(IObit) C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(The Eraser Project) C:\Program Files\Eraser\Eraser.exe(Sage Software, Inc.) C:\Program Files (x86)\Timeslips\TSTimer.exe(Microsoft Corporation) C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(MSGTAG) C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe() C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe(Dropbox, Inc.) C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe(jProductivity, LLC) C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe(EuroSmartz Ltd) C:\Program Files (x86)\WePrint\WePrint Server.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe(Mindjet) C:\Program Files (x86)\Mindjet\MindManager 8\MmReminderService.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe(The Pidgin developer community) C:\Program Files (x86)\Pidgin\pidgin.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Fieldston Software) C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\NuanceWDS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1211688 2007-10-26] (Synaptics, Inc.)HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980368 2010-11-04] (The Eraser Project)HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [4017368 2012-10-29] (Stardock Corporation)HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5955088 2012-06-28] (Acronis)HKLM-x32\...\Run: [TheLaptopLock] - C:\Program Files (x86)\The LaptopLock\LaptopLock.exe [397312 2007-02-01] (LaptopLock)HKLM-x32\...\Run: [syncios device service] - C:\Program Files (x86)\Syncios\SynciosDeviceService.exeHKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [PPort12reminder] - C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe [328992 2008-11-03] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PaperPort PTD] - C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [29984 2009-08-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-10] (Creative Technology Ltd.)HKLM-x32\...\Run: [Nuance OmniPage 17-reminder] - "C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 17\Ereg\Ereg.ini"HKLM-x32\...\Run: [MMReminderService] - C:\Program Files (x86)\Mindjet\MindManager 8\MMReminderService.exe [37656 2008-11-14] (Mindjet)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)HKLM-x32\...\Run: [indexSearch] - C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46368 2009-08-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [DLSService] - "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)HKLM-x32\...\Run: [brMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [Agile1pAgent] - C:\Program Files (x86)\1Password\Agile1pAgent.exe [2247952 2013-12-18] (AgileBits)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)HKLM-x32\...\Run: [AcronisTimounterMonitor] - C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1171336 2012-06-28] (Acronis)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [624056 2011-08-30] (Adobe Systems Inc.)HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exeWinlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)Winlogon\Notify\psfus: C:\Program Files\Protector Suite\psqlpwd.dll (Authentec Inc.)HKCU\...\Run: [TSTimer] - C:\Program Files (x86)\Timeslips\TSTimer.exe [2515240 2010-09-07] (Sage Software, Inc.)HKCU\...\Run: [skyDrive] - C:\Users\Neal\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)HKCU\...\Run: [MSGTAG] - C:\Program Files (x86)\MSGTAG Status\MSGTAGStatus.exe [1820160 2007-07-10] (MSGTAG)HKCU\...\Run: [iSUSPM Startup] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)HKCU\...\Run: [iSUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)HKCU\...\Run: [gSyncit] - C:\Program Files (x86)\Fieldston Software\gSyncit\gsyncit.exe [167424 2014-01-01] (Fieldston Software)HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)HKCU\...\Run: [NextLive] - C:\Users\Neal\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-13] (NewNextDotMe)Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dllStartup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnkShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\myPhoneDesktop.lnkShortcutTarget: myPhoneDesktop.lnk -> C:\Program Files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe (jProductivity, LLC)Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnkShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)Startup: C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WePrint Server.lnkShortcutTarget: WePrint Server.lnk -> C:\Program Files (x86)\WePrint\WePrint Server.exe (EuroSmartz Ltd) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=902615&fr=spigot-yhp-ieHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x780ADA30E68FCB01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKCU - {DAFBE03E-D490-4C49-B48F-B078CABC3A49} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=902615&p={searchTerms}BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)BHO: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)BHO-x32: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)BHO-x32: avast! EasyPass Toolbar Helper - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: 1Password - {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} - C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)Toolbar: HKLM - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)Toolbar: HKLM - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie64.dll ()Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - avast! EasyPass Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)Toolbar: HKLM-x32 - DataVault Bar - {0D792CB2-2654-4E99-A597-7FC317F04D61} - C:\Program Files (x86)\DataVault\ie.dll ()Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - avast! EasyPass Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (AVAST Software)DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://flclerks.webex.com/client/WBXclient-T28L10NSP9-15980/webex/ieatgpc1.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - No FileHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No FileHandler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll ()Handler-x32: g7ps - {9EACF0FB-4FC7-436E-989B-3197142AD979} - C:\Program Files (x86)\Common Files\G7PS\Shared Files\G7PSDLL\G7PS.dll (G7 Productivity Systems, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll ()Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.2.1 FireFox:========FF ProfilePath: C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @ascendo-inc/DataVault;version=1 - C:\Program Files (x86)\DataVault\npapi.dll ()FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-01-06]FF HKLM-x32\...\Firefox\Extensions: [{FF201111-31F0-43FD-98C7-0E142411C415}] - C:\Program Files (x86)\Bring to OneNote for Office 2007\FFFF Extension: Bring to OneNote - C:\Program Files (x86)\Bring to OneNote for Office 2007\FF [2012-01-02]FF HKLM-x32\...\Firefox\Extensions: [datavault@ascendo.inc] - C:\Program Files (x86)\DataVault\firefoxFF Extension: DataVault Toolbar - C:\Program Files (x86)\DataVault\firefox [2014-01-01] Chrome: =======CHR Extension: (Downloads) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjhnfghnbhfjhoiiaoibdhfnfpicfknh\0.9_0 [2013-11-28]CHR Extension: (Bring to OneNote) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjdjahfjhafehbeoffchdnbllicbdkk\3.0.0.10_0 [2013-11-28]CHR Extension: (Adblock Plus) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.2_0 [2013-12-19]CHR Extension: ( "name": "myPhoneDesktop - Chrome Client") - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebpiggoccjgdoecccbcmenmbcnoldalf\1.0.4_0 [2013-11-28]CHR Extension: (i-Pusher) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\eipicaolkdicbbgajbddliflfbmjkgef\0.34_0 [2013-11-28]CHR Extension: (PageZipper) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbbmnbomimdgmecfpbilhoafgmmeagef\1.3_0 [2013-11-28]CHR Extension: ( "name": "Print this page with CleanPrint") - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf\4.8.1_0 [2014-01-03]CHR Extension: (Image In TabBar) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpjbmcdccggidhgcigdfoblhnbdbickb\1.3_0 [2013-11-28]CHR Extension: (Forget Me - Clean History, Cookies & more) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gekpdemielcmiiiackmeoppdgaggjgda\1.1.0_0 [2013-11-28]CHR Extension: (Vanilla Cookie Manager) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj\1.3.2_0 [2013-11-28]CHR Extension: (AdBlock) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 [2013-11-30]CHR Extension: (History Eraser) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjieilkfnnjoihjjonajndjldjoagffm\3.9.7_0 [2013-12-18]CHR Extension: (1Password) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk\3.9.20.99_0 [2014-01-04]CHR Extension: (LastPass) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0 [2013-12-24]CHR Extension: (Minimal) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnfhcmjkebafbfikmbkhdpbmfpfjgiog\1.0_0 [2013-11-28]CHR Extension: (DataVault Extension) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.8.1_0 [2014-01-02]CHR Extension: (The Weather Channel for Chrome) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0 [2013-11-28]CHR Extension: (iPhone AppStore) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikfjaojloelkjlgafconlihjodkpfjjb\1.1_0 [2013-11-28]CHR Extension: (Cookies) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\iphcomljdfghbkdcfndaijbokpgddeno\1.8_0 [2014-01-05]CHR Extension: (Cookie Manager) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbnfbcpkiaganjpcanopcgeoehkleeck\1.1_0 [2013-11-28]CHR Extension: (Google Maps) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0 [2013-11-28]CHR Extension: (WeatherBug) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mekeaeklopjambfhgndcddmpfbinkdpb\1.4_0 [2013-11-28]CHR Extension: (iPhone Blog Browser) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfoejenmpapgdkibeogmbdniemjjnnbo\1.1_0 [2013-11-28]CHR Extension: (Print) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmiefodmmloajakmcfnpnjpkldellhlj\1.1_0 [2013-11-28]CHR Extension: (Google Wallet) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 [2013-12-18]CHR Extension: (Any.do) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocgddccilgpeepgglnlpchkpgamkgmld\0.1.1.1_0 [2013-11-28]CHR Extension: (Click&Clean App) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0 [2013-12-04]CHR Extension: (Weather Underground) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej\1.6_0 [2013-11-28]CHR Extension: (Quickrr Calculator) - C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjilkjgbkoabhnonkepkmibepodpdbhk\1.1_0 [2013-11-28]CHR HKLM-x32\...\Chrome\Extension: [bnjdjahfjhafehbeoffchdnbllicbdkk] - C:\Program Files (x86)\Bring to OneNote for Office 2007\bringtoonenote.crx [2012-01-02]CHR HKLM-x32\...