Jump to content

Recommended Posts

Please Help. Im pretty sure Im Infected with Malware or Virus

 

 

PLEASE HELP ME , I THINK MY PC HAS BEEN INFECTED.

 

I have these radio advertisments coming thru my speakers on the pc.  There can be nothing open at all and it will just start playing advertisments.  I work from home and speak to people thru a headset all day.  And the sound comes thru the headset.  I am at my wits end with this thing.  I googled the problem and saw that Im not the only one. So I have ran Malwarebytes on my pc, as well as cccleaner and norton.  But nothing seems to work.  Still to this min there is a advertisment in spanish playing thru my speakers and then a Tablet advertisment.

 

 

I thought after running Malwarebytes that it would have fixed the problem.  The Full scan did pick up 3 things. I saved the log and removed the what the scan found. Restarted the pc.  and here we are....

 

 

Can you please help me 

 

I ran DDS and attached the file. I hope that helps. I also have the attach file . But it said not to post it unless I was asked to.  Thank you

dds.txt

Link to post
Share on other sites

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thank you very much for responding to my post.  I am excited to remove this thing from my PC.  I do have to work if about 3 hours. If we are not finished we can pick it back up again after work at 9pm or in the morning about this time.

I created a restore point.  and here is the report after running rougekiller:  

The RougeKiller program also created a Quarantine folder on my desktop that has 2 files in it. Let me know if you want me to post those as well.

 

RKreport0_S_01222014_083627.txt

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is the combofix report.

 

 

ComboFix 14-01-22.01 - Marshall Kline 01/22/2014  10:17:58.2.4 - x64

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.8189.3972 [GMT -7:00]

Running from: c:\users\Marshall Kline\Desktop\ComboFix.exe

AV: Norton 360 Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton 360 Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton 360 Online *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\program files (x86)\smartdl

c:\program files (x86)\smartdl\dler.exe

c:\program files (x86)\smartdl\gunzip.exe

c:\program files (x86)\smartdl\header.bmp

c:\program files (x86)\smartdl\header2.bmp

c:\program files (x86)\smartdl\header3.bmp

c:\program files (x86)\smartdl\next.bmp

c:\program files (x86)\smartdl\skip.bmp

c:\program files (x86)\smartdl\status-o

c:\programdata\Vaudix

c:\programdata\Vaudix\51520109da21a.tlb

c:\programdata\Vaudix\settings.ini

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{26D3FB05-5808-47A8-95C0-DC0D17A917F8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{26D3FB05-5808-47A8-95C0-DC0D17A917F8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{64324869-AE38-422E-9ADD-057588E824FB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{64324869-AE38-422E-9ADD-057588E824FB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{8B83BBE3-1A30-4BB5-9491-6AB3E731CE39}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{8B83BBE3-1A30-4BB5-9491-6AB3E731CE39}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{967EF8D8-1708-48D0-A7FD-DE324C4DEE73}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{967EF8D8-1708-48D0-A7FD-DE324C4DEE73}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{F41C2B28-C6A9-4197-BFF8-ACC7C6092346}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\MARSHA~1\AppData\Local\Temp\GC\Profiles\{F41C2B28-C6A9-4197-BFF8-ACC7C6092346}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{26D3FB05-5808-47A8-95C0-DC0D17A917F8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Marshall Kline\AppData\Local\temp\GC\Profiles\{26D3FB05-5808-47A8-95C0-DC0D17A917F8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Local\temp\GC\Profiles\{64324869-AE38-422E-9ADD-057588E824FB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{64324869-AE38-422E-9ADD-057588E824FB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{8B83BBE3-1A30-4BB5-9491-6AB3E731CE39}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Marshall Kline\AppData\Local\temp\GC\Profiles\{8B83BBE3-1A30-4BB5-9491-6AB3E731CE39}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Local\temp\GC\Profiles\{967EF8D8-1708-48D0-A7FD-DE324C4DEE73}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{967EF8D8-1708-48D0-A7FD-DE324C4DEE73}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{F41C2B28-C6A9-4197-BFF8-ACC7C6092346}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

c:\users\Marshall Kline\AppData\Local\Temp\GC\Profiles\{F41C2B28-C6A9-4197-BFF8-ACC7C6092346}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll

c:\users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Recent\Stage66 - The Free Movie Downloading Site - Stage66.url

c:\users\UpdatusUser\Favorites\ehthumbs_vista.db

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

c:\windows\XSxS

K:\Autorun.inf

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((((((((((((   Files Created from 2013-12-22 to 2014-01-22  )))))))))))))))))))))))))))))))

.

.

2014-01-22 17:47 . 2014-01-22 17:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-01-22 17:47 . 2014-01-22 17:47 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-01-22 17:47 . 2014-01-22 17:47 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp

2014-01-22 17:47 . 2014-01-22 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-01-22 17:47 . 2014-01-22 17:47 -------- d-----w- c:\users\AppData\AppData\Local\temp

2014-01-21 04:06 . 2009-09-05 00:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll

2014-01-19 17:50 . 2014-01-19 17:50 -------- d-----w- c:\users\Marshall Kline\AppData\Local\DDMSettings

2014-01-19 16:23 . 2014-01-19 16:23 -------- d-----w- c:\program files (x86)\Hp

2014-01-19 15:58 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll

2014-01-19 15:58 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll

2014-01-19 15:58 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll

2014-01-19 15:58 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax

2014-01-19 15:58 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll

2014-01-19 03:34 . 2014-01-19 03:34 -------- d-----w- C:\PBBRA4F2

2014-01-18 23:33 . 2014-01-18 23:33 -------- d-----w- C:\FreeRIP MP3 Converter

2014-01-18 19:40 . 2014-01-18 19:40 90112 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\ARPPRODUCTICON.exe

2014-01-18 19:40 . 2014-01-18 19:40 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut3_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2014-01-18 19:40 -------- d-----w- c:\program files (x86)\KENWOOD

2014-01-18 08:08 . 2014-01-18 08:08 650936 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll

2014-01-17 23:20 . 2014-01-18 08:35 -------- d-----w- c:\users\Mcx1

2014-01-14 20:16 . 2014-01-14 20:16 -------- d-----w- c:\program files (x86)\TeamViewer

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-01-19 19:58 . 2012-04-04 15:26 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-19 19:58 . 2011-05-20 14:03 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut9_2F6B7414C56A4A8F8A759ACC21BA185D.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut8_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut7_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut6_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut5_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut4_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut2_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-18 19:40 . 2013-04-08 00:56 45056 ----a-r- c:\users\Marshall Kline\AppData\Roaming\Microsoft\Installer\{B58B86DE-CBCE-45B4-B45F-39849AEAF2FB}\NewShortcut1_5DF58E2DB9BC441F8ACA06CDD068ADBD.exe

2014-01-15 04:58 . 2006-11-02 12:35 86054176 ----a-w- c:\windows\system32\mrt.exe

2014-01-11 10:00 . 2013-08-31 14:03 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2013-12-18 13:13 . 2009-12-02 07:43 270496 ------w- c:\windows\system32\MpSigStub.exe

2013-12-18 06:11 . 2013-12-18 06:11 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl

2013-12-04 03:28 . 2014-01-21 08:49 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{10661AB9-85E8-49B6-884D-41C56838AA93}\mpengine.dll

2013-11-26 04:39 . 2013-06-10 20:30 276256 ----a-w- c:\windows\system32\drivers\DigiartyVirtualCDBus.sys

2013-11-24 03:27 . 2008-11-07 02:04 525792 ----a-w- c:\windows\DIFxAPI.dll

2013-11-15 02:09 . 2013-12-11 10:07 17847296 ----a-w- c:\windows\system32\mshtml.dll

2013-11-15 01:42 . 2013-12-11 10:07 10926080 ----a-w- c:\windows\system32\ieframe.dll

2013-11-15 01:37 . 2013-12-11 10:07 2334720 ----a-w- c:\windows\system32\jscript9.dll

2013-11-15 01:29 . 2013-12-11 10:07 1347072 ----a-w- c:\windows\system32\urlmon.dll

2013-11-15 01:29 . 2013-12-11 10:07 1392128 ----a-w- c:\windows\system32\wininet.dll

2013-11-15 01:28 . 2013-12-11 10:07 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2013-11-15 01:28 . 2013-12-11 10:07 237056 ----a-w- c:\windows\system32\url.dll

2013-11-15 01:25 . 2013-12-11 10:07 85504 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-15 01:22 . 2013-12-11 10:07 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2013-11-15 01:20 . 2013-12-11 10:07 599040 ----a-w- c:\windows\system32\vbscript.dll

2013-11-15 01:20 . 2013-12-11 10:07 816640 ----a-w- c:\windows\system32\jscript.dll

2013-11-15 01:19 . 2013-12-11 10:07 2147840 ----a-w- c:\windows\system32\iertutil.dll

2013-11-15 01:19 . 2013-12-11 10:07 729088 ----a-w- c:\windows\system32\msfeeds.dll

2013-11-15 01:18 . 2013-12-11 10:07 96768 ----a-w- c:\windows\system32\mshtmled.dll

2013-11-15 01:18 . 2013-12-11 10:07 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-11-15 01:12 . 2013-12-11 10:07 248320 ----a-w- c:\windows\system32\ieui.dll

2013-11-14 22:50 . 2013-12-11 10:07 1806848 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-11-14 22:42 . 2013-12-11 10:07 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-14 22:42 . 2013-12-11 10:07 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-11-14 22:38 . 2013-12-11 10:07 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-11-14 22:38 . 2013-12-11 10:07 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-11-14 22:35 . 2013-12-11 10:07 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-11-09 23:38 . 2013-11-09 23:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll

2013-10-30 04:34 . 2013-12-11 07:21 374784 ----a-w- c:\windows\system32\SysFxUI.dll

2013-10-30 03:55 . 2013-12-11 07:21 122368 ----a-w- c:\windows\system32\drivers\drmk.sys

2013-10-30 02:33 . 2013-12-11 07:21 218112 ----a-w- c:\windows\system32\drivers\portcls.sys

2013-10-30 02:10 . 2013-12-11 07:22 2776064 ----a-w- c:\windows\system32\win32k.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"862E6F2ABDB27F704018BF5A059E623CAA598183._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-01-11 866584]

"DAEMON Tools Lite"="c:\users\Marshall Kline\DVD Program FOLDER\DAEMON Tools Lite\DTLite.exe" [2013-03-14 3672640]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"SDTray"="c:\users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-12-23 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-11-15 1861968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

Themes

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-01-15 20:56 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:58]

.

2014-01-22 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDUpdate.exe [2013-12-14 17:57]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:40]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27 19:40]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000Core.job

- c:\users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 08:09]

.

2014-01-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000UA.job

- c:\users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-07 08:09]

.

2014-01-19 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 16:43]

.

2014-01-22 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDImmunize.exe [2013-12-14 17:49]

.

2013-12-22 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDScan.exe [2013-12-14 17:51]

.

2014-01-11 c:\windows\Tasks\SlimDrivers Scan.job

- c:\program files (x86)\SlimDrivers\SlimDrivers.exe [2013-09-24 19:49]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-12-06 22:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-12-06 22:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-12-06 22:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-12-06 22:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-12-06 22:47 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 13662936]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm





uSearchURL,(Default) = https://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

Trusted Zone: imesh.com\wa

Trusted Zone: kunnect.com\agent

TCP: DhcpNameServer = 192.168.0.1 205.171.2.25


FF - ProfilePath - c:\users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\


FF - ExtSQL: 2013-12-06 20:02; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

FF - user.js: extensions.autoDisableScopes - 0

FF - user.js: extensions.shownSelectionUI - true

.

.

------- File Associations -------

.

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Notify-SDWinLogon - SDWinLogon.dll

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-XviD MPEG4 Video Codec - c:\windows\system32\xvid-uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{8AAF211B-043E02A9-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC_x64.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\02\06\10\13\1e3®"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ExpressFiles\EFUpdater.exe

c:\users\Marshall Kline\AppData\Local\GCC\Controller.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\users\Marshall Kline\AppData\Local\GCC\Controller.exe

c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe

c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe

c:\program files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe

c:\program files (x86)\Hewlett-Packard\KBD\kbd.exe

.

**************************************************************************

.

Completion time: 2014-01-22  11:15:09 - machine was rebooted

ComboFix-quarantined-files.txt  2014-01-22 18:15

.

Pre-Run: 100,367,523,840 bytes free

Post-Run: 87,726,444,544 bytes free

.

- - End Of File - - 8CE0C1F933DF5746E1A518A802E2ED3F

81CD5EC01DB0CE57EDD853F82462EF27
Link to post
Share on other sites

OK...Next:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

I ran adwcleaner it just finished rebooting.  Aboput to run MB now.   

Also I have to start work.  I work from home online.  This doesnt mean I cant cont.  But It whatever we do I will have to also have the job open.  

If thats not possible.  Then we can pick back up later.   

What do you think?

Link to post
Share on other sites

# AdwCleaner v3.017 - Report created 22/01/2014 at 12:10:33

# Updated 12/01/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (64 bits)

# Username : Marshall Kline - MARSHALLKLIN-PC

# Running from : C:\Users\Marshall Kline\Desktop\AdwCleaner.exe

# Option : Clean

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

[!] Folder Deleted : C:\ProgramData\Babylon

[!] Folder Deleted : C:\ProgramData\blekko toolbars

[!] Folder Deleted : C:\ProgramData\DriverCure

[!] Folder Deleted : C:\ProgramData\Free Ride Games

[!] Folder Deleted : C:\ProgramData\GameTap Web Player

[x] Not Deleted : C:\ProgramData\iMesh

[!] Folder Deleted : C:\ProgramData\NCH Software

[!] Folder Deleted : C:\ProgramData\ParetoLogic

[!] Folder Deleted : C:\ProgramData\SoftSafe

[!] Folder Deleted : C:\ProgramData\StarApp

[!] Folder Deleted : C:\ProgramData\Trymedia

[!] Folder Deleted : C:\ProgramData\Alawar Stargaze

[x] Not Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh

[!] Folder Deleted : C:\Program Files (x86)\adawaretb

[!] Folder Deleted : C:\Program Files (x86)\Conduit

[!] Folder Deleted : C:\Program Files (x86)\ExpressFiles

[!] Folder Deleted : C:\Program Files (x86)\Free Ride Games

[x] Not Deleted : C:\Program Files (x86)\iMesh Applications

[!] Folder Deleted : C:\Program Files (x86)\iSafe

[!] Folder Deleted : C:\Program Files (x86)\Movie2KDownloader.com

[!] Folder Deleted : C:\Program Files (x86)\NCH Software

[!] Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause

[!] Folder Deleted : C:\Program Files\Trymedia

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Local\Bundled software uninstaller

[x] Not Deleted : C:\Users\Marshall Kline\AppData\Local\iMesh

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Local\SwvUpdater

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\LocalLow\adawaretb

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\LocalLow\boost_interprocess

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\DriverCure

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\DSite

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\ExpressFiles

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\NCH Software

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\ParetoLogic

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\pccustubinstaller

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\Systweak

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\3brwtjef.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\3brwtjef.default\Extensions\thomas.cummerata@retta.biz

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

[!] Folder Deleted : C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

File Deleted : C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\3brwtjef.default\user.js

File Deleted : C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\user.js

File Deleted : C:\Windows\System32\Tasks\Express FilesUpdate

File Deleted : C:\Windows\System32\Tasks\NCH Software

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\blaofbhgbmeikidhlkmjhbkbfohpgekf

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

[x] Not Deleted : HKLM\SOFTWARE\Classes\AppID\iMesh.exe

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL

[x] Not Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD

[x] Not Deleted : HKLM\SOFTWARE\Classes\iMesh.Device

[x] Not Deleted : HKLM\SOFTWARE\Classes\iMesh.file

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\BI

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\ExpressFiles

[x] Not Deleted : HKCU\Software\Imesh

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\NCH Software

Key Deleted : HKCU\Software\ParetoLogic

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\systweak

Key Deleted : HKCU\Software\wscontb

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\adawaretb

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\ExpressFiles

[x] Not Deleted : HKLM\Software\Imesh

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : HKLM\Software\NCH Software

Key Deleted : HKLM\Software\ParetoLogic

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\Supreme Savings

Key Deleted : HKLM\Software\Trymedia Systems

Key Deleted : HKLM\Software\Uniblue

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{501451DE-5808-4599-B544-8BD0915B6B24}_is1

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ExpressFiles

[x] Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh

[x] Not Deleted : [x64] HKCU\Software\Imesh

Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16526

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.76

 

[ File : C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [11841 octets] - [22/01/2014 11:50:12]

AdwCleaner[s0].txt - [10543 octets] - [22/01/2014 12:10:33]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10604 octets] ##########
Link to post
Share on other sites

I just finished running MB but i accidentally hit enter as soon as something popped up aftrer it was finished.  I am not sure what happened.  I am running it again right now.   I looked in the MB logs tab. and the most recent one in there was 1/19/2014.  
Im sorry about that.  I will post the new one shortly.   

as i am typing this there is still ads playing thru my speakers.

Link to post
Share on other sites

OK, when you get done with MB.......

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefindrpcss.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Link to post
Share on other sites

here is the MB report:
 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.22.09
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Marshall Kline :: MARSHALLKLIN-PC [administrator]
 
1/22/2014 12:42:32 PM
MBAM-log-2014-01-22 (12-49-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | P2P
Objects scanned: 273883
Time elapsed: 4 minute(s), 28 second(s)
 
Memory Processes Detected: 2
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> 2136 -> No action taken.
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> 4184 -> No action taken.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> No action taken.
C:\ProgramData\InstallMate\{AB16BB0E-70E4-44F1-A61A-38C670F599F8}\Custom.dll (Adware.Agent) -> No action taken.
C:\Users\Marshall Kline\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> No action taken.
 
(end)
 
 
 
 
and here is the report after i told MB to remove the selected .

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.22.09
 
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Marshall Kline :: MARSHALLKLIN-PC [administrator]
 
1/22/2014 12:42:32 PM
mbam-log-2014-01-22 (12-42-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | P2P
Objects scanned: 273883
Time elapsed: 4 minute(s), 28 second(s)
 
Memory Processes Detected: 2
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> 2136 -> Delete on reboot.
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> 4184 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Users\Marshall Kline\AppData\Local\GCC\Controller.exe (PUP.Optional.GigaClicks) -> Delete on reboot.
C:\ProgramData\InstallMate\{AB16BB0E-70E4-44F1-A61A-38C670F599F8}\Custom.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\Marshall Kline\Downloads\FreemakeVideoConverterSetup.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
 
(end)
 
Link to post
Share on other sites

here is the system look report:
 

SystemLook 30.07.11 by jpshortstuff
Log created at 13:12 on 22/01/2014 by Marshall Kline
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "rpcss.dll"
C:\Windows\erdnt\cache64\rpcss.dll --a---- 719872 bytes [06:06 04/04/2013] [07:11 11/04/2009] CF8B9A3A5E7DC57724A89D0C3E8CF9EF
C:\Windows\System32\rpcss.dll --a---- 719872 bytes [04:12 29/08/2009] [07:11 11/04/2009] CF8B9A3A5E7DC57724A89D0C3E8CF9EF
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_c3e2cce1f92f2ca2\rpcss.dll --a---- 724992 bytes [04:52 15/04/2009] [04:40 03/03/2009] 007F8DE7AC0F9386C3FD2EC7DC87C37A
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_c47a129912422fc2\rpcss.dll --a---- 724992 bytes [04:52 15/04/2009] [04:35 03/03/2009] 54FF562C2710BB610B019D723B16FB2A
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_c5e9777ff63d6f72\rpcss.dll --a---- 713728 bytes [02:51 21/01/2008] [02:51 21/01/2008] FF27BE0BA7B3C48D5C99AFCB56D436C2
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_c5d9dd2ff64839ac\rpcss.dll --a---- 718336 bytes [04:52 15/04/2009] [04:57 03/03/2009] 52CDADE8289FF21F1F2215FF51A5F36C
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_c6259b510f93cd21\rpcss.dll --a---- 717824 bytes [04:52 15/04/2009] [04:59 03/03/2009] 857E04C16007E60FCC0803239C853E78
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_c7d4f08bf35f3abe\rpcss.dll --a---- 719872 bytes [04:12 29/08/2009] [07:11 11/04/2009] CF8B9A3A5E7DC57724A89D0C3E8CF9EF
 
-= EOF =-
Link to post
Share on other sites

The usually cause of your problem is a patched file:
C:\Windows\System32\rpcss.dll

But yours looks OK, so we have to look somewhere else.