\Chrome\Extension: [idbmmgcdhhiblollphopejjpnkpdgbii] - C:\Program Files (x86)\DataVault\extension.crx [2013-03-09] ==================== Services (Whitelisted) ================= R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2014-01-02] (Emsisoft GmbH)R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [86016 2007-09-20] (Andrea Electronics Corporation)R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2013-12-18] (AgileBits)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)R2 BRA_Scheduler; C:\Program Files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [65536 2010-09-15] ()R2 CronService; C:\Prey\platform\windows\cronsvc.exe [19968 2011-02-15] (Fork Ltd.)R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-03-21] (Nitro PDF Software)R2 NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [71096 2009-07-13] ()R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [229376 2012-08-23] (Visioneer Inc.)R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2009-08-27] (Nuance Communications, Inc.)R2 PenCommService; C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [470528 2011-10-27] (Livescribe)R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [174656 2006-11-02] ()R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)R2 SlingAgentService; C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [93960 2009-09-25] (Sling Media Inc.)R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\STacSV64.exe [122880 2008-02-15] (IDT, Inc.)R2 TSScheduleBackup; C:\Windows\SysWOW64\TSSchBkpService.exe [705024 2010-06-04] ()R2 WBA_Agent_Client; C:\Program Files (x86)\Brother\BRAgent\BRAgtSrv.exe [86016 2009-01-27] ()R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [262360 2008-09-15] (Data Perceptions / PowerProgrammer)R2 WePrint; C:\Program Files (x86)\WePrint\WePrint Server.exe [3527816 2013-12-27] (EuroSmartz Ltd)R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2705920 2007-12-08] (Dell Inc.) ==================== Drivers (Whitelisted) ==================== S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-10-20] (Emsisoft GmbH)R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-10-20] (Emsisoft GmbH)R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2014-01-02] (Emsisoft GmbH)S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2009-02-25] ()S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [9728 2009-02-25] ()S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2009-02-25] ()S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [3072 2009-02-25] ()R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-11] (Creative Technology Ltd.)R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)S3 PulseUsb; C:\Windows\System32\DRIVERS\PulseUsb.sys [26112 2010-10-18] (Windows ® Win 7 DDK provider)R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] ()R3 TcUsb; C:\Windows\System32\Drivers\tcusb.sys [63304 2011-08-19] (AuthenTec, Inc.)R2 WinVd32; C:\Windows\WinVd32.sys [197728 2011-05-23] ()S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]S3 catchme; \??\C:\ComboFix\catchme.sys [x]S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)S2 WinFLdrv; SysWOW64\WinFLdrv.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-12 11:01 - 2014-01-12 11:01 - 00000000 ____D C:\FRST2014-01-12 01:18 - 2014-01-12 01:18 - 00276984 _____ C:\Windows\Minidump\011214-28672-01.dmp2014-01-12 00:42 - 2014-01-12 00:42 - 00276992 _____ C:\Windows\Minidump\011214-34819-01.dmp2014-01-12 00:41 - 2014-01-12 00:41 - 00003344 ____N C:\bootsqm.dat2014-01-12 00:38 - 2014-01-12 00:38 - 00000000 __SHD C:\found.0042014-01-11 14:33 - 2014-01-12 07:25 - 00000000 ____D C:\Users\Neal\AppData\Roaming\newnext.me2014-01-11 14:33 - 2014-01-11 15:18 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie2014-01-11 14:33 - 2014-01-11 15:18 - 00000000 ____D C:\Users\Neal\AppData\Local\Mobogenie2014-01-11 14:33 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Neal\AppData\Local\genienext2014-01-11 14:33 - 2014-01-11 15:17 - 00000000 ____D C:\Users\Neal\AppData\Local\cache2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\Documents\Mobogenie2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\.android2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 _____ C:\Users\Neal\daemonprocess.txt2014-01-10 19:48 - 2014-01-10 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-01-10 19:48 - 2014-01-10 19:48 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-01-10 19:47 - 2014-01-10 20:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-10 19:47 - 2014-01-10 20:29 - 00000000 ____D C:\Users\Neal\Desktop\mbar2014-01-10 14:10 - 2014-01-10 14:10 - 00040289 _____ C:\ComboFix.txt2014-01-09 18:33 - 2014-01-09 18:33 - 00001925 _____ C:\Users\Neal\Desktop\ComboFix.exe - Shortcut.lnk2014-01-06 20:00 - 2014-01-06 20:00 - 00000846 _____ C:\Users\Neal\Desktop\JRT.txt2014-01-06 19:40 - 2014-01-06 19:40 - 00000000 ____D C:\Windows\ERUNT2014-01-06 19:33 - 2014-01-06 19:32 - 01036305 _____ (Thisisu) C:\Users\Neal\Desktop\JRT.exe2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D C:\found.0022014-01-06 15:00 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe2014-01-06 15:00 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe2014-01-06 15:00 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-01-06 15:00 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-01-06 15:00 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-01-06 15:00 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe2014-01-06 15:00 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe2014-01-06 15:00 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe2014-01-06 11:45 - 2014-01-06 11:45 - 00002028 _____ C:\Users\Neal\Desktop\Customize Fences.lnk2014-01-06 11:00 - 2014-01-12 01:18 - 488598498 _____ C:\Windows\MEMORY.DMP2014-01-06 11:00 - 2014-01-06 11:00 - 00276928 _____ C:\Windows\Minidump\010614-27830-01.dmp2014-01-06 10:57 - 2014-01-11 15:23 - 00017752 _____ C:\Windows\PFRO.log2014-01-06 10:49 - 2014-01-06 19:34 - 00000000 ____D C:\AdwCleaner2014-01-06 10:36 - 2014-01-06 10:36 - 00929928 _____ (CNET Download.com) C:\Users\Neal\Desktop\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe2014-01-06 09:42 - 2014-01-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2014-01-05 20:01 - 2011-11-17 00:35 - 00314880 _____ (Microsoft Corporation) C:\webio.dll2014-01-05 15:55 - 2014-01-05 15:56 - 00276992 _____ C:\Windows\Minidump\010514-20560-01.dmp2014-01-05 12:59 - 2014-01-05 12:59 - 00006524 _____ C:\Users\Neal\Desktop\Windows Compatibility Report.htm2014-01-04 21:33 - 2014-01-12 01:18 - 00002011 _____ C:\Windows\setupact.log2014-01-04 21:33 - 2014-01-05 12:54 - 00000000 _____ C:\Windows\setuperr.log2014-01-04 11:26 - 2014-01-04 20:24 - 00000000 ____D C:\Program Files (x86)\1Password2014-01-04 11:26 - 2014-01-04 14:41 - 00000000 ____D C:\Users\Neal\Documents\1Password2014-01-04 11:26 - 2014-01-04 11:26 - 00001021 _____ C:\Users\Neal\Desktop\1Password.lnk2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Agile Web Solutions2014-01-04 11:26 - 2013-08-15 15:50 - 01769984 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCert.dll2014-01-04 11:26 - 2013-08-15 15:49 - 02403328 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatSocket.dll2014-01-04 11:26 - 2013-01-10 10:23 - 01580784 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatCrypt2.dll2014-01-04 11:26 - 2012-08-06 17:39 - 02416640 _____ (Chilkat Software, Inc.) C:\Windows\SysWOW64\ChilkatZip2.dll2014-01-04 02:09 - 2014-01-04 21:33 - 00000000 ____D C:\Program Files\Protector Suite2014-01-04 02:09 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Common Files\SPBA2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Program Files (x86)\Dashlane2014-01-03 20:47 - 2014-01-03 20:47 - 00000000 ____D C:\Users\Neal\AppData\Local\Packages2014-01-03 16:42 - 2014-01-03 16:42 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Tools2014-01-03 16:29 - 2014-01-05 17:32 - 00005459 _____ C:\Windows\WindowsUpdate.log2014-01-03 09:05 - 2014-01-03 09:06 - 00024512 _____ C:\Users\Neal\Desktop\attach.txt2014-01-03 09:05 - 2014-01-03 09:04 - 00034638 _____ C:\Users\Neal\Desktop\dds.txt2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 ____R (Swearware) C:\Users\Neal\Desktop\dds.com2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 _____ (Swearware) C:\Users\Neal\Desktop\dds.scr2014-01-03 08:26 - 2014-01-03 08:26 - 00000000 ____D C:\Program Files\HijackThis2014-01-03 06:52 - 2014-01-03 06:52 - 00000000 ____D C:\ProgramData\HitmanPro2014-01-02 20:10 - 2014-01-05 17:50 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 20132014-01-02 14:12 - 2014-01-02 14:12 - 00002626 _____ C:\Windows\CompatibilityIssues.txt2014-01-02 09:07 - 2014-01-05 13:01 - 00001908 _____ C:\Windows\diagwrn.xml2014-01-02 09:07 - 2014-01-05 13:01 - 00001908 _____ C:\Windows\diagerr.xml2014-01-01 20:40 - 2014-01-05 05:16 - 00204896 ____N C:\Users\Neal\Documents\DataVault.dat2014-01-01 20:40 - 2014-01-01 20:40 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Ascendo2014-01-01 20:34 - 2014-01-05 05:16 - 00000000 ____D C:\Users\Neal\Documents\Automatic backups2014-01-01 20:33 - 2014-01-01 20:33 - 00001021 _____ C:\Users\Public\Desktop\Ascendo DataVault.lnk2014-01-01 20:33 - 2014-01-01 20:33 - 00000000 ____D C:\Program Files (x86)\DataVault2014-01-01 19:38 - 2014-01-01 20:31 - 00000000 ____D C:\Users\Neal\AppData\Local\PasswordSafe2014-01-01 19:38 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\Documents\My Safes2013-12-29 03:41 - 2013-12-29 03:41 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup2013-12-29 03:41 - 2013-12-29 03:41 - 00003162 _____ C:\Windows\System32\Tasks\SmartDefragUpdate2013-12-29 03:41 - 2013-05-22 18:49 - 00032600 _____ (IObit) C:\Windows\system32\SmartDefragBootTime.exe2013-12-29 03:40 - 2013-05-22 18:49 - 00017720 _____ C:\Windows\system32\Drivers\SmartDefragDriver.sys2013-12-27 12:48 - 2013-12-27 12:48 - 00000000 ____D C:\MATS2013-12-13 15:10 - 2013-12-13 15:24 - 00000000 ____D C:\Users\Neal\Desktop\Def Experts2013-12-13 08:36 - 2014-01-01 16:41 - 00000000 ____D C:\Users\Neal\Desktop\Test ==================== One Month Modified Files and Folders ======= 2014-01-12 11:01 - 2014-01-12 11:01 - 00000000 ____D C:\FRST2014-01-12 11:00 - 2013-05-18 08:21 - 00000000 ____D C:\ProgramData\WePrint2014-01-12 10:59 - 2012-10-24 10:41 - 00000029 _____ C:\Windows\SysWOW64\TempWmicBatchFile.bat2014-01-12 10:58 - 2010-09-21 20:13 - 00000000 ____D C:\Users\Neal\AppData\Roaming\.purple2014-01-12 10:46 - 2010-09-24 18:25 - 00000000 ____D C:\Users\Neal\AppData\Roaming\MSGTAG2014-01-12 10:38 - 2010-09-24 23:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-01-12 10:35 - 2013-10-17 07:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job2014-01-12 09:26 - 2010-09-24 01:30 - 00000000 ____D C:\Users\Neal\AppData\Roaming\gSyncit2014-01-12 07:25 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Roaming\newnext.me2014-01-12 06:38 - 2012-07-16 23:46 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job2014-01-12 04:03 - 2011-03-31 13:18 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Dropbox2014-01-12 01:32 - 2012-06-29 07:51 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Credenza2014-01-12 01:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-01-12 01:29 - 2009-07-13 23:45 - 00013792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-01-12 01:26 - 2012-11-11 17:51 - 00000000 ____D C:\Users\Neal\Documents\WePrint2014-01-12 01:25 - 2010-09-23 20:46 - 00000462 _____ C:\Windows\Tasks\SDMsgUpdate (TE).job2014-01-12 01:25 - 2010-09-22 06:45 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Nitro PDF2014-01-12 01:19 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT2014-01-12 01:18 - 2014-01-12 01:18 - 00276984 _____ C:\Windows\Minidump\011214-28672-01.dmp2014-01-12 01:18 - 2014-01-06 11:00 - 488598498 _____ C:\Windows\MEMORY.DMP2014-01-12 01:18 - 2014-01-04 21:33 - 00002011 _____ C:\Windows\setupact.log2014-01-12 01:18 - 2010-09-22 07:22 - 00000000 ____D C:\Windows\Minidump2014-01-12 00:42 - 2014-01-12 00:42 - 00276992 _____ C:\Windows\Minidump\011214-34819-01.dmp2014-01-12 00:41 - 2014-01-12 00:41 - 00003344 ____N C:\bootsqm.dat2014-01-12 00:38 - 2014-01-12 00:38 - 00000000 __SHD C:\found.0042014-01-11 17:10 - 2012-09-18 06:38 - 00000000 ____D C:\Users\Neal\AppData\Local\CrashDumps2014-01-11 15:23 - 2014-01-06 10:57 - 00017752 _____ C:\Windows\PFRO.log2014-01-11 15:18 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie2014-01-11 15:18 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\Mobogenie2014-01-11 15:17 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\genienext2014-01-11 15:17 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\AppData\Local\cache2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\Documents\Mobogenie2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 ____D C:\Users\Neal\.android2014-01-11 14:33 - 2014-01-11 14:33 - 00000000 _____ C:\Users\Neal\daemonprocess.txt2014-01-11 14:33 - 2010-09-21 19:20 - 00000000 ____D C:\Users\Neal2014-01-11 08:34 - 2010-09-23 13:30 - 00000900 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys2014-01-10 20:32 - 2014-01-10 19:47 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-01-10 20:32 - 2009-07-14 00:32 - 00000000 ____D C:\Windows\system32\FxsTmp2014-01-10 20:29 - 2014-01-10 19:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-01-10 20:29 - 2014-01-10 19:47 - 00000000 ____D C:\Users\Neal\Desktop\mbar2014-01-10 19:48 - 2014-01-10 19:48 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-01-10 14:13 - 2010-09-21 20:31 - 00000000 ____D C:\Users\Neal\AppData\Local\X1 Desktop Search2014-01-10 14:13 - 2009-05-22 09:57 - 00041861 _____ C:\emailscan.log2014-01-10 14:10 - 2014-01-10 14:10 - 00040289 _____ C:\ComboFix.txt2014-01-10 14:10 - 2010-01-17 12:10 - 00000000 ____D C:\Qoobox2014-01-10 14:06 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini2014-01-09 21:26 - 2011-04-25 21:29 - 00000000 ____D C:\Users\Neal\AppData\Local\Apps\2.02014-01-09 19:00 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default2014-01-09 18:33 - 2014-01-09 18:33 - 00001925 _____ C:\Users\Neal\Desktop\ComboFix.exe - Shortcut.lnk2014-01-06 20:05 - 2013-09-02 20:09 - 00000193 _____ C:\Windows\WORDPAD.INI2014-01-06 20:00 - 2014-01-06 20:00 - 00000846 _____ C:\Users\Neal\Desktop\JRT.txt2014-01-06 19:40 - 2014-01-06 19:40 - 00000000 ____D C:\Windows\ERUNT2014-01-06 19:34 - 2014-01-06 10:49 - 00000000 ____D C:\AdwCleaner2014-01-06 19:32 - 2014-01-06 19:33 - 01036305 _____ (Thisisu) C:\Users\Neal\Desktop\JRT.exe2014-01-06 16:57 - 2009-07-14 00:13 - 00006410 _____ C:\Windows\system32\PerfStringBackup.INI2014-01-06 16:06 - 2014-01-06 16:06 - 00000000 ____D C:\found.0022014-01-06 15:33 - 2010-09-22 15:21 - 00000000 ____D C:\Windows\ERDNT2014-01-06 11:45 - 2014-01-06 11:45 - 00002028 _____ C:\Users\Neal\Desktop\Customize Fences.lnk2014-01-06 11:45 - 2010-09-21 20:50 - 00000000 ____D C:\Program Files (x86)\Stardock2014-01-06 11:45 - 2010-09-21 19:20 - 00000000 ___RD C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-06 11:00 - 2014-01-06 11:00 - 00276928 _____ C:\Windows\Minidump\010614-27830-01.dmp2014-01-06 10:36 - 2014-01-06 10:36 - 00929928 _____ (CNET Download.com) C:\Users\Neal\Desktop\cbsidlm-cbsi171-AdwCleaner-SEO-75851221.exe2014-01-06 09:43 - 2012-05-31 06:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service2014-01-06 09:42 - 2014-01-06 09:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox2014-01-05 18:12 - 2012-12-15 14:35 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam2014-01-05 18:12 - 2010-09-21 20:11 - 00000000 ____D C:\Program Files (x86)\Pidgin2014-01-05 18:11 - 2010-09-21 20:39 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware2014-01-05 18:01 - 2013-09-14 15:00 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Syncios2014-01-05 17:58 - 2013-09-18 23:34 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Audacity2014-01-05 17:50 - 2014-01-02 20:10 - 00000000 ____D C:\Program Files (x86)\Advanced Fix 20132014-01-05 17:48 - 2011-04-25 21:29 - 00000000 ____D C:\Users\Neal\AppData\Local\Deployment2014-01-05 17:40 - 2009-07-14 00:08 - 00032530 _____ C:\Windows\Tasks\SCHEDLGU.TXT2014-01-05 17:38 - 2011-07-14 02:42 - 00000000 ____D C:\Windows\pss2014-01-05 17:32 - 2014-01-03 16:29 - 00005459 _____ C:\Windows\WindowsUpdate.log2014-01-05 15:56 - 2014-01-05 15:55 - 00276992 _____ C:\Windows\Minidump\010514-20560-01.dmp2014-01-05 13:01 - 2014-01-02 09:07 - 00001908 _____ C:\Windows\diagwrn.xml2014-01-05 13:01 - 2014-01-02 09:07 - 00001908 _____ C:\Windows\diagerr.xml2014-01-05 12:59 - 2014-01-05 12:59 - 00006524 _____ C:\Users\Neal\Desktop\Windows Compatibility Report.htm2014-01-05 12:54 - 2014-01-04 21:33 - 00000000 _____ C:\Windows\setuperr.log2014-01-05 11:55 - 2010-09-24 00:32 - 00000000 ___HD C:\Users\Neal\Desktop\_gsdata_2014-01-05 11:54 - 2010-09-22 07:41 - 00000000 ____D C:\Users\Neal\AppData\Roaming\GoodSync2014-01-05 05:16 - 2014-01-01 20:40 - 00204896 ____N C:\Users\Neal\Documents\DataVault.dat2014-01-05 05:16 - 2014-01-01 20:34 - 00000000 ____D C:\Users\Neal\Documents\Automatic backups2014-01-04 21:33 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Protector Suite2014-01-04 20:24 - 2014-01-04 11:26 - 00000000 ____D C:\Program Files (x86)\1Password2014-01-04 14:41 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\Documents\1Password2014-01-04 11:26 - 2014-01-04 11:26 - 00001021 _____ C:\Users\Neal\Desktop\1Password.lnk2014-01-04 11:26 - 2014-01-04 11:26 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Agile Web Solutions2014-01-04 10:52 - 2010-10-02 10:30 - 00000000 ____D C:\Users\Neal\AppData\Local\Downloaded Installations2014-01-04 02:09 - 2014-01-04 02:09 - 00000000 ____D C:\Program Files\Common Files\SPBA2014-01-03 20:49 - 2014-01-03 20:49 - 00000000 ____D C:\Program Files (x86)\Dashlane2014-01-03 20:47 - 2014-01-03 20:47 - 00000000 ____D C:\Users\Neal\AppData\Local\Packages2014-01-03 16:42 - 2014-01-03 16:42 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Tools2014-01-03 09:06 - 2014-01-03 09:05 - 00024512 _____ C:\Users\Neal\Desktop\attach.txt2014-01-03 09:04 - 2014-01-03 09:05 - 00034638 _____ C:\Users\Neal\Desktop\dds.txt2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 ____R (Swearware) C:\Users\Neal\Desktop\dds.com2014-01-03 08:56 - 2014-01-03 08:56 - 00688992 _____ (Swearware) C:\Users\Neal\Desktop\dds.scr2014-01-03 08:54 - 2010-12-26 00:06 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy2014-01-03 08:26 - 2014-01-03 08:26 - 00000000 ____D C:\Program Files\HijackThis2014-01-03 07:08 - 2012-11-11 17:51 - 00000000 ____D C:\Program Files (x86)\WePrint2014-01-03 06:52 - 2014-01-03 06:52 - 00000000 ____D C:\ProgramData\HitmanPro2014-01-02 21:13 - 2012-11-13 10:24 - 00000089 _____ C:\Windows\SysWOW64\BRAgent.dat2014-01-02 14:12 - 2014-01-02 14:12 - 00002626 _____ C:\Windows\CompatibilityIssues.txt2014-01-02 09:23 - 2012-11-13 13:49 - 00000000 ____D C:\ProgramData\Kofax2014-01-01 20:40 - 2014-01-01 20:40 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Ascendo2014-01-01 20:33 - 2014-01-01 20:33 - 00001021 _____ C:\Users\Public\Desktop\Ascendo DataVault.lnk2014-01-01 20:33 - 2014-01-01 20:33 - 00000000 ____D C:\Program Files (x86)\DataVault2014-01-01 20:31 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\AppData\Local\PasswordSafe2014-01-01 19:38 - 2014-01-01 19:38 - 00000000 ____D C:\Users\Neal\Documents\My Safes2014-01-01 16:41 - 2013-12-13 08:36 - 00000000 ____D C:\Users\Neal\Desktop\Test2013-12-30 15:26 - 2010-09-22 13:08 - 00000000 ____D C:\Windows\Downloaded Installations2013-12-30 14:15 - 2010-09-22 16:17 - 00000000 ____D C:\Users\Neal\AppData\Roaming\.oit2013-12-29 20:42 - 2010-09-21 21:44 - 00000000 ____D C:\Users\Neal\Documents\SplashData2013-12-29 19:55 - 2010-10-25 19:00 - 00040390 _____ C:\Windows\SysWOW64\WebUpdateSvc4.log2013-12-29 19:55 - 2010-10-25 19:00 - 00000031 _____ C:\Windows\WebUpdateSvc4.INI2013-12-29 11:40 - 2010-09-22 07:07 - 00000000 ____D C:\ProgramData\InstallShield2013-12-29 11:39 - 2009-07-14 02:46 - 00000000 ____D C:\Windows\ShellNew2013-12-29 03:41 - 2013-12-29 03:41 - 00003164 _____ C:\Windows\System32\Tasks\SmartDefrag_Startup2013-12-29 03:41 - 2013-12-29 03:41 - 00003162 _____ C:\Windows\System32\Tasks\SmartDefragUpdate2013-12-27 22:29 - 2010-09-22 20:21 - 00000813 _____ C:\Windows\Q-Dir.ini2013-12-27 22:29 - 2010-09-22 20:21 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Q-Dir2013-12-27 20:58 - 2013-01-30 15:31 - 00000000 ____D C:\Program Files (x86)\iMobie2013-12-27 20:56 - 2010-09-22 12:41 - 00000000 ____D C:\Program Files (x86)\Chrometa 2.02013-12-27 12:48 - 2013-12-27 12:48 - 00000000 ____D C:\MATS2013-12-26 20:19 - 2010-09-22 06:37 - 00000000 ____D C:\ProgramData\FLEXnet2013-12-25 20:19 - 2010-09-24 01:02 - 00000000 ____D C:\Users\Neal\Documents\Family Tree Maker2013-12-22 22:33 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared2013-12-22 17:46 - 2011-12-25 22:15 - 00000000 ____D C:\Program Files (x86)\iExplorer2013-12-22 17:44 - 2012-12-15 14:35 - 00000000 ____D C:\Users\Neal\AppData\Roaming\iFunbox_UserCache2013-12-20 21:40 - 2013-09-14 21:51 - 00000000 ____D C:\Users\Neal\Documents\iClover2013-12-19 01:06 - 2011-12-26 13:03 - 00000000 ____D C:\ProgramData\IObit2013-12-18 16:31 - 2011-12-25 12:46 - 00000000 ____D C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2013-12-15 08:28 - 2013-07-11 13:22 - 00000000 ____D C:\Windows\system32\MRT2013-12-13 18:09 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache2013-12-13 15:24 - 2013-12-13 15:10 - 00000000 ____D C:\Users\Neal\Desktop\Def Experts Files to move or delete:====================C:\ProgramData\SDPlatformMgr.dllC:\ProgramData\SplashID%20Safe.exe Some content of TEMP:====================C:\Users\Neal\AppData\Local\Temp\IntResource.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit Link to post Share on other sites More sharing options...
kinetix12 Posted January 12, 2014 Author ID:777150 Share Posted January 12, 2014 Gringo -- Here is the second scan -- my screen does not show any means for file attachment -- Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2014Ran by Neal at 2014-01-12 11:06:36Running from M:\DownloadBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: avast! Antivirus (Disabled - Out of date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}AS: avast! Antivirus (Disabled - Out of date) {904CF271-6431-DA47-5FCE-A87D98DFB681}AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)1Password 1.0.9.340 (x32 Version: 1.0 - AgileBits)64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)8000A809 (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden8000A809_eDocs (x32 Version: 140.0.000.000 - Hewlett-Packard) Hidden8000A809_Help (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenABC Amber LIT Converter (x32 Version: - )ABC Amber Outlook Converter (x32 Version: - )ABC Amber PDF Converter (x32 Version: - )Acronis True Image Home 2012 (x32 Version: 15.0.7133 - Acronis) HiddenAdobe Acrobat 8 Professional (x32 Version: 8.3.1 - Adobe Systems) HiddenAdobe Acrobat 8.3.1 - CPSID_83708 (x32 Version: - Adobe Systems Incorporated)Adobe Acrobat 8.3.1 Professional (x32 Version: 8.3.1 - Adobe Systems)Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.7.0.1860 - Adobe Systems Incorporated) HiddenAdobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)Advanced File Organizer 3.01 (x32 Version: 3.01 - SoftPrime Development)Amazon Kindle (x32 Version: - Amazon)Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)ARTS PDF Aerialist Professional 1.2 (x32 Version: 1.2 - ARTS PDF)Ascendo DataVault 4.9.12 (x32 Version: 4.9.12 - Ascendo)Ashampoo Burning Studio 2012 v10.0.15 (x32 Version: 10.0.15 - Ashampoo GmbH & Co. KG)Asterisk Key 10.0 (x32 Version: - )Attribute Changer 6.20 (x32 Version: 6.20 - Romain Petges)AutoSplit Pro Plug-In, v. 2.2 (x32 Version: - EverMap Company, LLC.)avast! EasyPass (x32 Version: 7-7-8-128 - AVAST Software)avast! Free Antivirus (x32 Version: 8.0.1497.0 - AVAST Software)Belarc Advisor 7.2 (x32 Version: - )Bonjour (Version: 3.0.0.10 - Apple Inc.)Bonjour Print Services (Version: 2.0.2.0 - Apple Inc.)BPDSoftware (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenBPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) HiddenBRAdmin Professional 3 (x32 Version: 3.47.0005 - Brother)Bring To OneNote for Office 2007 v3.0.0.10 (x32 Version: 3.0.0.10 - James.Linton)Broadcom Gigabit Integrated Controller (Version: 10.52.12 - Broadcom Corporation)Brother BRAgent 1.33.0000 (x32 Version: 1.33.0000 - Brother)Brother MFL-Pro Suite MFC-8870DW (x32 Version: 1.0.0.0 - Brother Industries, Ltd.)BufferChm (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenBytescout BarCode Generator 2.00.241 (FREEWARE) (x32 Version: - Bytescout Software)calibre (x32 Version: 0.8.68 - Kovid Goyal)CCleaner (Version: 4.00 - Piriform)CDBurnerXP (x32 Version: 4.2.5.1490 - CDBurnerXP)Cisco Connect (x32 Version: 1.3.11006.1 - Cisco Consumer Products LLC)Cisco EAP-FAST Module (x32 Version: 2.0.26 - Cisco Systems, Inc.)Cisco LEAP Module (x32 Version: 1.0.11 - Cisco Systems, Inc.)Cisco PEAP Module (x32 Version: 1.0.12 - Cisco Systems, Inc.)Cisco WebEx Meetings (x32 Version: - Cisco WebEx LLC)CoolUtils Mail Viewer (x32 Version: 2.5 - Softplicity, Inc.)Core Temp 1.0 RC3 (Version: 1.0 - Alcpu)CoreLib (x32 Version: 1.00.0001 - Nuance Communications, Inc.)Credenza (x32 Version: 3.0.0.55 - Credenza Software Inc.)CrystalDiskInfo 3.1.1 (x32 Version: 3.1.1 - Crystal Dew World)Dell Driver Download Manager (HKCU Version: 2.1.0.0 - Dell Inc.)Dell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)Dell System Detect (HKCU Version: 3.3.2.1 - Dell)Dell Touchpad (Version: 10.1.2.0 - Synaptics)Dell Touchpad (Version: 7.102.101.223 - ALPS ELECTRIC CO., LTD.)Dell Wireless WLAN Card (Version: 4.170.25.12 - Dell Inc.)Device Remover (Version: 0.9 - Kerem Gümrükcü)DeviceDiscovery (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenDiskPie 2.1 (x32 Version: 2.1 - Ziff Davis Media, Inc.)Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)DVDFab 8.0.5.6 (05/12/2010) (x32 Version: - Fengtao Software Inc.)DYMO Label v.8 (x32 Version: 8.3.0.1242 - Sanford, L.P.)DYMO Stamps (x32 Version: 3.3 - Endicia Internet Postage)EASEUS Partition Master 3.5 Unlimited Edition (x32 Version: - EASEUS)Emsisoft Anti-Malware (x32 Version: 6.0 - Emsi Software GmbH)Eraser 6.0.8.2273 (Version: 6.0.2273 - The Eraser Project)ERUNT 1.1j (x32 Version: - Lars Hederer)Ever2One Converter (x32 Version: 1.0.1 - BusinessWare Technologies Inc)Evernote v. 5.0.3 (x32 Version: 5.0.3.1614 - Evernote Corp.)ExportOutlookNotestoOneNoteAddinSetup (x32 Version: 1.0.0 - Default Company Name)eXpress TimeStamp Toucher (HKCU Version: - )Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com)Family Tree Maker 2010 (x32 Version: 19.0.180 - Ancestry.com) HiddenFast Duplicate File Finder 1.1.0.0 (x32 Version: 1.1.0.0 - MindGems, Inc.)FastStone Image Viewer 4.6 (x32 Version: 4.6 - FastStone Soft)Fences 2 (x32 Version: 2.01 - Stardock Corporation)File Renamer (x32 Version: - )File Shredder 2.0 (x32 Version: - WipeSoft)FoxTab PDF Creator (HKCU Version: - ) <==== ATTENTIONGnuCash 2.4.8 (x32 Version: - GnuCash Development Team)GoodSync (Version: 8.3.5.5 - Siber Systems)Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)Google Earth (x32 Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenGPL Ghostscript 9.00 (x32 Version: - )GSview 4.9 (x32 Version: - )gSyncit (x32 Version: 2.2.44 - David Levinson)gSyncit (x32 Version: 2.3.52 - Fieldston Software)gSyncit (x32 Version: 3.8.68 - Fieldston Software)Guifications Plugin (remove only) (x32 Version: - )HijackThis 1.99.1 (x32 Version: 1.99.1 - Soeperman Enterprises Ltd.)HP Imaging Device Functions 14.0 (Version: 14.0 - HP)HP Officejet Pro 8000 A809 Series (Version: 14.0 - HP)HP Solution Center 14.0 (Version: 14.0 - HP)HPProductAssistant (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddeniCloud (Version: 3.1.0.40 - Apple Inc.)iClover 1.0.1 (x32 Version: 1.0.1 - Xiamen Tongbu Network Ltd.)iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731 - )Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1930 - Intel Corporation)iPhone Backup Extractor (HKCU Version: 4.6.6.0 - Reincubate Ltd)IrfanView (remove only) (x32 Version: 4.30 - Irfan Skiljan)iTunes (Version: 11.1.3.8 - Apple Inc.)Java 7 Update 17 (64-bit) (Version: 7.0.170 - Oracle)Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 39 (64-bit) (Version: 6.0.390 - Oracle)jlGui 3.1 (HKCU Version: - Music Player for the Java Platform)Karen's Directory Printer (x32 Version: 5.3.0.2 - Karen Kenworthy)Kernel Outlook PST Viewer ver 11.05.01 (x32 Version: - Lepide Software Pvt. Ltd.)LAME v3.99.3 (for Windows) (x32 Version: - )Laptop Integrated Webcam Driver (1.04.01.1011) (Version: - )LastPass (uninstall only) (x32 Version: - LastPass)LexisNexis CaseMap 8 (x32 Version: 8.50.399.02 - LexisNexis CaseSoft) HiddenLexisNexis NoteMap 2 (x32 Version: 2.10.12.1 - LexisNexis CaseSoft)LexisNexis TextMap 5 (x32 Version: 5.00.177.01 - LexisNexis CaseSoft)LexisNexis TimeMap 4 (x32 Version: 4.10.14.1 - LexisNexis CaseSoft) HiddenLexisNexis® CD on Folio® 4 (x32 Version: 2.0 - LNCD4x)Livescribe Connect (x32 Version: 1.2.1 - Livescribe Inc) HiddenLivescribe Connect (x32 Version: 1.2.1.58498 - Livescribe Inc)Livescribe Desktop (x32 Version: 2.8.3 - Livescribe Inc)LogonStudio (x32 Version: - )Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)Metrofax Outlook Fax AddIn (HKCU Version: 1.0.0.60 - Metrofax Outlook Fax AddIn)MetroFax Printer (x32 Version: 3.0.4842.24832 - MetroFax, Inc.)Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Filter Pack 1.0 (x32 Version: 12.0.4518.1104 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Gadgets for Windows SideShow (x32 Version: 1.0.7252.0 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Outlook Personal Folders Backup (x32 Version: 1.10.0.0 - Microsoft Corporation)Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP1 English (x32 Version: 3.5.5692.0 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40820 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) HiddenMicrosoft WSE 3.0 (x32 Version: 3.0.5305.0 - Microsoft Corporation)Mindjet MindManager 8 (x32 Version: 8.0.217 - Mindjet LLC)Missing Attachment PowerToy Setup (x32 Version: 1.00.0011 - Fortis Software LLC)MobileNoter (HKCU Version: 2.4.11.887 - BusinessWare Technologies Inc.)Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)MSGTAG Status (x32 Version: - MSGTAG)MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)myPhoneDesktop 2.0.3 (x32 Version: 2.0.3 - jProductivity, LLC)NEO Pro (x32 Version: 5.04.561 - Caelo Software BV)Network64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenNitro PDF Professional (Version: 6.2.1.10 - Nitro PDF Software)Nuance OmniPage 17 (x32 Version: 17.0.0000 - Nuance Communications, Inc.)Nuance PaperPort 12 (x32 Version: 12.0.0000 - Nuance Communications, Inc.)ObjectDock Plus (x32 Version: - )Octoshape add-in for Adobe Flash Player (HKCU Version: - )ODIR (x32 Version: - Vaita)ON Table of Content Setup (x32 Version: 1.0.0 - Microsoft)OneTouch 4.6 (x32 Version: 4.6.1112.8238 - Visioneer Inc.)OutlookToOneNoteAddInSetup (x32 Version: 1.0.0 - Default Company Name)Paint.NET v3.36 (Version: 3.36.0 - dotPDN LLC)PaperPort Image Printer 64-bit (Version: 1.00.0001 - Nuance Communications, Inc.)PDF-XChange 3 (Version: - Tracker Software)PhoneClean 2.2.0 (x32 Version: 2.2.0 - iMobie Inc.)Picasa 3 (x32 Version: 3.8 - Google, Inc.)Pidgin (x32 Version: 2.10.0 - )PressReader (x32 Version: 5.12.0927.0 - NewspaperDirect Inc.)ProductContext (x32 Version: 140.0.000.000 - Hewlett-Packard) HiddenProtector Suite 2012 (Version: 5.9.8.7278 - Authentec Inc.)Q-Dir (x32 Version: - )Quicken 2007 (x32 Version: 16.1.2.25 - Intuit)Quicken 2013 (x32 Version: 22.1.12.7 - Intuit)QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)Recuva (Version: 1.38 - Piriform)Rename Master (x32 Version: - )Revo Uninstaller 1.95 (x32 Version: 1.95 - VS Revo Group)RICOH R5C83x/84x Media Driver x64 Ver.5.03.03 (x32 Version: 5.03.03 - )Sage Timeslips 2011 (x32 Version: 19.0.0.0 - Sage)Samsung ML-2855 Series (x32 Version: - Samsung Electronics CO.,LTD)SeaTools for Windows (x32 Version: 1.2.0.7 - Seagate Technology)SendtoOneNote (x32 Version: 1.1.0 - LLC)SigmaTel Audio (x32 Version: 5.10.5210.0 - SigmaTel)Simpo PDF to Text 2.1.5.0 (x32 Version: - )Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)SlingPlayer (x32 Version: 2.0.4521 - Sling Media)SlingPlayer (x32 Version: 2.0.4521 - Sling Media) HiddenSmart Defrag 2 (x32 Version: 2.9 - IObit)SmartDraw 2010 (HKCU Version: - )Snagit 10.0.1 (x32 Version: 10.0.1 - TechSmith Corporation)Software Update Wizard (Redistributable) 4.5 (x32 Version: 4.5 - PowerProgrammer)SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenSplashID iPhone Desktop 5.4 (x32 Version: 5.4 - SplashData)SplashID Safe 7.0.9 (x32 Version: 7.0.9 - SplashData)Spybot - Search & Destroy (x32 Version: 1.6.2 - Safer Networking Limited)Status (x32 Version: 140.0.256.000 - Hewlett-Packard) HiddenswMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) HiddenSysTools Outlook PST Viewer 3.0 (x32 Version: - )TEC-IT TFORMer 6.0 (Version: 6.0.3.14226 - TEC-IT Datenverarbeitung GmbH)TeraCopy 1.22 (x32 Version: - Code Sector Inc.)The LaptopLock 0.94 (x32 Version: 0.94 - The LaptopLock)Timeslips by Sage 2008 (x32 Version: 16.0.0.0 - Sage Software SB, Inc.)