Please do this:

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

Here is the 1st report asnd the 2nd report is below this post.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 02
Ran by Marshall Kline (administrator) on MARSHALLKLIN-PC on 22-01-2014 13:37:31
Running from C:\Users\Marshall Kline\Desktop\Farbar
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccsvchst.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Marshall Kline\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\CounterPath\X-Lite\x-lite.exe
() C:\Program Files (x86)\Attractel\Zoiper\Zoiper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [sDTray] - C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKCU\...\Run: [862E6F2ABDB27F704018BF5A059E623CAA598183._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-11] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Users\Marshall Kline\DVD Program FOLDER\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [Xvid] - C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\Default\...\Run: [HPADVISOR] - [x]
HKU\Default User\...\Run: [HPADVISOR] - [x]
HKU\LogMeInRemoteUser\...\Run: [HPADVISOR] - [x]
HKU\Mcx1\...\Run: [HPADVISOR] - [x]
HKU\Mcx1\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Mcx1\...\Winlogon: [shell] C:\Windows\eHome\McrMgr.exe [196608 2009-04-11] (Microsoft Corporation) <==== ATTENTION 
HKU\UpdatusUser\...\Run: [HPADVISOR] - [x]
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=EIE9HP&PC=UP51
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC558564003EBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/120
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {63B14693-6853-4EEA-B327-57DEE9E0C60E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {8F2B645C-867E-418F-A1A5-39B2F7067BE3} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {63B14693-6853-4EEA-B327-57DEE9E0C60E} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {8F2B645C-867E-418F-A1A5-39B2F7067BE3} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKCU - {63B14693-6853-4EEA-B327-57DEE9E0C60E} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {8E02D41C-5924-4816-9490-33CCD28BEB72} URL = http://search.yahoo.com/search?ei=ISO-8859-1&fr=chr-vmn&type=egames3_0yach&q={searchTerms}
SearchScopes: HKCU - {94FA1C25-6A5B-4CBD-9B3A-0DAA5C7BF3CD} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {C87B3755-68D0-B39D-C7B6-1302A12C8A19} URL = http://www.bing.com/search?q={searchTerms}&pc=ZUGO&form=ZGAIDF
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: No Name - Disabled:{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  No File
BHO-x32: No Name - Disabled:{9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: No Name - Disabled:{DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM {BCCA9B64-41B3-4A20-8D8B-E69FE61F1F8B} http://agent.kunnect.com/InstallerWeb.cab
DPF: HKLM-x32 {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: HKLM-x32 {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1259.cab
DPF: HKLM-x32 {7C9C5968-FA32-4724-AA58-7BF98B40005D} https://secure.riosalado.edu/riowebapps/techcheck/SystemRequirements.cab
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
 
FireFox:
========
FF ProfilePath: C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=1.6.0_39 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @zoiper.com/npZoiper - C:\Program Files (x86)\Zoiper Web\npZoiper.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Marshall Kline\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Marshall Kline\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Marshall Kline\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll (BitComet)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Marshall Kline\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Marshall Kline\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Marshall Kline\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Bluhell Firewall - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\Extensions\{6BB5760D-F97E-421B-AF5B-8457A90C3CED}.xpi [2013-12-27]
FF Extension: Adblock Plus - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\Firefox\Profiles\hr5yc6gq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-15]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\IPSFF [2013-10-09]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\coFFPlgn\ []
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.18.4_0\npcoplgn.dll No File
CHR Plugin: (BitCometAgent) - C:\Program Files (x86)\Mozilla Firefox\plugins\npBitCometAgent.dll (BitComet)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Microsoft Office 2003) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.450.18) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U45) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Zoiper Plugin 2.07 for Windows) - C:\Program Files (x86)\Zoiper Web\npZoiper.dll ()
CHR Plugin: (Google Update) - C:\Users\Marshall Kline\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\Marshall Kline\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (VLC for YouTube™) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ablmclcliiiegfmpbkfhnhipoejclmel [2013-10-01]
CHR Extension: (Angry Birds) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-17]
CHR Extension: (YouTube) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-05-19]
CHR Extension: (Adblock Plus) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-26]
CHR Extension: (Pandora) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2013-04-28]
CHR Extension: (Color Piano!) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihmigmmflfcbhdpdgbkkeojchjhhphnh [2013-05-19]
CHR Extension: (Diigo Web) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipfakkakbicobflnnminhjjdkglgbmf [2013-05-19]
CHR Extension: (Skype Click to Call) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-30]
CHR Extension: (WGT Golf Game) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpedbpkelbhcbkdaglillalioeeekbpb [2013-08-24]
CHR Extension: (Google Wallet) - C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\MARSHA~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-09-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\Exts\Chrome.crx [2013-02-05]
 
==================== Services (Whitelisted) =================
 
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [496232 2010-01-21] ()
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-11-01] (Freemake)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [209000 2010-01-21] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 1999-12-31] (Realtek Semiconductor)
S3 SDScannerService; C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S4 SecStore; C:\Windows\SysWOW64\secpro.exe [61440 2012-12-13] ()
 
==================== Drivers (Whitelisted) ====================
 
S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
S1 Beep; No ImagePath
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604010.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2013-11-25] (Digiarty Software, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-06] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-11] (GFI Software)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20140121.001\IDSvia64.sys [521944 2014-01-18] (Symantec Corporation)
S4 LMIRfsClientNP; No ImagePath
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [30312 2012-03-07] (Windows ® Win 7 DDK provider)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF64.sys [157696 2011-10-20] (Matrox Graphics Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140121.023\ENG64.SYS [126040 2014-01-15] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\VirusDefs\20140121.023\EX64.SYS [2099288 2014-01-15] (Symantec Corporation)
S4 nvrd64; C:\Windows\system32\drivers\nvrd64.sys [166944 2008-07-21] (NVIDIA Corporation)
S3 pimou; C:\Windows\System32\DRIVERS\pimou.sys [22856 2013-03-21] (Christian Gulden)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [30336 2007-01-18] (Research in Motion Ltd)
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-04] (Duplex Secure Ltd.)
S3 SRS_HDAL_Service; C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [533280 2010-11-15] ()
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-01-11] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-04-07] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2011-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\0604010.00E\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\0604010.00E\SYMTDIV.SYS [445560 2011-11-16] (Symantec Corporation)
R3 ubohci; C:\Windows\System32\DRIVERS\ubohci.sys [132608 2012-10-05] (Unibrain)
R2 ubsbm; C:\Windows\System32\DRIVERS\ubsbm.sys [24064 2012-10-05] (Unibrain)
R2 ubumapi; C:\Windows\System32\DRIVERS\ubumapi.sys [92160 2012-10-05] (Unibrain)
U3 aoweyuwi; C:\Windows\System32\Drivers\aoweyuwi.sys [0 ] (NVIDIA Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LVcKap64; system32\DRIVERS\LVcKap64.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [x]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-22 13:37 - 2014-01-22 13:37 - 00000000 ____D C:\FRST
2014-01-22 13:35 - 2014-01-22 13:37 - 00000000 ____D C:\Users\Marshall Kline\Desktop\Farbar
2014-01-22 13:12 - 2014-01-22 13:16 - 00003524 _____ C:\Users\Marshall Kline\Desktop\SystemLook.txt
2014-01-22 13:09 - 2014-01-22 13:09 - 00165376 _____ C:\Users\Marshall Kline\Desktop\SystemLook_x64.exe
2014-01-22 11:49 - 2014-01-22 12:11 - 00000000 ____D C:\AdwCleaner
2014-01-22 11:48 - 2014-01-22 11:49 - 01236282 _____ C:\Users\Marshall Kline\Desktop\AdwCleaner.exe
2014-01-22 11:16 - 2014-01-22 11:16 - 00026424 _____ C:\Users\Marshall Kline\Desktop\combofix.txt
2014-01-22 11:15 - 2014-01-22 11:15 - 00026424 _____ C:\ComboFix.txt
2014-01-22 10:14 - 2011-06-25 23:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-22 10:14 - 2010-11-07 10:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-22 10:14 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-22 10:14 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-22 10:14 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-22 10:14 - 2000-08-30 17:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-22 10:14 - 2000-08-30 17:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-22 10:14 - 2000-08-30 17:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-22 10:06 - 2014-01-22 11:15 - 00000000 ____D C:\Qoobox
2014-01-22 09:58 - 2014-01-22 09:58 - 05173757 ____R (Swearware) C:\Users\Marshall Kline\Desktop\ComboFix.exe
2014-01-22 08:36 - 2014-01-22 08:36 - 00005375 _____ C:\Users\Marshall Kline\Desktop\RKreport[0]_S_01222014_083627.txt
2014-01-22 08:28 - 2014-01-22 10:05 - 00000000 ____D C:\Users\Marshall Kline\Desktop\RK_Quarantine
2014-01-22 08:16 - 2014-01-22 08:16 - 04406784 _____ C:\Users\Marshall Kline\Desktop\RogueKillerX64.exe
2014-01-22 00:24 - 2014-01-22 00:24 - 00021133 _____ C:\Users\Marshall Kline\Desktop\attach.txt
2014-01-22 00:24 - 2014-01-22 00:23 - 00023021 _____ C:\Users\Marshall Kline\Desktop\dds.txt
2014-01-21 16:19 - 2014-01-21 16:19 - 00781312 ___SH C:\Users\UpdatusUser\ehthumbs_vista.db
2014-01-20 21:34 - 2014-01-20 21:36 - 00009851 _____ C:\Windows\IE9_main.log
2014-01-20 21:14 - 2014-01-20 21:14 - 38234984 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\BOIE9_ENUS_BO0086_VIS64.EXE
2014-01-20 21:12 - 2014-01-20 21:12 - 15182336 _____ C:\Users\Marshall Kline\Downloads\MicrosoftCodecPack_amd64.msi
2014-01-20 21:12 - 2014-01-20 21:12 - 08025600 _____ C:\Users\Marshall Kline\Downloads\MicrosoftCodecPack_x86.msi
2014-01-20 21:07 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-01-20 21:07 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-01-20 21:07 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-01-20 21:07 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-01-20 21:07 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-01-20 21:07 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-01-20 21:07 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-01-20 21:07 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-20 21:07 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-01-20 21:07 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-20 21:07 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-01-20 21:07 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-01-20 21:07 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-01-20 21:07 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-01-20 21:06 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-01-20 21:06 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-01-20 21:06 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-01-20 21:06 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-01-20 21:06 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-01-20 21:06 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-01-20 21:06 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-01-20 21:06 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-01-20 21:06 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-01-20 21:06 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-01-20 21:03 - 2014-01-21 22:01 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-20 20:58 - 2014-01-20 20:58 - 98426128 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\msert.exe
2014-01-19 17:36 - 2014-01-19 17:36 - 24859352 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-19 17:30 - 2014-01-19 17:30 - 01528184 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\GenuineCheck.exe
2014-01-19 10:50 - 2014-01-19 10:50 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\DDMSettings
2014-01-19 09:43 - 2014-01-19 09:43 - 00000859 _____ C:\Users\Public\Desktop\DivX Player.lnk
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D C:\Program Files (x86)\Hp
2014-01-19 09:22 - 2014-01-19 09:22 - 04427776 _____ C:\Users\Marshall Kline\Downloads\HPSupportSolutionsFramework.msi
2014-01-19 09:19 - 2014-01-19 09:20 - 44799704 _____ (Hewlett-Packard                                             ) C:\Users\Marshall Kline\Downloads\sp64126.exe
2014-01-19 08:58 - 2011-05-30 06:42 - 00255488 _____ C:\Windows\system32\xvidvfw.dll
2014-01-19 08:58 - 2011-05-30 06:42 - 00240640 _____ C:\Windows\SysWOW64\xvidvfw.dll
2014-01-19 08:58 - 2011-05-23 02:52 - 00153088 _____ C:\Windows\SysWOW64\xvid.ax
2014-01-19 08:58 - 2011-05-23 00:46 - 00645632 _____ C:\Windows\SysWOW64\xvidcore.dll
2014-01-19 08:58 - 2011-05-23 00:45 - 00696832 _____ C:\Windows\system32\xvidcore.dll
2014-01-19 08:39 - 2014-01-19 08:40 - 10768856 _____ (Xvid Team) C:\Users\Marshall Kline\Downloads\Xvid-1.3.2-20110601 (1).exe
2014-01-19 05:16 - 2014-01-19 06:23 - 00000000 ____D C:\Users\Marshall Kline\Desktop\New Folder
2014-01-19 04:18 - 2014-01-19 04:19 - 113161740 _____ C:\Users\Marshall Kline\Downloads\SystemUpdate_16547_USB.zip
2014-01-18 20:34 - 2014-01-18 20:34 - 00000000 ____D C:\PBBRA4F2
2014-01-18 16:49 - 2014-01-19 02:59 - 00003523 _____ C:\Windows\cdplayer.ini
2014-01-18 16:36 - 2014-01-19 02:14 - 00001534 _____ C:\ss.ini
2014-01-18 16:33 - 2014-01-18 16:33 - 00000918 _____ C:\Users\Marshall Kline\Desktop\FreeRIP MP3 Converter.lnk
2014-01-18 16:33 - 2014-01-18 16:33 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-18 16:33 - 2014-01-18 16:33 - 00000000 ____D C:\FreeRIP MP3 Converter
2014-01-18 16:31 - 2014-01-18 16:32 - 03319208 _____ (GreenTree Applications SRL) C:\Users\Marshall Kline\Downloads\freeripmp3-setup.exe
2014-01-18 12:40 - 2014-01-18 12:40 - 00002022 _____ C:\Users\Marshall Kline\Desktop\KENWOOD Music Editor Light.lnk
2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KENWOOD
2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Program Files (x86)\KENWOOD
2014-01-18 12:20 - 2014-01-18 12:20 - 05261210 _____ (JVCKENWOOD Corporation                                    ) C:\Users\Marshall Kline\Downloads\KMELight_v1_2_0_Installer.exe
2014-01-18 01:41 - 2014-01-18 01:41 - 00143872 ___SH C:\Users\AppData\ehthumbs_vista.db
2014-01-18 01:35 - 2014-01-18 01:35 - 00710144 ___SH C:\Users\Mcx1\ehthumbs_vista.db
2014-01-18 00:57 - 2014-01-18 00:57 - 00001630 _____ C:\Users\Marshall Kline\Desktop\Media Center.lnk
2014-01-18 00:17 - 2014-01-18 01:31 - 00000752 _____ C:\Users\Mcx1\Desktop\Windows Media Center Shortcuts.lnk
2014-01-18 00:15 - 2014-01-18 01:30 - 00000752 _____ C:\Users\Marshall Kline\Desktop\Windows Media Center Shortcuts.lnk
2014-01-17 17:32 - 2014-01-21 21:40 - 00427008 ___SH C:\Users\ehthumbs_vista.db
2014-01-17 17:32 - 2014-01-21 16:30 - 00036352 _____ C:\Users\Mcx1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-17 16:37 - 2014-01-17 16:37 - 00134544 _____ C:\Users\Mcx1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 16:37 - 2014-01-17 16:37 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Hewlett-Packard
2014-01-17 16:20 - 2014-01-18 01:35 - 00000000 ____D C:\Users\Mcx1
2014-01-17 16:20 - 2014-01-17 16:20 - 00000020 ___SH C:\Users\Mcx1\ntuser.ini
2014-01-17 16:20 - 2013-10-14 14:48 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Google
2014-01-17 16:20 - 2013-08-13 18:22 - 00000000 ____D C:\Users\Mcx1\AppData\Roaming\Macromedia
2014-01-17 16:20 - 2008-11-06 19:17 - 00001338 _____ C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite Deluxe.lnk
2014-01-17 16:20 - 2008-01-20 20:20 - 00000000 ___RD C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-17 16:20 - 2008-01-20 20:20 - 00000000 ___RD C:\Users\Mcx1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-17 13:18 - 2014-01-17 13:31 - 732985344 _____ C:\Users\Marshall Kline\Downloads\Dallas 362 Scott Caan Shawn Hatosy and Jeff Goldblum  1hr36min.avi
2014-01-17 12:37 - 2014-01-17 12:47 - 735551488 _____ C:\Users\Marshall Kline\Downloads\SURFER DUDE Matthew McConaughey Woody Harrelson and Willie Nelson  1hr25min.avi
2014-01-14 13:16 - 2014-01-14 13:16 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 13:16 - 2014-01-14 13:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-11 03:07 - 2014-01-20 01:00 - 00001604 _____ C:\Windows\setupact.log
2014-01-11 03:07 - 2014-01-11 03:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-09 22:43 - 2014-01-09 22:43 - 02749297 _____ C:\Users\Marshall Kline\Downloads\video-2011-09-01-01-02-54.mp4
2014-01-09 22:41 - 2014-01-09 22:41 - 00996278 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-21-58-40.mp4
2014-01-09 22:40 - 2014-01-09 22:40 - 01644183 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-14-10-57.mp4
2014-01-09 22:39 - 2014-01-09 22:39 - 00964831 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-12-45-46.mp4
2014-01-09 01:50 - 2014-01-09 01:50 - 00000000 ____D C:\Users\Marshall Kline\Documents\Documents\ProcAlyzer Dumps
2014-01-09 00:19 - 2013-11-14 22:31 - 00486378 _____ C:\Windows\system32\Drivers\etc\hosts.20140109-001914.backup
2014-01-08 00:19 - 2014-01-08 00:19 - 00002144 _____ C:\{2BDD2BE0-6F05-45AA-8B22-085747EC091C}
2014-01-07 09:48 - 2014-01-07 09:48 - 00002184 _____ C:\{D9C636DE-1D5D-495C-9AC4-93867FC8C9EB}
2014-01-03 07:41 - 2014-01-03 07:41 - 00002000 _____ C:\{0BDBEB68-281C-4789-B1EF-4D8B82C3450F}
2014-01-02 12:46 - 2014-01-02 12:46 - 00000039 _____ C:\Users\Marshall Kline\Downloads\text_0.txt
2014-01-01 14:19 - 2014-01-01 14:19 - 00001107 _____ C:\Users\Marshall Kline\Desktop\Add_a_device_or_computer_to_a_network_usb - Shortcut.lnk
2013-12-28 22:32 - 2013-12-28 22:32 - 00002184 _____ C:\{85C296F9-7060-46B0-840C-E57331CD50A3}
2013-12-28 11:19 - 2013-12-28 11:19 - 00688992 ____R (Swearware) C:\Users\Marshall Kline\Desktop\dds.scr
2013-12-27 01:58 - 2014-01-21 23:48 - 00464424 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-25 17:12 - 2014-01-14 19:34 - 00134544 _____ C:\Users\Marshall Kline\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-25 09:27 - 2013-12-25 09:27 - 00002312 _____ C:\{29A7B864-C708-4837-9FA3-DF1630247DD5}
2013-12-25 09:18 - 2013-12-25 09:18 - 00002144 _____ C:\{410D2A5F-7AE4-4705-B5BC-2D8F9BDCA540}
2013-12-25 07:07 - 2013-12-25 07:07 - 00002024 _____ C:\{03B618D1-ED51-4B06-99EE-AC4118360F84}
2013-12-25 06:55 - 2013-12-25 06:55 - 00002512 _____ C:\{D03E5CA2-CD56-4DD4-80AE-60DD1FAA156B}
2013-12-25 05:57 - 2013-12-25 05:57 - 00002184 _____ C:\{88B64676-24F7-43DD-8FBC-718CEEC1B0D8}
2013-12-25 04:32 - 2013-12-25 04:36 - 76310102 _____ C:\Users\Marshall Kline\Downloads\4816377.mp4
2013-12-25 04:27 - 2013-12-25 04:30 - 38229838 _____ C:\Users\Marshall Kline\Downloads\4816332.mp4
2013-12-25 04:24 - 2013-12-25 04:27 - 36341810 _____ C:\Users\Marshall Kline\Downloads\4816346.mp4
2013-12-25 04:21 - 2013-12-25 04:37 - 220238862 _____ C:\Users\Marshall Kline\Downloads\4816323.mp4
2013-12-25 04:21 - 2013-12-25 04:26 - 79082046 _____ C:\Users\Marshall Kline\Downloads\4816287.mp4
 