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTouchChip USB Driver 2.6 (Version: 2.6.0.0097 - UPEK Inc.) HiddenTrayApp (x32 Version: 140.0.213.000 - Hewlett-Packard) HiddenTurboTax 2010 (x32 Version: - Intuit, Inc)TurboTax 2010 wcaiper (x32 Version: 010.000.1393 - Intuit Inc.) HiddenTurboTax 2010 WinPerFedFormset (x32 Version: 010.000.4227 - Intuit Inc.) HiddenTurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0483 - Intuit Inc.) HiddenTurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0214 - Intuit Inc.) HiddenTurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) HiddenTurboTax 2012 (x32 Version: 2012.0 - Intuit, Inc)TurboTax 2012 wcaiper (x32 Version: 012.000.1430 - Intuit Inc.) HiddenTurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) HiddenTurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) HiddenTurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) HiddenTurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) HiddenUpdate for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)Update Manager (x32 Version: 4.60 - Corel Corporation) HiddenVersaCheck 2002 Home And Business (x32 Version: 7.0.1.0 - G7 Productivity Systems, Inc.)VersaCheck 2002 Home And Business (x32 Version: 7.0.1.0 - G7 Productivity Systems, Inc.) HiddenWavePad Sound Editor (x32 Version: - NCH Software)WebReg (x32 Version: 140.0.213.017 - Hewlett-Packard) HiddenWebSlingPlayer ActiveX (x32 Version: 1.5.2125 - Sling Media)WePrint (x32 Version: - EuroSmartz Ltd)WIDCOMM Bluetooth Software 6.0.1.3100 (Version: 6.0.1.3100 - Dell)WinDirStat 1.1.2 (HKCU Version: - )Windows Media Encoder 9 Series (x32 Version: - )Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)WinRAR archiver (Version: - )WinX Bluray DVD iPad Ripper 4.5.5 (x32 Version: - Digiarty Software,Inc.)WinX iPhone Video Converter 4.0.12 (x32 Version: - Digiarty Software, Inc.)Wondershare Dr.Fone for iOS(Build 3.1.0.111) (x32 Version: 3.1.0.111 - Wondershare Software Co.,Ltd.)WordPerfect Office X3 - Home Edition Software Bundle (x32 Version: 13 - Corel)WordPerfect Office X3 - Home Edition, Task Manager (x32 Version: 13.0 - Corel Corporation)WordPerfect OfficeReady (x32 Version: - )WordPerfect® Office X3 - Home Edition (x32 Version: - Corel Corporation)WordPerfect® Office X3 - Home Edition (x32 Version: 13.3 - Corel Corporation) HiddenX1 (x32 Version: - )Xerox DocuMate 252 Driver (x32 Version: 4.6.10034 - Visioneer Inc.)XnView 1.95.4 (x32 Version: 1.95.4 - Gougelet Pierre-e)xplorer² professional (x32 Version: 1.71 - Zabkat)XPS2OneNote (x32 Version: 1.1.0 - CodePlex)Xvid 1.2.2 final uninstall (x32 Version: 1.2 - Xvid team (Koepi))Yahoo! Detect (x32 Version: - ) ==================== Restore Points ========================= 12-01-2014 04:50:14 Scheduled Checkpoint12-01-2014 14:12:36 Installed gSyncit ==================== Hosts content: ========================== 2013-09-14 00:07 - 2014-01-06 15:25 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {054FCAE8-24CE-400D-B8BB-04B383D90E84} - System32\Tasks\ASC4_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exeTask: {097D9110-CAB4-4C49-B270-F41AC48F4B2A} - System32\Tasks\{BDED33F9-4C67-4220-9D1B-E0CED8B3C464} => D:\eFilmLt.exeTask: {09F2942B-5EA1-45E3-9FAD-DA1C05316103} - \Microsoft\Windows\SideShow\GadgetManager No Task FileTask: {0BEAE0E8-4735-481B-9028-69F69FD06380} - System32\Tasks\{11A11680-42BB-4F99-B96A-A474F0B1CFD5} => C:\Program Files (x86)\Syncios\Syncios.exeTask: {0C9CCB36-1B13-4DA1-BC6D-C504B364F140} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)Task: {0D369C51-5B9B-47F1-9A0C-B67FA463A5F2} - System32\Tasks\SmartDefrag_Schedule => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)Task: {0E4E83E6-B2CF-48BA-8897-561178C414FF} - System32\Tasks\{88785863-B8BC-4F24-88E1-468A4C2AE477} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)Task: {13146D14-3F49-4C86-A4A6-F600135EBF04} - System32\Tasks\{BB04BBA5-B473-4433-9A6C-6136E340BC06} => D:\eFilmLt.exeTask: {177AE80E-4378-44EF-A507-421FE06EEDA8} - System32\Tasks\{CF6E43FB-6028-49DD-A5E1-F76920727AF5} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {2088594B-5181-4282-9D84-C5B18B698DB5} - System32\Tasks\{7DAF5FB7-EE7C-499C-B01F-2EF2DBDCAA92} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {25F83B4F-E61D-4DA1-8EC3-530799931A82} - System32\Tasks\{71F5E962-0C39-4961-B208-808A43B14EF0} => D:\eFilmLt.exeTask: {28B96460-70C9-4473-9195-B683C20DBD80} - System32\Tasks\{22196905-5959-410E-929B-ECDED408BE16} => D:\eFilmLt.exeTask: {2CC8CB93-A771-44A8-B294-4A96DC96BE7C} - System32\Tasks\{94497B6F-CD91-4098-839D-50D514C86094} => D:\Launch.exeTask: {37C6AD7F-D422-4D47-A88D-5BE44E307026} - System32\Tasks\{5E445465-C75E-4DA0-9439-2A979F7FC568} => D:\eFilmLt.exeTask: {491C9B38-510C-462F-8784-72E7D34BB27F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)Task: {4960F2A8-B289-42D5-A43B-CD430B33B09D} - System32\Tasks\{1128B882-DD62-49F8-83EA-22A67F852FC6} => D:\eFilmLt.exeTask: {4D4FA996-DCDE-4E79-B336-15CE980DDBC0} - System32\Tasks\{31010270-E2CE-45BD-B3C4-A9CE5E302663} => M:\Download\DataRecovery_EN\DataRecovery_EN\DataRecovery.exeTask: {53C13203-3E3D-47D3-912B-6E0BFDAF80E7} - System32\Tasks\{4F2D8FA2-A7E4-4033-84D3-40ADCDC05D1C} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {66C999A8-4BD6-4CAB-B78C-85578BC3A540} - System32\Tasks\{FFD0E658-01A0-4A5E-B62A-FD716D9216DF} => D:\eFilmLt.exeTask: {6F0A6663-33AE-4BFC-9868-F1F394711360} - System32\Tasks\{6F23EFFA-7179-4F8F-BBA3-A6958A9DF0C1} => D:\eFilmLt.exeTask: {6F59614A-868E-4F37-8A64-1F9D5E9EB6CD} - System32\Tasks\{40FA3E3B-C2AF-48FD-9EE3-1BB67768D278} => D:\eFilmLt.exeTask: {71313239-14B1-4A48-B419-A892941FBD72} - System32\Tasks\{10171195-AA36-43A0-BD4F-0340806B2FF8} => D:\eFilmLt.exeTask: {756DE6FB-37AF-4C50-897A-FE368275DA29} - System32\Tasks\{B943A872-D98B-4511-8FA2-8F6C93822198} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {777589E7-1ABE-40D8-B68F-E09470326AB2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files (x86)\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)Task: {7C71DD1C-5E87-4732-BC79-0F17B7C67699} - System32\Tasks\SmartDefragUpdate => C:\Program Files (x86)\IObit\Smart Defrag 2\AutoUpdate.exe [2013-05-22] (IObit)Task: {7F268CFD-CA33-41D3-AB51-D9869EB91D92} - System32\Tasks\{F4C885A1-C575-4E6A-A0F4-F9E84A0A136F} => D:\eFilmLt.exeTask: {8828443B-A96C-4A2C-8842-BEAC2A77AC3B} - \Microsoft\Windows\SideShow\AutoWake No Task FileTask: {88304FA3-41A1-4FE3-99EB-0BE16FA3F1D9} - System32\Tasks\{2B28E087-076B-458B-BB0C-9D02AA35BC09} => D:\eFilmLt.exeTask: {8DE711C9-0E76-44D6-B45F-302AEDA1C395} - System32\Tasks\{4545EC5E-9D53-4216-B21F-4954CCE4B9EE} => D:\eFilmLt.exeTask: {8E7FDD4D-73AE-4D4F-8B24-94579107CB8E} - System32\Tasks\{37859531-2EB1-4308-8187-38C725D1F0F7} => C:\Program Files (x86)\Syncios\Syncios.exeTask: {9C2F7985-32C1-4140-B76F-DB84BAEE4621} - System32\Tasks\{2EBBB472-A065-4C63-894F-210573353B4E} => D:\eFilmLt.exeTask: {9F23CF96-37F6-4B1E-8C02-704FB15A4469} - System32\Tasks\{2A6D6C14-82F7-42E4-9F18-9432A1D30806} => D:\eFilmLt.exeTask: {A4041380-5ABF-4282-BE27-B27EF8B19172} - System32\Tasks\{E18246B8-5EBD-443D-8771-8A82F19FAA8E} => D:\eFilmLt.exeTask: {A590D411-F606-498E-89EF-CA9683DDA64E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {A5F4BB1E-0120-4798-9C97-5245F116DD59} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)Task: {A72F92B5-6349-403B-BDAC-02C2920EE822} - System32\Tasks\{750CC6F5-5D24-4623-8BCC-5AA1274366B6} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {A7959233-5685-48B4-A684-FA2643F46B5A} - System32\Tasks\{05702656-D592-41ED-BD12-F5EFC2A7EDF8} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent No Task FileTask: {B041C486-CCF5-4076-9F1C-1ACD91D8BD8D} - \Microsoft\Windows\SideShow\SystemDataProviders No Task FileTask: {B48B1A56-D226-44BE-AE0C-4F2DA824F0C5} - System32\Tasks\{CC9BE3AB-9D9B-4B58-86CE-47A6DCF73E70} => D:\eFilmLt.exeTask: {B62D09A6-32F5-4482-A21E-AAAF9DA578B9} - System32\Tasks\{9E739A08-0F70-4861-A534-B6A09C831745} => M:\LexisNexis\FLCIVT\disc1\Setup.exe [2006-05-24] (Macrovision Corporation)Task: {B7D98932-4D44-452A-897A-1BF555E39258} - System32\Tasks\SDMsgUpdate (TE) => C:\Program Files (x86)\SmartDraw 2010\Messages\SDNotify.exe [2009-07-08] ()Task: {BE7F59AC-1F1B-481F-8261-916405502242} - System32\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28] (Google Inc.)Task: {CBC92B0C-347F-44C8-A89C-9C998F758B28} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2012-10-26] (Siber Systems)Task: {D40A6EE2-F93A-4533-8648-74146567C63A} - System32\Tasks\SmartDefrag_Startup => C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-13] (IObit)Task: {D5F38702-99A2-4E49-9B39-22CBB424E937} - \Microsoft\Windows\SideShow\SessionAgent No Task FileTask: {D96EF37E-9754-4834-96C6-1B4E9AF65673} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)Task: {DABD6CFB-227F-453E-A206-F52AC1253201} - System32\Tasks\{DB9622E1-BAE2-4370-B1DA-A51B4BB569C4} => M:\LexisNexis\FLCIVT\disc1\Setup.exe [2006-05-24] (Macrovision Corporation)Task: {E0EDFAED-3563-44EF-8FEC-AD2FE937D1E5} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMLMPMLLIMOMNLJMNMCNLLKMPMOLCNJMLLLLMLCNOLMMKMNLCNKMIMIMOMJLOLKMOLMLKMPMJMJNJICMJMCNGMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMEKMICNJJCKFMLMJMMMJNHICMEKMICNJJCKJNBJCMBLKJOJDJJNKJCMJNNICM"Task: {E56B6142-6484-48AD-A0CE-0D19ABD2977A} - System32\Tasks\{8AB40158-FE9D-416F-96F8-6AFC978821D1} => D:\eFilmLt.exeTask: {E7BFFE1A-47C4-4992-A865-CB48A147CBB1} - System32\Tasks\{49AF100A-95BF-485F-B845-AECECE04D644} => M:\Documents\WPDOC\Rabiner\scan\eFilmLt.exeTask: {E90863AC-A813-4034-83D2-F1DEE6EDCEBE} - System32\Tasks\{044CAB91-85F8-4F41-9636-E56729AF4B62} => D:\eFilmLt.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SDMsgUpdate (TE).job => C:\PROGRA~2\SMARTD~1\Messages\SDNotify.exe ==================== Loaded Modules (whitelisted) ============= 2010-09-21 20:50 - 2007-04-23 15:53 - 00020752 _____ () C:\Program Files (x86)\Stardock\ObjectDock\Dock64.dll2010-09-21 20:30 - 2009-08-16 16:06 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll2013-09-24 09:13 - 2013-09-24 04:24 - 02103296 _____ () C:\Program Files\AVAST Software\Avast\defs\13092400\algo.dll2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2011-10-27 17:56 - 2011-10-27 17:56 - 00276992 _____ () C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommSdk.dll2012-06-28 15:58 - 2012-06-28 15:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll2011-04-18 18:26 - 2013-09-11 19:06 - 00048960 _____ () C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll2010-09-21 20:50 - 2007-04-24 14:22 - 00112400 _____ () C:\Program Files (x86)\Stardock\ObjectDock\DockShellHook.dll2010-09-22 22:35 - 2002-08-13 05:09 - 00684032 _____ () C:\Program Files (x86)\MSGTAG Status\libeay32.dll2010-09-22 22:35 - 2002-08-13 05:10 - 00155648 _____ () C:\Program Files (x86)\MSGTAG Status\ssleay32.dll2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\Neal\AppData\Roaming\Dropbox\bin\libcef.dll2012-07-23 08:47 - 2013-08-27 20:50 - 00118784 _____ () C:\Program Files (x86)\myPhoneDesktop\bin\moyocore.dll2012-07-23 08:47 - 2013-09-08 17:14 - 00132608 _____ () C:\Program Files (x86)\myPhoneDesktop\.install4j\i4jinst.dll2010-09-21 20:50 - 2007-04-19 13:23 - 00095944 _____ () C:\Program Files (x86)\Stardock\ObjectDock\CrashRpt.dll2010-09-21 20:50 - 2007-04-21 12:47 - 00059592 _____ () C:\Program Files (x86)\Stardock\ObjectDock\zlib.dll2010-09-21 20:50 - 2002-11-19 13:11 - 00139264 _____ () C:\Program Files (x86)\Common Files\Stardock\ODImg.dll2008-11-14 02:34 - 2008-11-14 02:34 - 00115968 _____ () C:\Program Files (x86)\Mindjet\MindManager 8\zlib.dll2014-01-04 11:26 - 2013-04-23 09:59 - 00376832 _____ () C:\Program Files (x86)\1Password\js3215R.dll2012-11-13 09:54 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll2013-07-11 10:04 - 2013-07-11 10:04 - 00507432 _____ () C:\Credenza\Outlook Client\adxloader.dll2013-07-16 07:55 - 2013-07-16 07:55 - 00317952 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\bb3e07f2\00f87e1e_3f7ece01\OneLogic.Core.DLL2013-07-16 07:55 - 2013-07-16 07:55 - 00627200 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\9ac49f1b\00ac4323_3f7ece01\OneLogic.LegalObjects.DLL2013-07-16 07:55 - 2013-07-16 07:55 - 00243200 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\8b248bf3\0025b01f_3f7ece01\OneLogic.OutlookProxy.DLL2013-07-16 08:10 - 2013-07-16 08:10 - 00137728 _____ () C:\Users\Neal\AppData\Local\assembly\dl3\3HEE2ORP.BWM\2VBZ1659.G3Q\319b81fb\00ac4323_3f7ece01\OneLogic.NavPane.DLL2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL2011-08-20 12:05 - 2011-08-20 12:05 - 00582656 _____ () C:\Program Files (x86)\Pidgin\exchndl.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00904525 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libcairo-2.