==================== One Month Modified Files and Folders =======
 
2014-01-22 13:38 - 2012-11-16 10:19 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Zoiper Web
2014-01-22 13:37 - 2014-01-22 13:37 - 00000000 ____D C:\FRST
2014-01-22 13:37 - 2014-01-22 13:35 - 00000000 ____D C:\Users\Marshall Kline\Desktop\Farbar
2014-01-22 13:37 - 2013-08-30 14:42 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Skype
2014-01-22 13:24 - 2013-06-07 10:21 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000UA.job
2014-01-22 13:16 - 2014-01-22 13:12 - 00003524 _____ C:\Users\Marshall Kline\Desktop\SystemLook.txt
2014-01-22 13:09 - 2014-01-22 13:09 - 00165376 _____ C:\Users\Marshall Kline\Desktop\SystemLook_x64.exe
2014-01-22 13:05 - 2013-10-06 22:02 - 00002373 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-22 13:04 - 2009-01-26 19:07 - 01959991 _____ C:\Windows\WindowsUpdate.log
2014-01-22 12:55 - 2013-12-13 19:04 - 00000722 _____ C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-22 12:55 - 2013-04-13 23:09 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-22 12:55 - 2011-08-27 12:40 - 00000914 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 12:54 - 2011-08-27 12:40 - 00000910 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 12:54 - 2006-11-02 08:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 12:54 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:54 - 2006-11-02 08:22 - 00003744 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:53 - 2013-09-16 19:40 - 00478840 _____ C:\Windows\PFRO.log
2014-01-22 12:52 - 2006-11-02 08:42 - 00032622 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-22 12:11 - 2014-01-22 11:49 - 00000000 ____D C:\AdwCleaner
2014-01-22 11:49 - 2014-01-22 11:48 - 01236282 _____ C:\Users\Marshall Kline\Desktop\AdwCleaner.exe
2014-01-22 11:16 - 2014-01-22 11:16 - 00026424 _____ C:\Users\Marshall Kline\Desktop\combofix.txt
2014-01-22 11:15 - 2014-01-22 11:15 - 00026424 _____ C:\ComboFix.txt
2014-01-22 11:15 - 2014-01-22 10:06 - 00000000 ____D C:\Qoobox
2014-01-22 11:02 - 2006-11-02 05:34 - 00000215 _____ C:\Windows\system.ini
2014-01-22 10:49 - 2006-11-02 05:33 - 90963968 _____ C:\Windows\system32\config\software.bak
2014-01-22 10:49 - 2006-11-02 05:33 - 50855936 _____ C:\Windows\system32\config\components.bak
2014-01-22 10:49 - 2006-11-02 05:33 - 31457280 _____ C:\Windows\system32\config\system.bak
2014-01-22 10:49 - 2006-11-02 05:33 - 04980736 _____ C:\Windows\system32\config\default.bak
2014-01-22 10:49 - 2006-11-02 05:33 - 00262144 _____ C:\Windows\system32\config\sam.bak
2014-01-22 10:49 - 2006-11-02 05:33 - 00028672 _____ C:\Windows\system32\config\security.bak
2014-01-22 10:48 - 2013-04-03 21:12 - 00000000 ____D C:\Windows\erdnt
2014-01-22 10:05 - 2014-01-22 08:28 - 00000000 ____D C:\Users\Marshall Kline\Desktop\RK_Quarantine
2014-01-22 09:58 - 2014-01-22 09:58 - 05173757 ____R (Swearware) C:\Users\Marshall Kline\Desktop\ComboFix.exe
2014-01-22 09:44 - 2013-12-13 19:04 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-22 08:36 - 2014-01-22 08:36 - 00005375 _____ C:\Users\Marshall Kline\Desktop\RKreport[0]_S_01222014_083627.txt
2014-01-22 08:16 - 2014-01-22 08:16 - 04406784 _____ C:\Users\Marshall Kline\Desktop\RogueKillerX64.exe
2014-01-22 04:24 - 2013-06-07 10:21 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000Core.job
2014-01-22 00:30 - 2013-12-13 19:04 - 00000694 _____ C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-22 00:24 - 2014-01-22 00:24 - 00021133 _____ C:\Users\Marshall Kline\Desktop\attach.txt
2014-01-22 00:23 - 2014-01-22 00:24 - 00023021 _____ C:\Users\Marshall Kline\Desktop\dds.txt
2014-01-21 23:48 - 2013-12-27 01:58 - 00464424 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-21 22:47 - 2013-05-05 21:42 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\vlc
2014-01-21 22:01 - 2014-01-20 21:03 - 00000000 ____D C:\Windows\SysWOW64\directx
2014-01-21 21:56 - 2013-10-06 23:40 - 00000000 ____D C:\Users\Marshall Kline\Downloads\DVD Video Cutters and Codecs
2014-01-21 21:43 - 2013-04-24 20:21 - 00000000 ____D C:\Users\Marshall Kline\Downloads\Unsorted movies
2014-01-21 21:40 - 2014-01-17 17:32 - 00427008 ___SH C:\Users\ehthumbs_vista.db
2014-01-21 21:40 - 2013-04-22 21:44 - 01338880 ___SH C:\Users\Marshall Kline\Downloads\ehthumbs_vista.db
2014-01-21 21:40 - 2013-04-02 21:03 - 02554880 ___SH C:\Users\Marshall Kline\ehthumbs_vista.db
2014-01-21 21:38 - 2009-03-28 09:27 - 00007168 _____ C:\Users\Marshall Kline\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 21:17 - 2013-06-07 18:16 - 00000000 ____D C:\Users\Marshall Kline\Downloads\music dl
2014-01-21 21:14 - 2013-06-20 14:17 - 00000000 ____D C:\Users\Marshall Kline\Downloads\jdownloader
2014-01-21 19:18 - 2013-03-20 00:31 - 00000000 ____D C:\Users\Marshall Kline\dwhelper
2014-01-21 16:30 - 2014-01-17 17:32 - 00036352 _____ C:\Users\Mcx1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 16:19 - 2014-01-21 16:19 - 00781312 ___SH C:\Users\UpdatusUser\ehthumbs_vista.db
2014-01-21 14:45 - 2013-11-10 19:08 - 00002321 _____ C:\Users\Public\Desktop\SlimCleaner.lnk
2014-01-21 14:44 - 2013-04-21 14:33 - 00000000 ____D C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER
2014-01-21 14:41 - 2009-04-15 21:12 - 00048404 _____ C:\Users\Marshall Kline\AppData\Roaming\wklnhst.dat
2014-01-21 00:52 - 2006-11-02 08:07 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-20 23:05 - 2009-05-30 00:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-20 21:36 - 2014-01-20 21:34 - 00009851 _____ C:\Windows\IE9_main.log
2014-01-20 21:36 - 2011-03-25 10:14 - 00000000 ___HD C:\Windows\msdownld.tmp
2014-01-20 21:14 - 2014-01-20 21:14 - 38234984 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\BOIE9_ENUS_BO0086_VIS64.EXE
2014-01-20 21:12 - 2014-01-20 21:12 - 15182336 _____ C:\Users\Marshall Kline\Downloads\MicrosoftCodecPack_amd64.msi
2014-01-20 21:12 - 2014-01-20 21:12 - 08025600 _____ C:\Users\Marshall Kline\Downloads\MicrosoftCodecPack_x86.msi
2014-01-20 20:58 - 2014-01-20 20:58 - 98426128 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\msert.exe
2014-01-20 18:59 - 2011-07-15 14:03 - 00000000 ____D C:\Users\Marshall Kline\Desktop\XBOX CONVERT INFO
2014-01-20 14:43 - 2013-04-28 09:38 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\dvdcss
2014-01-20 14:28 - 2006-11-02 05:46 - 00763670 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 01:37 - 2013-09-17 14:51 - 00002591 _____ C:\Users\Marshall Kline\Desktop\Microsoft Office Excel 2003.lnk
2014-01-20 01:00 - 2014-01-11 03:07 - 00001604 _____ C:\Windows\setupact.log
2014-01-19 20:39 - 2012-07-19 01:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-19 17:36 - 2014-01-19 17:36 - 24859352 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\Windows-KB890830-x64-V5.8.exe
2014-01-19 17:30 - 2014-01-19 17:30 - 01528184 _____ (Microsoft Corporation) C:\Users\Marshall Kline\Downloads\GenuineCheck.exe
2014-01-19 12:59 - 2011-03-26 12:17 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\Adobe
2014-01-19 12:58 - 2012-07-19 01:36 - 00003684 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-19 12:58 - 2012-04-04 08:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-19 12:58 - 2011-05-20 07:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-19 12:38 - 2008-11-06 19:05 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-19 12:21 - 2012-07-06 07:20 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Apple Computer
2014-01-19 12:14 - 2012-12-30 18:12 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\iMesh
2014-01-19 12:00 - 2013-05-09 23:28 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\Freemake Music Box
2014-01-19 10:50 - 2014-01-19 10:50 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\DDMSettings
2014-01-19 09:43 - 2014-01-19 09:43 - 00000859 _____ C:\Users\Public\Desktop\DivX Player.lnk
2014-01-19 09:43 - 2013-09-14 20:57 - 00001476 _____ C:\Users\Marshall Kline\Desktop\DivX Movies.lnk
2014-01-19 09:43 - 2011-04-09 22:34 - 00000000 ____D C:\ProgramData\DivX
2014-01-19 09:43 - 2009-07-26 19:06 - 00000000 ____D C:\Program Files (x86)\DivX
2014-01-19 09:41 - 2013-09-14 20:56 - 00000924 _____ C:\Users\Public\Desktop\DivX Converter.lnk
2014-01-19 09:40 - 2011-04-09 22:45 - 00000000 ____D C:\Program Files\DivX
2014-01-19 09:32 - 2008-11-06 19:39 - 00000000 ____D C:\Program Files (x86)\SMINST
2014-01-19 09:23 - 2014-01-19 09:23 - 00000000 ____D C:\Program Files (x86)\Hp
2014-01-19 09:23 - 2008-11-06 18:56 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2014-01-19 09:22 - 2014-01-19 09:22 - 04427776 _____ C:\Users\Marshall Kline\Downloads\HPSupportSolutionsFramework.msi
2014-01-19 09:21 - 2013-03-10 18:21 - 00000000 ____D C:\swsetup
2014-01-19 09:20 - 2014-01-19 09:19 - 44799704 _____ (Hewlett-Packard                                             ) C:\Users\Marshall Kline\Downloads\sp64126.exe
2014-01-19 08:58 - 2013-03-30 17:11 - 00000000 ____D C:\Program Files (x86)\Xvid
2014-01-19 08:40 - 2014-01-19 08:39 - 10768856 _____ (Xvid Team) C:\Users\Marshall Kline\Downloads\Xvid-1.3.2-20110601 (1).exe
2014-01-19 06:23 - 2014-01-19 05:16 - 00000000 ____D C:\Users\Marshall Kline\Desktop\New Folder
2014-01-19 06:15 - 2009-12-17 11:19 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\CrashDumps
2014-01-19 05:10 - 2009-03-26 18:00 - 00000456 _____ C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-01-19 04:39 - 2013-06-13 18:13 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\RipIt4Me
2014-01-19 04:39 - 2013-04-09 21:10 - 00000000 ____D C:\ProgramData\DVD Shrink
2014-01-19 04:19 - 2014-01-19 04:18 - 113161740 _____ C:\Users\Marshall Kline\Downloads\SystemUpdate_16547_USB.zip
2014-01-19 02:59 - 2014-01-18 16:49 - 00003523 _____ C:\Windows\cdplayer.ini
2014-01-19 02:14 - 2014-01-18 16:36 - 00001534 _____ C:\ss.ini
2014-01-19 01:36 - 2009-03-26 17:42 - 00000000 ____D C:\Users\Marshall Kline
2014-01-19 00:24 - 2013-03-03 21:17 - 00000000 ____D C:\Users\Marshall Kline\Downloads\PennyDell Puzzles
2014-01-18 20:34 - 2014-01-18 20:34 - 00000000 ____D C:\PBBRA4F2
2014-01-18 16:33 - 2014-01-18 16:33 - 00000918 _____ C:\Users\Marshall Kline\Desktop\FreeRIP MP3 Converter.lnk
2014-01-18 16:33 - 2014-01-18 16:33 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-18 16:33 - 2014-01-18 16:33 - 00000000 ____D C:\FreeRIP MP3 Converter
2014-01-18 16:33 - 2013-05-03 11:58 - 00000000 ___RD C:\Users\Marshall Kline\Desktop\CD..DVD.  Utilities..Converters
2014-01-18 16:32 - 2014-01-18 16:31 - 03319208 _____ (GreenTree Applications SRL) C:\Users\Marshall Kline\Downloads\freeripmp3-setup.exe
2014-01-18 12:40 - 2014-01-18 12:40 - 00002022 _____ C:\Users\Marshall Kline\Desktop\KENWOOD Music Editor Light.lnk
2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KENWOOD
2014-01-18 12:40 - 2014-01-18 12:40 - 00000000 ____D C:\Program Files (x86)\KENWOOD
2014-01-18 12:20 - 2014-01-18 12:20 - 05261210 _____ (JVCKENWOOD Corporation                                    ) C:\Users\Marshall Kline\Downloads\KMELight_v1_2_0_Installer.exe
2014-01-18 02:24 - 2009-05-02 09:30 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\Mozilla
2014-01-18 01:43 - 2013-05-06 06:42 - 00000000 ____D C:\Users\Marshall Kline\DVD Program FOLDER
2014-01-18 01:41 - 2014-01-18 01:41 - 00143872 ___SH C:\Users\AppData\ehthumbs_vista.db
2014-01-18 01:40 - 2013-06-17 22:19 - 00000000 ____D C:\Users\Marshall Kline\Downloads\AVS Converter 2013
2014-01-18 01:40 - 2013-05-19 22:51 - 00000000 ____D C:\Users\Marshall Kline\Downloads\Ultra ISO Premium Edition v9.3.6.2750
2014-01-18 01:35 - 2014-01-18 01:35 - 00710144 ___SH C:\Users\Mcx1\ehthumbs_vista.db
2014-01-18 01:35 - 2014-01-17 16:20 - 00000000 ____D C:\Users\Mcx1
2014-01-18 01:31 - 2014-01-18 00:17 - 00000752 _____ C:\Users\Mcx1\Desktop\Windows Media Center Shortcuts.lnk
2014-01-18 01:30 - 2014-01-18 00:15 - 00000752 _____ C:\Users\Marshall Kline\Desktop\Windows Media Center Shortcuts.lnk
2014-01-18 00:57 - 2014-01-18 00:57 - 00001630 _____ C:\Users\Marshall Kline\Desktop\Media Center.lnk
2014-01-18 00:45 - 2011-03-24 07:53 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\Windows Live
2014-01-18 00:38 - 2013-10-10 00:39 - 00000000 ____D C:\Users\Marshall Kline\Downloads\Pics for My Vids VeeHD
2014-01-18 00:38 - 2013-06-10 23:30 - 00000000 ____D C:\Users\Marshall Kline\Downloads\GAMES
2014-01-18 00:38 - 2013-04-29 20:20 - 00000000 ____D C:\Users\Marshall Kline\music from scratched CDs
2014-01-17 21:50 - 2013-05-13 19:23 - 00000000 ____D C:\Users\Marshall Kline\Desktop\Old Firefox Data
2014-01-17 16:37 - 2014-01-17 16:37 - 00134544 _____ C:\Users\Mcx1\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-17 16:37 - 2014-01-17 16:37 - 00000000 ____D C:\Users\Mcx1\AppData\Local\Hewlett-Packard
2014-01-17 16:20 - 2014-01-17 16:20 - 00000020 ___SH C:\Users\Mcx1\ntuser.ini
2014-01-17 13:31 - 2014-01-17 13:18 - 732985344 _____ C:\Users\Marshall Kline\Downloads\Dallas 362 Scott Caan Shawn Hatosy and Jeff Goldblum  1hr36min.avi
2014-01-17 12:47 - 2014-01-17 12:37 - 735551488 _____ C:\Users\Marshall Kline\Downloads\SURFER DUDE Matthew McConaughey Woody Harrelson and Willie Nelson  1hr25min.avi
2014-01-14 22:11 - 2006-11-02 05:34 - 00000290 _____ C:\Windows\win.ini
2014-01-14 22:09 - 2013-08-13 21:02 - 00000000 ____D C:\Windows\system32\MRT
2014-01-14 21:58 - 2006-11-02 05:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-14 19:34 - 2013-12-25 17:12 - 00134544 _____ C:\Users\Marshall Kline\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-14 13:16 - 2014-01-14 13:16 - 00000959 _____ C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-01-14 13:16 - 2014-01-14 13:16 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2014-01-14 13:06 - 2013-09-03 12:38 - 00000000 ____D C:\Users\Marshall Kline\AppData\Local\join.me
2014-01-11 03:07 - 2014-01-11 03:07 - 00000000 _____ C:\Windows\setuperr.log
2014-01-11 03:00 - 2013-08-31 07:03 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2014-01-09 22:43 - 2014-01-09 22:43 - 02749297 _____ C:\Users\Marshall Kline\Downloads\video-2011-09-01-01-02-54.mp4
2014-01-09 22:41 - 2014-01-09 22:41 - 00996278 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-21-58-40.mp4
2014-01-09 22:40 - 2014-01-09 22:40 - 01644183 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-14-10-57.mp4
2014-01-09 22:39 - 2014-01-09 22:39 - 00964831 _____ C:\Users\Marshall Kline\Downloads\video-2011-08-29-12-45-46.mp4
2014-01-09 01:50 - 2014-01-09 01:50 - 00000000 ____D C:\Users\Marshall Kline\Documents\Documents\ProcAlyzer Dumps
2014-01-08 00:19 - 2014-01-08 00:19 - 00002144 _____ C:\{2BDD2BE0-6F05-45AA-8B22-085747EC091C}
2014-01-07 19:41 - 2013-09-02 14:39 - 00000000 ____D C:\Users\Marshall Kline\Desktop\Wexell
2014-01-07 09:48 - 2014-01-07 09:48 - 00002184 _____ C:\{D9C636DE-1D5D-495C-9AC4-93867FC8C9EB}
2014-01-03 07:41 - 2014-01-03 07:41 - 00002000 _____ C:\{0BDBEB68-281C-4789-B1EF-4D8B82C3450F}
2014-01-03 04:12 - 2013-03-24 13:56 - 00000000 ____D C:\Users\Marshall Kline\Clip it Snips save folder
2014-01-02 12:46 - 2014-01-02 12:46 - 00000039 _____ C:\Users\Marshall Kline\Downloads\text_0.txt
2014-01-01 15:43 - 2013-06-20 13:29 - 00000000 ____D C:\Program Files (x86)\JDownloader
2014-01-01 14:19 - 2014-01-01 14:19 - 00001107 _____ C:\Users\Marshall Kline\Desktop\Add_a_device_or_computer_to_a_network_usb - Shortcut.lnk
2014-01-01 13:39 - 2013-12-06 19:14 - 00000000 ____D C:\Users\Marshall Kline\AppData\Roaming\DictAddon
2013-12-28 22:32 - 2013-12-28 22:32 - 00002184 _____ C:\{85C296F9-7060-46B0-840C-E57331CD50A3}
2013-12-28 11:19 - 2013-12-28 11:19 - 00688992 ____R (Swearware) C:\Users\Marshall Kline\Desktop\dds.scr
2013-12-27 01:41 - 2013-07-09 14:41 - 00000982 _____ C:\Users\Public\Desktop\GOM Player.lnk
2013-12-27 01:41 - 2013-04-21 14:15 - 00001006 _____ C:\Users\Marshall Kline\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2013-12-25 09:27 - 2013-12-25 09:27 - 00002312 _____ C:\{29A7B864-C708-4837-9FA3-DF1630247DD5}
2013-12-25 09:18 - 2013-12-25 09:18 - 00002144 _____ C:\{410D2A5F-7AE4-4705-B5BC-2D8F9BDCA540}
2013-12-25 07:07 - 2013-12-25 07:07 - 00002024 _____ C:\{03B618D1-ED51-4B06-99EE-AC4118360F84}
2013-12-25 06:55 - 2013-12-25 06:55 - 00002512 _____ C:\{D03E5CA2-CD56-4DD4-80AE-60DD1FAA156B}
2013-12-25 05:57 - 2013-12-25 05:57 - 00002184 _____ C:\{88B64676-24F7-43DD-8FBC-718CEEC1B0D8}
2013-12-25 04:37 - 2013-12-25 04:21 - 220238862 _____ C:\Users\Marshall Kline\Downloads\4816323.mp4
2013-12-25 04:36 - 2013-12-25 04:32 - 76310102 _____ C:\Users\Marshall Kline\Downloads\4816377.mp4
2013-12-25 04:30 - 2013-12-25 04:27 - 38229838 _____ C:\Users\Marshall Kline\Downloads\4816332.mp4
2013-12-25 04:27 - 2013-12-25 04:24 - 36341810 _____ C:\Users\Marshall Kline\Downloads\4816346.mp4
2013-12-25 04:26 - 2013-12-25 04:21 - 79082046 _____ C:\Users\Marshall Kline\Downloads\4816287.mp4
2013-12-25 03:11 - 2011-07-12 12:21 - 00756982 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-24 14:43 - 2013-12-06 19:13 - 00001750 _____ C:\Users\Public\Desktop\Express Files.lnk
 