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00279059 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libfontconfig-1.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00143096 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libexpat-1.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00535264 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\freetype6.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00219305 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpng14-14.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00055808 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\zlib1.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00482872 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libgio-2.0-0.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00095189 _____ () C:\Program Files (x86)\Pidgin\Gtk\bin\libpangocairo-1.0-0.dll2011-08-20 12:05 - 2011-08-20 12:05 - 01213633 _____ () C:\Program Files (x86)\Pidgin\libxml2-2.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00475580 _____ () C:\Program Files (x86)\Pidgin\spellcheck\libgtkspell-0.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00013426 _____ () C:\Program Files (x86)\Pidgin\plugins\autoaccept.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00006751 _____ () C:\Program Files (x86)\Pidgin\plugins\buddynote.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00017910 _____ () C:\Program Files (x86)\Pidgin\plugins\convcolors.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00009712 _____ () C:\Program Files (x86)\Pidgin\plugins\extplacement.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00007645 _____ () C:\Program Files (x86)\Pidgin\plugins\gtkbuddynote.dll2007-12-16 21:15 - 2007-12-16 21:15 - 00651785 _____ () C:\Program Files (x86)\Pidgin\plugins\guifications.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00012380 _____ () C:\Program Files (x86)\Pidgin\plugins\history.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00006875 _____ () C:\Program Files (x86)\Pidgin\plugins\iconaway.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00011517 _____ () C:\Program Files (x86)\Pidgin\plugins\idle.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00011029 _____ () C:\Program Files (x86)\Pidgin\plugins\joinpart.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00009084 _____ () C:\Program Files (x86)\Pidgin\plugins\libaim.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00251285 _____ () C:\Program Files (x86)\Pidgin\liboscar.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00070345 _____ () C:\Program Files (x86)\Pidgin\plugins\libbonjour.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00180516 _____ () C:\Program Files (x86)\Pidgin\plugins\libgg.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00010015 _____ () C:\Program Files (x86)\Pidgin\plugins\libicq.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00075085 _____ () C:\Program Files (x86)\Pidgin\plugins\libirc.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00288309 _____ () C:\Program Files (x86)\Pidgin\plugins\libmsn.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00119368 _____ () C:\Program Files (x86)\Pidgin\plugins\libmxit.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00086376 _____ () C:\Program Files (x86)\Pidgin\plugins\libmyspace.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00087918 _____ () C:\Program Files (x86)\Pidgin\plugins\libnovell.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00093250 _____ () C:\Program Files (x86)\Pidgin\plugins\libsametime.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00173805 _____ () C:\Program Files (x86)\Pidgin\libmeanwhile-1.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00147158 _____ () C:\Program Files (x86)\Pidgin\plugins\libsilc.dll2011-08-20 12:05 - 2011-08-20 12:05 - 02719062 _____ () C:\Program Files (x86)\Pidgin\libsilc-1-1-2.dll2011-08-20 12:05 - 2011-08-20 12:05 - 01206642 _____ () C:\Program Files (x86)\Pidgin\libsilcclient-1-1-2.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00043176 _____ () C:\Program Files (x86)\Pidgin\plugins\libsimple.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00016371 _____ () C:\Program Files (x86)\Pidgin\plugins\libxmpp.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00325180 _____ () C:\Program Files (x86)\Pidgin\libjabber.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00016330 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoo.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00190214 _____ () C:\Program Files (x86)\Pidgin\libymsg.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00013291 _____ () C:\Program Files (x86)\Pidgin\plugins\libyahoojp.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00038873 _____ () C:\Program Files (x86)\Pidgin\plugins\log_reader.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00014269 _____ () C:\Program Files (x86)\Pidgin\plugins\markerline.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00006954 _____ () C:\Program Files (x86)\Pidgin\plugins\newline.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00021699 _____ () C:\Program Files (x86)\Pidgin\plugins\notify.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00010521 _____ () C:\Program Files (x86)\Pidgin\plugins\offlinemsg.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00022242 _____ () C:\Program Files (x86)\Pidgin\plugins\pidginrc.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00008878 _____ () C:\Program Files (x86)\Pidgin\plugins\psychic.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00008927 _____ () C:\Program Files (x86)\Pidgin\plugins\relnot.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00009055 _____ () C:\Program Files (x86)\Pidgin\plugins\sendbutton.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00061569 _____ () C:\Program Files (x86)\Pidgin\plugins\spellchk.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00018706 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl-nss.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00006526 _____ () C:\Program Files (x86)\Pidgin\plugins\ssl.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00009476 _____ () C:\Program Files (x86)\Pidgin\plugins\statenotify.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00023339 _____ () C:\Program Files (x86)\Pidgin\plugins\themeedit.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00022446 _____ () C:\Program Files (x86)\Pidgin\plugins\ticker.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00012953 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00016291 _____ () C:\Program Files (x86)\Pidgin\plugins\timestamp_format.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00021753 _____ () C:\Program Files (x86)\Pidgin\plugins\win2ktrans.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00021709 _____ () C:\Program Files (x86)\Pidgin\plugins\winprefs.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00029185 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppconsole.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00033896 _____ () C:\Program Files (x86)\Pidgin\plugins\xmppdisco.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00417501 _____ () C:\Program Files (x86)\Pidgin\sqlite3.dll2010-09-21 20:11 - 2010-09-21 20:11 - 00090496 _____ () C:\Program Files (x86)\Pidgin\Gtk\lib\gtk-2.0\2.10.0\engines\libwimp.dll2011-08-20 12:05 - 2011-08-20 12:05 - 00866159 _____ () C:\Program Files (x86)\Pidgin\spellcheck\lib\enchant\libenchant_ispell.dll2011-08-20 12:05 - 2011-08-20 12:05 - 01332245 _____ () C:\Program Files (x86)\Pidgin\spellcheck\lib\enchant\libenchant_myspell.dll2013-11-19 15:19 - 2009-08-04 13:33 - 00389120 _____ () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeXMP.dll2013-11-19 15:19 - 2007-03-22 12:38 - 02748416 ____R () C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\LIBMYSQLD.dll2013-12-05 13:37 - 2013-12-03 21:47 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll2013-12-05 13:37 - 2013-12-03 21:47 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll2013-12-05 13:37 - 2013-12-03 21:48 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll2013-12-05 13:37 - 2013-12-03 21:48 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll2013-12-05 13:37 - 2013-12-03 21:47 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Windows:AlternateDataStreams: C:\Windows:nlsPreferencesAlternateDataStreams: C:\ProgramData\TEMP:01C66DD9AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SolutoService => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Faulty Device Manager Devices ============= Name: Acronis Backup Archive ExplorerDescription: Acronis Backup Archive ExplorerClass Guid: {1860459d-4692-4825-b761-44a725991050}Manufacturer: Acronis, Inc.Service: timounterProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: StorLib bus (virtual storages support)Description: StorLib bus (virtual storages support)Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}Manufacturer: EldoS CorporationService: cbfs3Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: WAN Miniport (IKEv2)Description: WAN Miniport (IKEv2)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasAgileVpnProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (L2TP)Description: WAN Miniport (L2TP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: Rasl2tpProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Broadcom NetLink Fast EthernetDescription: Broadcom NetLink Fast EthernetClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: BroadcomService: b57nd60aProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (Network Monitor)Description: WAN Miniport (Network Monitor)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (IP)Description: WAN Miniport (IP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (IPv6)Description: WAN Miniport (IPv6)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (PPPOE)Description: WAN Miniport (PPPOE)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasPppoeProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Bluetooth Device (Personal Area Network)Description: Bluetooth Device (Personal Area Network)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: BthPanProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (PPTP)Description: WAN Miniport (PPTP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: PptpMiniportProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: WAN Miniport (SSTP)Description: WAN Miniport (SSTP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasSstpProblem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)Resolution: Update the driver Name: Officejet Pro 8600Description: Officejet Pro 8600Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Officejet Pro 8000 A809Description: Officejet Pro 8000 A809Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (01/12/2014 01:23:48 AM) (Source: MsiInstaller) (User: NT AUTHORITY)Description: Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file '_lmx.afm_idu_FPW_petsysae_lacol_tib23_rgnerepw_' cannot be installed because the file cannot be found in cabinet file 'TurboTax.cab'. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. Error: (01/12/2014 01:16:58 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:56 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:54 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:52 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:50 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:48 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:45 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:43 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 Error: (01/12/2014 01:16:41 AM) (Source: Application Error) (User: )Description: Faulting application name: bcmwltry.exe, version: 4.170.25.12, time stamp: 0x46f3438bFaulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1677Exception code: 0xe0434f4dFault offset: 0x000000000000940dFaulting process id: 0x%9Faulting application start time: 0xbcmwltry.exe0Faulting application path: bcmwltry.exe1Faulting module path: bcmwltry.exe2Report Id: bcmwltry.exe3 System errors:=============Error: (01/12/2014 11:04:31 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 10:45:22 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 10:26:14 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 10:07:06 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 09:47:58 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 09:28:50 AM) (Source: Service Control Manager) (User: )Description: The WinHTTP Web Proxy Auto-Discovery Service service terminated with the following error: %%126 Error: (01/12/2014 09:24:59 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%126 Error: (01/12/2014 09:24:59 AM) (Source: Service Control Manager) (User: )Description: The Network Location Awareness service terminated with the following error: %%126 Error: (01/12/2014 09:19:29 AM) (Source: Service Control Manager) (User: )Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%126 Error: (01/12/2014 09:19:29 AM) (Source: Service Control Manager) (User: )Description: The Network Location Awareness service terminated with the following error: %%126 Microsoft Office Sessions:=========================Error: (01/09/2014 06:33:29 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 117038 seconds with 8400 seconds of active time. This session ended with a crash. Error: (12/30/2013 04:36:39 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 251 seconds with 60 seconds of active time. This session ended with a crash. Error: (12/30/2013 04:00:59 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1570 seconds with 480 seconds of active time. This session ended with a crash. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 15, 2014 Staff ID:778083 Share Posted January 15, 2014 Hello kinetix12 These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool- Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running. Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 15, 2014 Author ID:778167 Share Posted January 15, 2014 Gringo -- The requested logs follow; I ran the Adw twice and picked up one small change in registry keys -- both Adw logs follow as does the JRT, which I think was clean. The computer continues to function but I also continue to receive the webio.dll file error when the program "fences" is loaded at startup, and the network connection icon on the system tray continues to show limited connection even though i think the connection is fine. # AdwCleaner v3.017 - Report created 15/01/2014 at 08:34:29# Updated 12/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Neal - NEAL-PC# Running from : C:\Users\Neal\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\Neal\AppData\Local\genienextFolder Deleted : C:\Users\Neal\AppData\Local\MobogenieFolder Deleted : C:\Users\Neal\AppData\Roaming\newnext.meFolder Deleted : C:\Users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MobogenieFolder Deleted : C:\Users\Neal\Documents\Mobogenie ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAddValue Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]Key Deleted : HKCU\Software\FLEXnet ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]AdwCleaner[R2].txt - [2938 octets] - [15/01/2014 08:25:48]AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]AdwCleaner[s1].txt - [2375 octets] - [06/01/2014 19:33:58]AdwCleaner[s2].txt - [2846 octets] - [15/01/2014 08:34:29] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [2906 octets] ########## # AdwCleaner v3.017 - Report created 15/01/2014 at 08:46:20# Updated 12/01/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : Neal - NEAL-PC# Running from : C:\Users\Neal\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKCU\Software\FLEXnet ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16750 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\0je3jwqg.default-1371889144857\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\2qtchqs3.default-1366669729405\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\4wqrw52y.default-1385231896612\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\64i1r508.default\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\81d8xy9s.default-1385230796205\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\9ktpag8o.default-1385230233494\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\iqr421b0.default-1382411606767\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\o6nz8fkc.default-1388690560583\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\ogd1e125.default-1370628391596\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\xf8j55kj.default-1366667457325\prefs.js ] [ File : C:\Users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\_gsdata_\prefs.js ] -\\ Google Chrome v31.0.1650.63 [ File : C:\Users\Neal\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [26373 octets] - [06/01/2014 10:49:52]AdwCleaner[R1].txt - [2349 octets] - [06/01/2014 19:31:42]AdwCleaner[R2].txt - [2938 octets] - [15/01/2014 08:25:48]AdwCleaner[R3].txt - [2513 octets] - [15/01/2014 08:43:48]AdwCleaner[s0].txt - [26598 octets] - [06/01/2014 10:55:05]AdwCleaner[s1].txt - [2375 octets] - [06/01/2014 19:33:58]AdwCleaner[s2].txt - [2986 octets] - [15/01/2014 08:34:29]AdwCleaner[s3].txt - [2395 octets] - [15/01/2014 08:46:20] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [2455 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Professional x64Ran by Neal on Wed 01/15/2014 at 8:56:22.19~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Wed 01/15/2014 at 9:16:58.02End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 16, 2014 Staff ID:778900 Share Posted January 16, 2014 Hello kinetix12 I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 17, 2014 Author ID:778956 Share Posted January 17, 2014 Gringo -- The log is noted below. The computer is somewhat unstable and has crashed several times. I think I have stabilized it for the moment. Two MS Outlook add-ins have had to be re-installed. The network icon issue remains and I still periodically get the webio.dll file issue error message. I am wondering if a re-install of windows and other programs is going to be necessary. At least my data is on another partition. Thanks ComboFix 14-01-16.03 - Neal 01/16/2014 18:45:39.4.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.1366 [GMT -5:00]Running from: C:\Users\Neal\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\SplashID.icoC:\ProgramData\sqlite3.dllC:\Users\Neal\AppData\Local\assembly\tmpC:\Users\Neal\AppData\Local\assembly\tmp\LFT8BXL4\__AssemblyInfo__.iniC:\Users\Neal\AppData\Local\assembly\tmp\LFT8BXL4\OneLogic.LegalForms.DLLC:\Users\Neal\AppData\Local\Temp\IntResource.dll ((((((((((((((((((((((((( Files Created from 2013-12-17 to 2014-01-17 ))))))))))))))))))))))))))))))) Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 17, 2014 Staff ID:778962 Share Posted January 17, 2014 Hello kinetix12 That is only part of the report, can you check to see if there is any more to it gringo Link to post Share on other sites More sharing options...
kinetix12 Posted January 17, 2014 Author ID:779012 Share Posted January 17, 2014 The log was incomplete so I re-ran the program. It took a couple of tries and cleaning out a prior installation. The new complete log follows. I note that the system crashed and Chrome browser is having som issues. I need to reinstall it. ComboFix 14-01-16.03 - Neal 01/16/2014 22:09:54.6.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4086.1953 [GMT -5:00]Running from: c:\users\Neal\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).c:\users\Neal\AppData\Local\assembly\tmp.((((((((((((((((((((((((( Files Created from 2013-12-17 to 2014-01-17 ))))))))))))))))))))))))))))))).2014-01-17 03:23 . 2014-01-17 03:23 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-01-17 03:23 . 2014-01-17 03:23 -------- d-----w- c:\users\Default\AppData\Local\temp2014-01-17 01:01 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C341D4D8-4E81-40E8-ADFD-4C7BFC31BFFA}\mpengine.dll2014-01-16 18:45 . 2014-01-16 18:49 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll2014-01-15 20:08 . 2014-01-15 20:08 -------- d-----w- C:\Credenza2014-01-15 17:00 . 2014-01-15 17:00 -------- d-----w- c:\users\Neal\AppData\Roaming\AVAST Software2014-01-15 16:56 . 2014-01-15 16:56 -------- d-s---w- c:\windows\SysWow64\Microsoft2014-01-15 16:55 . 2014-01-15 17:26 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys2014-01-13 01:32 . 2014-01-13 01:32 -------- d-----w- c:\windows\SysWow64\URTTEMP2014-01-12 16:01 . 2014-01-12 16:01 -------- d-----w- C:\FRST2014-01-12 05:38 . 2014-01-12 05:38 -------- d-----w- C:\found.0042014-01-11 19:33 . 2014-01-11 19:33 -------- d-----w- c:\users\Neal\.android2014-01-11 19:33 . 2014-01-11 20:17 -------- d-----w- c:\users\Neal\AppData\Local\cache2014-01-11 00:48 . 2014-01-11 01:29 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-01-11 00:48 . 2014-01-11 00:48 117464 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-01-11 00:47 . 2014-01-11 01:32 89304 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-01-07 00:40 . 2014-01-07 00:40 -------- d-----w- c:\windows\ERUNT2014-01-06 21:06 . 2014-01-06 21:06 -------- d-----w- C:\found.0022014-01-06 15:49 . 2014-01-15 13:46 -------- d-----w- C:\AdwCleaner2014-01-06 01:01 . 2011-11-17 05:35 314880 ----a-w- C:\webio.dll2014-01-04 16:26 . 2014-01-04 16:26 -------- d-----w- c:\users\Neal\AppData\Roaming\Agile Web Solutions2014-01-04 16:26 . 2013-08-15 20:50 1769984 ----a-w- c:\windows\SysWow64\ChilkatCert.dll2014-01-04 16:26 . 2013-08-15 20:49 2403328 ----a-w- c:\windows\SysWow64\ChilkatSocket.dll2014-01-04 16:26 . 2013-01-10 15:23 1580784 ----a-w- c:\windows\SysWow64\ChilkatCrypt2.dll2014-01-04 16:26 . 2012-08-06 22:39 2416640 ----a-w- c:\windows\SysWow64\ChilkatZip2.dll2014-01-04 16:26 . 2014-01-05 01:24 -------- d-----w- c:\program files (x86)\1Password2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files\Common Files\SPBA2014-01-04 07:09 . 2014-01-04 07:09 -------- d-----w- c:\program files (x86)\Common Files\SPBA2014-01-04 07:09 . 2014-01-05 02:33 -------- d-----w- c:\program files\Protector Suite2014-01-04 01:49 . 2014-01-04 01:49 -------- d-----w- c:\program files (x86)\Dashlane2014-01-04 01:47 . 2014-01-04 01:47 -------- d-----w- c:\users\Neal\AppData\Local\Packages2014-01-03 21:42 . 2014-01-03 21:42 -------- d-----w- c:\users\Neal\AppData\Roaming\Tools2014-01-03 13:26 . 2014-01-03 13:26 -------- d-----w- c:\program files\HijackThis2014-01-03 11:52 . 2014-01-03 11:52 -------- d-----w- c:\programdata\HitmanPro2014-01-03 01:10 . 2014-01-05 22:50 -------- d-----w- c:\program files (x86)\Advanced Fix 20132014-01-02 01:40 . 2014-01-02 01:40 -------- d-----w- c:\users\Neal\AppData\Roaming\Ascendo2014-01-02 01:33 . 