Files to move or delete:
====================
C:\Users\Marshall Kline\AppData\Roaming\Camdata.ini
C:\Users\Marshall Kline\AppData\Roaming\CamLayout.ini
C:\Users\Marshall Kline\AppData\Roaming\CamShapes.ini
C:\Users\Marshall Kline\AppData\Roaming\desktop.ini
C:\ProgramData\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\Marshall Kline\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-22 13:10
 
==================== End Of Log ============================
Link to post
Share on other sites

here is the 2nd report

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2014 02

Ran by Marshall Kline at 2014-01-22 13:39:07

Running from C:\Users\Marshall Kline\Desktop\Farbar

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Norton 360 Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton 360 Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 Online (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

3CXPhone (x32 Version: 4.0.20981.0 - 3CX)

7-Zip 9.22beta (x32 Version:  - )

AC3Filter 2.5b (x32 Version: 2.5b - Alexander Vigovsky)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)

Apple Application Support (x32 Version: 2.3.3 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Auto Gordian Knot 2.40 (x32 Version: 2.40 - len0x)

AviSynth 2.5 (x32 Version: 2.6.0.2 - GPL Public release.)

AVS Video Converter 8 (x32 Version: 8.3.2.533 - Online Media Technologies Ltd.)

BDlot DVD ISO Master 3.0.2 (x32 Version:  - LotSoft)

Canon MG2100 series MP Drivers (Version:  - )

Canon MG2100 series On-screen Manual (x32 Version:  - )

Canon MG2100 series User Registration (x32 Version:  - )

Canon MP Navigator EX 5.0 (x32 Version:  - )

Canon My Printer (x32 Version:  - )

Canon Solution Menu EX (x32 Version:  - )

CCleaner (Version: 4.08 - Piriform)

Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000 - Microsoft Corporation)

CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.)

CyberLink DVD Suite Deluxe (x32 Version: 6.0.2111 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (x32 Version: 4.47.1.0333 - Disc Soft Ltd)

DivX Setup (x32 Version: 2.6.1.90 - DivX, LLC)

DVD Decrypter (Remove Only) (x32 Version:  - )

DVD Rebuilder (x32 Version: Free v0.98.2 - jdobbs softworks and rockas association)

DVD Shrink 3.2 (x32 Version:  - DVD Shrink)

Enhanced Multimedia Keyboard Solution (x32 Version: 1.0.9.2 - Hewlett-Packard)

ffdshow v1.1.3476 [2010-06-15] (x32 Version: 1.1.3476.0 - )

Free Video Cutter 1.1 (x32 Version:  - Tomatosoft)

Freemake Audio Converter version 1.1.0 (x32 Version: 1.1.0 - Ellora Assets Corporation)

Freemake Music Box (x32 Version: 1.0.0 - Ellora Assets Corporation)

Freemake Video Converter version 4.1.0 (x32 Version: 4.1.0 - Ellora Assets Corporation)

GOM Player (x32 Version: 2.2.56.5181 - Gretech Corporation)

Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)

Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)

Google Earth (x32 Version: 7.1.2.2019 - Google)

Google Talk Plugin (x32 Version: 5.1.2.17113 - Google)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

Hardware Diagnostic Tools (Version: 5.1.4976.17 - PC-Doctor, Inc.)

HP MediaSmart DVD (x32 Version: 2.2.3309 - Hewlett-Packard)

HP MediaSmart DVD (x32 Version: 2.2.3309 - Hewlett-Packard) Hidden

HP Picasso Media Center Add-In (x32 Version: 9.1.7.0 - Hewlett-Packard Development Company, L.P.) Hidden

HP Recovery Manager RSS (x32 Version: 91.0.0.10 - Hewlet Packard Company) Hidden

HP Support Solutions Framework (x32 Version: 11.50.0000 - Hewlett-Packard Company)

HPAsset component for HP Active Support Library (x32 Version: 3.0.1.0 - Hewlett-Packard) Hidden

iCloud (Version: 2.1.2.8 - Apple Inc.)

iMesh (x32 Version: 11.0.0.130891 - iMesh Inc.)

ImgBurn (x32 Version: 2.5.8.0 - LIGHTNING UK!)

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

KENWOOD Music Editor Light (x32 Version: 1.2 - JVCKENWOOD Corporation)

LogMeIn (x32 Version: 4.1.1586 - LogMeIn, Inc.)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (ITA) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Italiano) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Default Manager (x32 Version: 2.1.54.0 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Silverlight (x32 Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

Microsoft Works (x32 Version: 9.7.0621 - Microsoft Corporation)

Microsoft Works 6-9 Converter (x32 Version: 14.0.6120.5002 - Microsoft Corporation)

Motorola Phone Tools (x32 Version: 4.30 - BVRP Software) Hidden

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

Norton 360 (x32 Version: 6.4.1.14 - Symantec Corporation)

NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden

NVIDIA Display Control Panel (Version: 6.14.11.9713 - NVIDIA Corporation)

NVIDIA Drivers (Version: 1.10.62.40 - NVIDIA Corporation)

NVIDIA ForceWare Network Access Manager (x32 Version: 1.00.7325.0 - NVIDIA Corporation)

NVIDIA Graphics Driver 307.83 (Version: 307.83 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden

NVIDIA Update 1.10.8 (Version: 1.10.8 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden

Picasa 3 (x32 Version: 3.9 - Google, Inc.)

PictureMover (x32 Version: 3.3.1.7 - Hewlett-Packard Company)

Prism Video File Converter (x32 Version:  - NCH Software)

Python 2.5.2 (x32 Version: 2.5.2150 - Python Software Foundation)

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.7083 - Realtek Semiconductor Corp.)

Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden

Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)

Skype™ 6.9 (x32 Version: 6.9.106 - Skype Technologies S.A.)

SlimCleaner (x32 Version: 4.0.30878 - SlimWare Utilities, Inc.)

SlimComputer (x32 Version: 1.3.30878 - SlimWare Utilities, Inc.)

SlimDrivers (x32 Version: 2.2.32705 - SlimWare Utilities, Inc.)

Sothink Movie DVD Maker (x32 Version: 3.8 - SourceTec Software Co., LTD)

Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1 - Microsoft Corporation)

VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden

VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN)

VobSub v2.23 (Remove Only) (x32 Version:  - )

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

WinPcap 4.1.2 (x32 Version: 4.1.0.2001 - CACE Technologies)

WinRAR 5.01 (64-bit) (Version: 5.01.0 - win.rar GmbH)

Wise Registry Cleaner 7.91 (x32 Version: 7.91 - WiseCleaner.com, Inc.)

X-Lite 3.0 (x32 Version:  - CounterPath Solutions Inc.)

XviD MPEG4 Video Codec (remove only) (x32 Version:  - )

Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)

Zoiper (x32 Version: 2.41 - Attractel)

Zoiper Web (x32 Version: 2.07 - Zoiper Web)

 

==================== Restore Points  =========================

 

22-01-2014 15:17:52 Right before fixing

 

==================== Hosts content: ==========================

 

2006-11-02 05:34 - 2014-01-22 11:02 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {003DFA2C-2035-4F27-A660-6C4AF1797688} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {0BD59620-BFE0-45D2-B410-E6630A29268F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000UA => C:\Users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)

Task: {0D0C3111-67F4-4EA6-9529-E76D51D77258} - System32\Tasks\Patch My PC => C:\Users\Marshall Kline\Documents\Documents\Downloads\Download App\copy3-PatchMyPC.exe [2013-09-14] (www.patchmypc.net)

Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {1B61AD4D-6E69-4987-9816-5735558E90C2} - System32\Tasks\{2E61F407-3CB0-4199-B964-4240A2BCE81E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)

Task: {1CA05429-988D-429C-9D6C-C1FA26EFF93E} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe

Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)

Task: {2FAC7307-53B8-420F-938D-C3B1B7F82B1D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)

Task: {3C2E7C32-64F5-4106-A4BD-5A7BBF335CA7} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe

Task: {3D47C6A3-CC60-4CB9-9A3D-31B3508E8889} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-659313338-2668998109-2394682488-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {3F5CA8D2-FEA5-4204-8167-DD1512D2AD84} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-659313338-2668998109-2394682488-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {41F42873-B3FD-435A-AB3E-41C778099D53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)

Task: {48A9F999-B5BD-4A7E-A525-C719169BA7DC} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {5524DCE9-FF41-44D8-9023-DA1FA664E92F} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-659313338-2668998109-2394682488-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {5AA8A9EF-4942-45D6-9EB1-F20C58D7B232} - \Express FilesUpdate No Task File

Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {7D7798B9-1C73-4BC0-9054-6E675F78FCB9} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe

Task: {7F9EC898-6695-4135-98CC-17D4990DA3EE} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)

Task: {8417B07D-0049-4591-AD39-166B8CE5CB31} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000Core => C:\Users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-07] (Google Inc.)

Task: {8C750D08-4B8B-4616-957F-08712B2B70CA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {8D2132EA-DADF-4ADE-B9DE-50B36178CB9B} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe

Task: {9A27CD9B-4D80-4321-B187-196BFE918729} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-659313338-2668998109-2394682488-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

Task: {A2CF2C5A-70C4-41EA-A8D1-2F0F369BB7B6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)

Task: {B6A0C876-E557-46D2-BA37-3E681601EE2A} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {BE625C7D-AF0F-4115-A0AA-B516BBC2CC48} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)

Task: {C53621D6-5C39-456C-804B-3E08C1260D25} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-27] (Google Inc.)

Task: {C5DD4742-3116-4821-8863-F6C39A0E14D3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\WSCStub.exe [2013-02-01] (Symantec Corporation)

Task: {CFF99D9D-93CB-4A87-878D-5A9316EB3CA3} - System32\Tasks\SlimComputer Run => C:\Program Files (x86)\SlimComputer\SlimComputer.exe [2013-07-10] (SlimWare Utilities, Inc.)

Task: {D32E1729-7AAB-4AF1-9D89-0DD3BDD84659} - System32\Tasks\PCDRScheduledMaintenance => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10] (PC-Doctor, Inc.)

Task: {D636D320-27E3-46F4-B87A-318629FD5699} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDScan.exe

Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()

Task: {ED2C31E2-40BD-4AAA-8526-4BA64168107C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {F4150561-6D4D-46D1-B209-DFBEC278FDA1} - System32\Tasks\{A379A023-E4C5-4388-937D-6AC60E738618} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-10-02] (Skype Technologies S.A.)

Task: {FE1494FC-6D20-4D4D-B2DE-DF8EA9BE4AD4} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000Core.job => C:\Users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-659313338-2668998109-2394682488-1000UA.job => C:\Users\Marshall Kline\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\PCDRScheduledMaintenance.job => C:\Program Files\PC-Doctor for Windows\pcdr5cuiw32.exe

Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDImmunize.exe

Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Users\Marshall Kline\Desktop\UTILITY CLEAN UP FOLDER\Spybot - Search & Destroy 2\SDScan.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-05 12:58 - 2013-04-05 12:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll

2011-04-20 01:21 - 2011-04-20 01:21 - 00045056 _____ () C:\Windows\system32\atitmp64.dll

2013-11-15 12:11 - 2013-12-05 12:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-01-15 14:00 - 2014-01-11 03:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll

2014-01-15 14:01 - 2014-01-11 03:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll

2014-01-15 14:00 - 2014-01-11 03:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

2014-01-08 12:30 - 2014-01-08 12:30 - 04591616 _____ () C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll

2014-01-08 12:30 - 2014-01-08 12:30 - 00112128 _____ () C:\Users\Marshall Kline\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll

2013-05-07 17:42 - 2006-10-06 15:29 - 00061440 _____ () C:\Program Files (x86)\CounterPath\X-Lite\AEC_PC_DLL.dll

2011-11-08 12:26 - 2006-10-06 15:39 - 00025632 _____ () C:\Program Files (x86)\CounterPath\X-Lite\PlantronicsDeviceEventSink.dll

2012-01-24 07:17 - 2012-01-24 07:17 - 07417400 _____ () C:\Program Files (x86)\Zoiper Web\npZoiper.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

AlternateDataStreams: C:\ProgramData\Temp:0671E3E6

AlternateDataStreams: C:\ProgramData\Temp:067BF339

AlternateDataStreams: C:\ProgramData\Temp:06E98522

AlternateDataStreams: C:\ProgramData\Temp:0C889ACE

AlternateDataStreams: C:\ProgramData\Temp:0E1DD4C5

AlternateDataStreams: C:\ProgramData\Temp:1D6C15BD

AlternateDataStreams: C:\ProgramData\Temp:1E93E0ED

AlternateDataStreams: C:\ProgramData\Temp:27652001

AlternateDataStreams: C:\ProgramData\Temp:31DA5CFD

AlternateDataStreams: C:\ProgramData\Temp:3BE982EA

AlternateDataStreams: C:\ProgramData\Temp:3C6E4889

AlternateDataStreams: C:\ProgramData\Temp:3D0C4F47

AlternateDataStreams: C:\ProgramData\Temp:42478B0E

AlternateDataStreams: C:\ProgramData\Temp:4A74A9A7

AlternateDataStreams: C:\ProgramData\Temp:4D43C74C

AlternateDataStreams: C:\ProgramData\Temp:5C4EE682

AlternateDataStreams: C:\ProgramData\Temp:7169BE62

AlternateDataStreams: C:\ProgramData\Temp:79CBD5FF

AlternateDataStreams: C:\ProgramData\Temp:7D371AB2

AlternateDataStreams: C:\ProgramData\Temp:7DC06387

AlternateDataStreams: C:\ProgramData\Temp:80D975A5

AlternateDataStreams: C:\ProgramData\Temp:86B23CB4

AlternateDataStreams: C:\ProgramData\Temp:89C6F032

AlternateDataStreams: C:\ProgramData\Temp:89CC7FD8

AlternateDataStreams: C:\ProgramData\Temp:8C5315B5

AlternateDataStreams: C:\ProgramData\Temp:969736FD

AlternateDataStreams: C:\ProgramData\Temp:9CAC5FE6

AlternateDataStreams: C:\ProgramData\Temp:A13B1B25

AlternateDataStreams: C:\ProgramData\Temp:A93A1878

AlternateDataStreams: C:\ProgramData\Temp:AE498D0C

AlternateDataStreams: C:\ProgramData\Temp:B0669B28

AlternateDataStreams: C:\ProgramData\Temp:B22AB01A

AlternateDataStreams: C:\ProgramData\Temp:B838CD98

AlternateDataStreams: C:\ProgramData\Temp:BF079216

AlternateDataStreams: C:\ProgramData\Temp:D29B16C5

AlternateDataStreams: C:\ProgramData\Temp:D3EC24B3

AlternateDataStreams: C:\ProgramData\Temp:D6DD5F62

AlternateDataStreams: C:\ProgramData\Temp:D8A3B0BC

AlternateDataStreams: C:\ProgramData\Temp:DE6FE187

AlternateDataStreams: C:\ProgramData\Temp:E0E19514

AlternateDataStreams: C:\ProgramData\Temp:E3E01C22

AlternateDataStreams: C:\ProgramData\Temp:E6A94ABF

AlternateDataStreams: C:\ProgramData\Temp:E9900C74

AlternateDataStreams: C:\ProgramData\Temp:EF84937D

AlternateDataStreams: C:\ProgramData\Temp:F0CAA752

AlternateDataStreams: C:\ProgramData\Temp:F2337193

AlternateDataStreams: C:\ProgramData\Temp:FF23EFF2

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft 6to4 Adapter

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft 6to4 Adapter #2

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft 6to4 Adapter #3

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft 6to4 Adapter #6

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/22/2014 01:32:55 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/22/2014 01:31:58 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION STATE\LOG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/22/2014 01:31:58 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SYNC EXTENSION SETTINGS\DCPFHAGHAADPJPGOCOJGNLHJCIEEOOEL\LOG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/22/2014 00:55:23 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 00:48:32 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\000\P\PATHS\LOG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/22/2014 00:48:32 PM) (Source: Windows Search Service) (User: )

Description: The entry <C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\000\P\PATHS\LOG> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (01/22/2014 00:16:05 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 11:03:41 AM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 10:13:47 AM) (Source: Application Hang) (User: )

Description: The program ccSvcHst.exe version 11.2.3.6 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.

Process ID: d2c

Start Time: 01cf173e2a4d285d

Termination Time: 51

 

Error: (01/22/2014 08:29:02 AM) (Source: Application Error) (User: )

Description: Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp 0x49e02a1e, faulting module SDECon64.dll_unloaded, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000001100158f0,

process id 0xe40, application start time 0xExplorer.EXE0.

 

 

System errors:

=============

Error: (01/22/2014 01:28:51 PM) (Source: ipnathlp) (User: )

Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

 

Error: (01/22/2014 01:23:42 PM) (Source: ipnathlp) (User: )

Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

 

Error: (01/22/2014 01:14:07 PM) (Source: ipnathlp) (User: )

Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

 

Error: (01/22/2014 01:11:39 PM) (Source: ipnathlp) (User: )

Description: The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

 

Error: (01/22/2014 00:58:41 PM) (Source: ipnathlp) (User: )

Description: The ICS_IPV6 failed to configure IPv6 stack.

 

Error: (01/22/2014 00:55:26 PM) (Source: Service Control Manager) (User: )

Description: Beep

 

Error: (01/22/2014 00:55:26 PM) (Source: Service Control Manager) (User: )

Description: TeamViewer 9%%1053

 

Error: (01/22/2014 00:55:26 PM) (Source: Service Control Manager) (User: )

Description: 30000TeamViewer 9

 

Error: (01/22/2014 00:54:16 PM) (Source: Print) (User: NT AUTHORITY)

Description: The print spooler failed to share printer Canon MG2100 series Printer XPS (Copy 2) with shared resource name Canon MG2100 series Printer XPS (Copy 2). Error 2114. The printer cannot be used by others on the network.

 

Error: (01/22/2014 00:52:13 PM) (Source: DCOM) (User: )

Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

 

 

Microsoft Office Sessions:

=========================

Error: (01/22/2014 01:32:55 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION RULES\LOG

 

Error: (01/22/2014 01:31:58 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSION STATE\LOG

 

Error: (01/22/2014 01:31:58 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\SYNC EXTENSION SETTINGS\DCPFHAGHAADPJPGOCOJGNLHJCIEEOOEL\LOG

 

Error: (01/22/2014 00:55:23 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 00:48:32 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\000\P\PATHS\LOG

 

Error: (01/22/2014 00:48:32 PM) (Source: Windows Search Service)(User: )

Description: Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

C:\USERS\MARSHALL KLINE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\FILE SYSTEM\000\P\PATHS\LOG

 

Error: (01/22/2014 00:16:05 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 11:03:41 AM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/22/2014 10:13:47 AM) (Source: Application Hang)(User: )

Description: ccSvcHst.exe11.2.3.6d2c01cf173e2a4d285d51

 

Error: (01/22/2014 08:29:02 AM) (Source: Application Error)(User: )

Description: Explorer.EXE6.0.6002.1800549e02a1eSDECon64.dll_unloaded0.0.0.000000000c000000500000001100158f0e4001cf17401bfc5a8d

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-01-22 10:46:00.735

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 10:45:59.779

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2014-01-22 10:21:36.171

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:35.154

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:34.107

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:33.047

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\SYMEVENT64x86.SYS because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:14.364

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:13.314

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:12.173

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2014-01-22 10:21:11.092

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20140110.001\BHDrvx64.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 41%

Total physical RAM: 8189.45 MB

Available physical RAM: 4813.52 MB

Total Pagefile: 28628.39 MB

Available Pagefile: 25304.27 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (HP) (Fixed) (Total:452.6 GB) (Free:81.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.16 GB) (Free:1.24 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive k: (Elements) (Fixed) (Total:931.51 GB) (Free:46.39 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 466 GB) (Disk ID: 1549F232)

Partition 1: (Active) - (Size=453 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00098768)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Spybot - Search & Destroy is still listed in your add/remove programs, see if you can uninstall it.

You can also use CCleaner to uninstall it:

Open up CCleaner > Tools > Uninstall > highlight the program > Run uninstaller

See if PatchMyPC is also listed.

 

I'm looking over the logs now.  MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.