2014-01-02 01:33 -------- d-----w- c:\program files (x86)\DataVault2014-01-02 00:38 . 2014-01-02 01:31 -------- d-----w- c:\users\Neal\AppData\Local\PasswordSafe2013-12-29 08:41 . 2013-05-22 23:49 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe2013-12-29 08:40 . 2013-05-22 23:49 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys2013-12-27 17:48 . 2013-12-27 17:48 -------- d-----w- C:\MATS...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-17 03:17 . 2012-10-24 15:41 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat2014-01-16 19:03 . 2013-08-15 22:07 217088 ----a-w- c:\programdata\SDPlatformMgr.dll2014-01-16 19:03 . 2013-08-15 22:07 9035416 ----a-w- c:\programdata\SplashID%20Safe.exe2014-01-15 16:55 . 2013-03-08 07:24 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2014-01-15 16:55 . 2013-03-08 07:24 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys2014-01-15 16:55 . 2012-10-26 11:17 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys2014-01-15 16:55 . 2012-10-26 11:17 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-01-15 16:55 . 2012-10-26 11:17 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-01-15 16:55 . 2012-10-26 11:17 334136 ----a-w- c:\windows\system32\aswBoot.exe2014-01-15 16:55 . 2012-10-26 11:17 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2014-01-15 16:55 . 2012-10-26 11:16 43152 ----a-w- c:\windows\avastSS.scr2013-12-10 22:35 . 2013-07-18 03:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 22:35 . 2013-07-18 03:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-01 19:42 . 2010-09-23 19:20 90708896 ----a-w- c:\windows\system32\MRT.exe2013-11-23 18:26 . 2013-12-12 04:37 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-12 04:37 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-19 08:33 . 2010-09-22 00:27 267936 ------w- c:\windows\system32\MpSigStub.exe2013-11-13 18:05 . 2010-09-22 02:45 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe2013-11-12 02:23 . 2013-12-12 04:37 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-12 02:07 . 2013-12-12 04:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-11-11 12:52 . 2013-11-11 12:52 12767232 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe2013-10-30 02:32 . 2013-12-12 04:37 335360 ----a-w- c:\windows\system32\msieftp.dll2013-10-30 02:19 . 2013-12-12 04:37 301568 ----a-w- c:\windows\SysWow64\msieftp.dll2013-10-30 01:24 . 2013-12-12 04:37 3155968 ----a-w- c:\windows\system32\win32k.sys2013-10-25 06:19 . 2013-12-12 08:05 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-10-25 06:19 . 2013-12-12 08:05 2241536 ----a-w- c:\windows\system32\wininet.dll2013-10-25 06:19 . 2013-12-12 08:05 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-10-25 06:18 . 2013-12-12 08:05 19271168 ----a-w- c:\windows\system32\mshtml.dll2013-10-25 06:18 . 2013-12-12 08:05 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-10-25 06:17 . 2013-12-12 08:05 855552 ----a-w- c:\windows\system32\jscript.dll2013-10-25 06:17 . 2013-12-12 08:05 3959808 ----a-w- c:\windows\system32\jscript9.dll2013-10-25 06:17 . 2013-12-12 08:05 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-10-25 06:17 . 2013-12-12 08:05 526336 ----a-w- c:\windows\system32\ieui.dll2013-10-25 06:17 . 2013-12-12 08:05 67072 ----a-w- c:\windows\system32\iesetup.dll2013-10-25 06:17 . 2013-12-12 08:05 39936 ----a-w- c:\windows\system32\iernonce.dll2013-10-25 06:17 . 2013-12-12 08:05 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-10-25 06:17 . 2013-12-12 08:05 2648576 ----a-w- c:\windows\system32\iertutil.dll2013-10-25 06:17 . 2013-12-12 08:05 15404032 ----a-w- c:\windows\system32\ieframe.dll2013-10-25 04:45 . 2013-12-12 08:05 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-10-25 04:43 . 2013-12-12 08:05 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll2013-10-25 04:43 . 2013-12-12 08:05 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-10-25 04:43 . 2013-12-12 08:05 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-10-25 04:07 . 2013-12-12 08:05 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-10-25 03:41 . 2013-12-12 08:05 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-10-25 03:17 . 2013-12-12 08:05 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-10-25 02:49 . 2013-12-12 08:05 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-01-17 00:23 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-01-17 00:23 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-01-17 00:23 222832 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TSTimer"="c:\program files (x86)\Timeslips\TSTimer.exe" [2010-09-07 2515240]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]"MSGTAG"="c:\program files (x86)\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]"ISUSPM Startup"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]"gSyncit"="c:\program files (x86)\Fieldston Software\gSyncit\gsyncit.exe" [2014-01-02 167424]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5955088]"TheLaptopLock"="c:\program files (x86)\The LaptopLock\LaptopLock.exe" [2007-02-01 397312]"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [bU]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"PPort12reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" [2008-11-03 328992]"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2009-08-27 29984]"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]"Nuance OmniPage 17-reminder"="c:\program files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe" [bU]"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 8\MMReminderService.exe" [2008-11-14 37656]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2009-08-27 46368]"DLSService"="c:\program files (x86)\DYMO\DYMO Label Software\DLSService.exe" [bU]"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Agile1pAgent"="c:\program files (x86)\1Password\Agile1pAgent.exe" [2013-12-18 2247952]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1171336]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-15 3764024].c:\users\Neal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Neal\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2013-11-26 4031152]myPhoneDesktop.lnk - c:\program files (x86)\myPhoneDesktop\bin\myPhoneDesktop.exe [2012-7-23 224256]Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDock\ObjectDock.exe [2010-9-21 3581680]WePrint Server.lnk - c:\program files (x86)\WePrint\WePrint Server.exe [2012-11-11 3527816].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Evernote Clipper.lnk - c:\windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico [2010-12-14 293950]Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2013-11-11 12767232]XPS2OneNote.lnk - c:\windows\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe [2013-4-22 10134].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 0 (0x0)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)"PromptOnSecureDesktop"= 0 (0x0)"DisableCAD"= 1 (0x1)"EnableLinkedConnections"= 1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer5"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]@="Driver".R2 BRA_Scheduler;Brother BRAdminPro Scheduler;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe;c:\program files (x86)\Brother\BRAdmin Professional 3\bratimer.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 TSScheduleBackup;TimeslipsBackup;c:\windows\SysWOW64\TSSchBkpService.exe;c:\windows\SysWOW64\TSSchBkpService.exe [x]R2 WBA_Agent_Client;Brother BRAgent;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe;c:\program files (x86)\Brother\BRAgent\BRAgtSrv.exe [x]R2 WePrint;WePrint Server;c:\program files (x86)\WePrint\WePrint Server.exe;c:\program files (x86)\WePrint\WePrint Server.exe [x]R2 WinFLdrv;WinFLdrv;SysWOW64\WinFLdrv.sys;SysWOW64\WinFLdrv.sys [x]R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys;c:\windows\SYSNATIVE\Drivers\pcouffin.sys [x]R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys;c:\windows\SYSNATIVE\DRIVERS\pnetmdm64.sys [x]R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys;c:\windows\SYSNATIVE\DRIVERS\PulseUsb.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys;c:\windows\SYSNATIVE\Drivers\SmartDefragDriver.sys [x]S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_295b5b4710f6d77b\AESTSr64.exe [x]S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]S2 Agile1Password;1Password;c:\program files (x86)\1Password\Agile1pService.exe;c:\program files (x86)\1Password\Agile1pService.exe [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe;c:\prey\platform\windows\cronsvc.exe [x]S2 DymoPnpService;DYMO PnP Service;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe;c:\program files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [x]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [x]S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe;c:\program files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe [x]S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [x]S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe;c:\windows\SysWOW64\WebUpdateSvc4.exe [x]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-01-16 14:43 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-18 22:35].2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd63d719bc8a55.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-11-28 16:26].2014-01-17 c:\windows\Tasks\SDMsgUpdate (TE).job- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2010-09-24 16:21]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-01-17 00:23 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-01-17 00:23 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-01-17 00:23 261744 ----a-w- c:\users\Neal\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-01-15 16:55 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Neal\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]2012-10-23 17:47 5928296 ----a-w- c:\program files\Protector Suite\farchns.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1211688]"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 342528]"Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2013-11-26 4031152].[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2013-11-26 521904].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Bring to OneNote - c:\program files (x86)\Bring to OneNote for Office 2007\ieBringToOneNotex64.dll/201IE: Clip Image - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4IE: Clip selection - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3IE: Clip this page - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1IE: Clip URL - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000IE: New Note - c:\program files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.htmlIE: S&end to OneNote - c:\progra~2\MICROS~2\Office12\ONBttnIE.dll/105IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htmIE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htmIE: Send To CaseMap - c:\windows\system32\lnToCM.htmTrusted Zone: dell.comTCP: DhcpNameServer = 192.168.1.254 192.168.2.1FF - ProfilePath - c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - www.nbcnews.comFF - ExtSQL: 2014-01-01 20:33; datavault@ascendo.inc; c:\program files (x86)\DataVault\firefoxFF - ExtSQL: 2014-01-04 11:30; onepassword@agilebits.com; c:\users\Neal\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.zebra\extensions\onepassword@agilebits.com.xpi. Link to post Share on other sites
Recommended Posts