taponick Posted February 18, 2014 ID:793000 Share Posted February 18, 2014 I posted earlier in 'General PC Help' and got redirected here... Has anyone ever figured out why in rare instances MBAM writes its log files in Unicode character mapping?? I saw a couple of old posts along these lines, but no resolution. My log files are all in Unicode one attached, and are shown correctly in Word using Unicode mapping. I think I have a very hard to find issue with my machine, and this may be one of the symptoms. On the other hand, it might just be a wrong setting. (My region is US and language is English, nothing else outputs Unicode, just MBAM). Did a full scan with MBAM, McAfee, Kaspersky TDSS killer, Rogue Killer and Hittman Pro, found nothing. But I cannot update IE 11 or remove it - all other updates work fine. And I have this Unicode log file quirk in MBAM. Sooner or later I'm gonna pull the plug and restore in place. But I'd really like to know what happened. I attach: 1. A logfile from MBAM 2. The DDS logfiles ===============================================================MBAM logfile: ÿþM.a.l.w.a.r.e.b.y.t.e.s. .A.n.t.i.-.M.a.l.w.a.r.e. .(.P.R.O.). .1...7.5...0...1.3.0.0.....w.w.w...m.a.l.w.a.r.e.b.y.t.e.s...o.r.g.........D.a.t.a.b.a.s.e. .v.e.r.s.i.o.n.:. .v.2.0.1.4...0.2...1.7...0.5.........W.i.n.d.o.w.s. .7. .S.e.r.v.i.c.e. .P.a.c.k. .1. .x.6.4. .N.T.F.S.....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r. .1.1...0...9.6.0.0...1.6.4.7.6.....t.o.n.y. .:.:. .T.O.N.Y.-.P.C. .[.a.d.m.i.n.i.s.t.r.a.t.o.r.].........P.r.o.t.e.c.t.i.o.n.:. .D.i.s.a.b.l.e.d.........2./.1.7./.2.0.1.4. .1.2.:.5.6.:.4.1. .P.M.....m.b.a.m.-.l.o.g.-.2.0.1.4.-.0.2.-.1.7. .(.1.2.-.5.6.-.4.1.)...t.x.t.........S.c.a.n. .t.y.p.e.:. .F.l.a.s.h. .s.c.a.n.....S.c.a.n. .o.p.t.i.o.n.s. .e.n.a.b.l.e.d.:. .M.e.m.o.r.y. .|. .S.t.a.r.t.u.p. .|. .H.e.u.r.i.s.t.i.c.s./.E.x.t.r.a. .|. .H.e.u.r.i.s.t.i.c.s./.S.h.u.r.i.k.e.n. .|. .P.U.P. .|. .P.U.M.....S.c.a.n. .o.p.t.i.o.n.s. .d.i.s.a.b.l.e.d.:. .R.e.g.i.s.t.r.y. .|. .F.i.l.e. .S.y.s.t.e.m. .|. .P.2.P.....O.b.j.e.c.t.s. .s.c.a.n.n.e.d.:. .1.8.3.0.3.3.....T.i.m.e. .e.l.a.p.s.e.d.:. .1.9. .s.e.c.o.n.d.(.s.).........M.e.m.o.r.y. .P.r.o.c.e.s.s.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........M.e.m.o.r.y. .M.o.d.u.l.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........R.e.g.i.s.t.r.y. .K.e.y.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........R.e.g.i.s.t.r.y. .V.a.l.u.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........R.e.g.i.s.t.r.y. .D.a.t.a. .I.t.e.m.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........F.o.l.d.e.r.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........F.i.l.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........(.e.n.d.)..... DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2Run by tony at 8:08:27 on 2014-02-18Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2317 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\CISVC.EXEc:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\Explorer.EXEC:\Windows\System32\WUDFHost.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeC:\Windows\System32\rundll32.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exeC:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Windows\SysWOW64\WDBtnMgr.exeC:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exeC:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\SysWOW64\CTXFISPI.EXEC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Windows\SysWOW64\Ctxfihlp.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllBHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -uRun: [skyDrive] "C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exeuRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /logmRun: [NWEReboot] <no file>dRun: [CtxfiReg] CTXFIREG.exe /FAIL1StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.1.1TCP: Interfaces\{3AD0892A-9880-4828-B5C6-45EDAE67AA99} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906}\7384249423 : DHCPNameServer = 192.168.1.1 71.243.0.12Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs=SSODL: WebCheck - <orphaned>LSA: Authentication Packages = msv1_0 wvauthx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Coupon Alerts BHO: {F791D8AE-47E8-40A5-A913-EB2D2AF29602} -x64-BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dllx64-Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exex64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exex64-Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"x64-Run: [ATIModeChange] Ati2mdxx.exex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-10 56336]R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-10 203776]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-17 418376]R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-17 25928]R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2011-9-19 1047144]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-17 701512]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-10 79360]S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-10 79360]S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-17 57840]S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736]S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]S4 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-7-16 510752].=============== File Associations ===============.FileExt: .txt: Applications\poweredit.exe="C:\Program Files (x86)\PowerEdit\poweredit.exe" "%1" [userChoice].=============== Created Last 30 ================.2014-02-17 16:09:37 -------- d-----w- C:\Users\tony\AppData\Roaming\Malwarebytes2014-02-17 16:09:18 -------- d-----w- C:\ProgramData\Malwarebytes2014-02-17 16:09:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2014-02-17 16:09:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-17 13:24:45 -------- d-----w- C:\Users\tony\AppData\Roaming\Activeris2014-02-17 13:24:24 -------- d-----w- C:\Program Files (x86)\Bench2014-02-17 13:24:18 -------- d-----w- C:\Users\tony\AppData\Local\Popajar2014-02-17 13:24:05 -------- d-----w- C:\Users\tony\AppData\Local\SearchProtect2014-02-16 13:53:01 -------- d-----w- C:\Windows\System32\catroot2old2014-02-16 00:16:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy2014-02-16 00:16:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\ParetoLogic2014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\DriverCure2014-02-15 00:36:31 -------- d-----w- C:\ProgramData\ParetoLogic2014-02-15 00:34:40 -------- d-----w- C:\Users\tony\AppData\Local\Deployment2014-02-15 00:12:29 -------- d-----w- C:\AdwCleaner2014-02-14 23:32:45 -------- d-----w- C:\Users\tony\AppData\Local\CrashDumps2014-02-14 21:17:21 -------- d-----w- C:\ProgramData\HitmanPro2014-02-14 14:24:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D41BCBF7-1D7D-4440-AB13-CCF5F377FC44}\mpengine.dll2014-02-14 00:14:26 -------- d-----w- C:\Windows\CheckSur2014-02-13 19:10:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2014-02-13 15:33:50 741480 ------w- C:\Windows\System32\HPDiscoPM5B12.dll2014-02-13 15:33:38 -------- d-----w- C:\Program Files\HP2014-02-13 05:00:43 548864 ----a-w- C:\Windows\System32\vbscript.dll2014-02-13 05:00:43 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-01-30 15:23:31 -------- d-----w- C:\Program Files (x86)\Pegasus Imaging2014-01-30 15:14:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll2014-01-29 22:25:11 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-23 23:48:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint.==================== Find3M ====================.2014-02-05 01:20:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 01:20:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-11-26 23:29:48 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-11-26 22:49:20 6573056 ----a-w- C:\Windows\System32\mstscax.dll2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll.============= FINISH: 8:09:03.45 =============== DDS Attach.txt: I attached it. Hard to read otherwise. attach.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 20, 2014 Root Admin ID:794392 Share Posted February 20, 2014 Hello and Please read the following information below and post back the requested logs when ready.General P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.Before we proceed further, please read all of the following instructions carefully.If there is anything that you do not understand kindly ask before proceeding.If needed please print out these instructions.Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic:Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)STEP 0RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processesso that your normal security software can then run and clean your computer of infections.When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policiesthat stop us from using certain tools. When finished it will display a log file that shows the processes that wereterminated while the program was running.As RKill only terminates a program's running process, and does not delete any files, after running it you should not rebootyour computer as any malware processes that are configured to start automatically will just be started again.Instead, after running RKill you should immediately scan your computer using the requested scans I've included.Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1Link 2On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again.STEP 01Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup.Note: the default location is C:\Windows\ERDNT which is acceptable. [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exeSTEP 02Please download RogueKiller and save it to your desktop.You can check here if you're not sure if your computer is 32-bit or 64-bitRogueKiller 32-bit | RogueKiller 64-bit Quit all running programs. For Windows XP, double-click to start. For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run. Read and accept the EULA (End User Licene Agreement) Click Scan to scan the system. When the scan completes Close the program > Don't Fix anything! Don't run any other options, they're not all bad!! Post back the report which should be located on your desktop. Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794414 Share Posted February 21, 2014 Roger all that. 0. Ran RKill, RKill.txt posed at bottom. (I notice that this is coming out in Unicode too!) The process it stopped (WDBtMgr) is the Western Digital Button Manager for an external hard drive, this has been around for years with no apparent problem 1. Ran ERUNT, registry saved (but I didn't check, I trusted) 2. Ran RogueKiller, RK report posted below, RK Quarantine folder saved to desktop. Await further wisdom. I really appreciate your taking time to do this! T Aponick (Tony) RKill.txt ÿþR.k.i.l.l. .2...6...5. .b.y. .L.a.w.r.e.n.c.e. .A.b.r.a.m.s. .(.G.r.i.n.l.e.r.).....h.t.t.p.:././.w.w.w...b.l.e.e.p.i.n.g.c.o.m.p.u.t.e.r...c.o.m./.....C.o.p.y.r.i.g.h.t. .2.0.0.8.-.2.0.1.4. .B.l.e.e.p.i.n.g.C.o.m.p.u.t.e.r...c.o.m.....M.o.r.e. .I.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .R.k.i.l.l. .c.a.n. .b.e. .f.o.u.n.d. .a.t. .t.h.i.s. .l.i.n.k.:..... .h.t.t.p.:././.w.w.w...b.l.e.e.p.i.n.g.c.o.m.p.u.t.e.r...c.o.m./.f.o.r.u.m.s./.t.o.p.i.c.3.0.8.3.6.4...h.t.m.l.........P.r.o.g.r.a.m. .s.t.a.r.t.e.d. .a.t.:. .0.2./.2.0./.2.0.1.4. .0.6.:.5.1.:.1.0. .P.M. .i.n. .x.6.4. .m.o.d.e.......W.i.n.d.o.w.s. .V.e.r.s.i.o.n.:. .W.i.n.d.o.w.s. .7. .P.r.o.f.e.s.s.i.o.n.a.l. .S.e.r.v.i.c.e. .P.a.c.k. .1.........C.h.e.c.k.i.n.g. .f.o.r. .W.i.n.d.o.w.s. .s.e.r.v.i.c.e.s. .t.o. .s.t.o.p.:......... .*. .N.o. .m.a.l.w.a.r.e. .s.e.r.v.i.c.e.s. .f.o.u.n.d. .t.o. .s.t.o.p...........C.h.e.c.k.i.n.g. .f.o.r. .p.r.o.c.e.s.s.e.s. .t.o. .t.e.r.m.i.n.a.t.e.:......... .*. .C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.W.D.B.t.n.M.g.r...e.x.e. .(.P.I.D.:. .3.1.1.6.). .[.W.D.-.H.E.U.R.].........1. .p.r.o.c.c.e.s.s. .t.e.r.m.i.n.a.t.e.d.!.........C.h.e.c.k.i.n.g. .R.e.g.i.s.t.r.y. .f.o.r. .m.a.l.w.a.r.e. .r.e.l.a.t.e.d. .s.e.t.t.i.n.g.s.:......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d. .i.n. .t.h.e. .R.e.g.i.s.t.r.y...........R.e.s.e.t.t.i.n.g. ...E.X.E.,. ...C.O.M.,. .&. ...B.A.T. .a.s.s.o.c.i.a.t.i.o.n.s. .i.n. .t.h.e. .W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y...........P.e.r.f.o.r.m.i.n.g. .m.i.s.c.e.l.l.a.n.e.o.u.s. .c.h.e.c.k.s.:......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s. .S.e.r.v.i.c.e. .I.n.t.e.g.r.i.t.y.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........S.e.a.r.c.h.i.n.g. .f.o.r. .M.i.s.s.i.n.g. .D.i.g.i.t.a.l. .S.i.g.n.a.t.u.r.e.s.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........C.h.e.c.k.i.n.g. .H.O.S.T.S. .F.i.l.e.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........P.r.o.g.r.a.m. .f.i.n.i.s.h.e.d. .a.t.:. .0.2./.2.0./.2.0.1.4. .0.6.:.5.2.:.5.4. .P.M.....E.x.e.c.u.t.i.o.n. .t.i.m.e.:. .0. .h.o.u.r.s.(.s.).,. .1. .m.i.n.u.t.e.(.s.).,. .a.n.d. .4.4. .s.e.c.o.n.d.s.(.s.)..... RK Report.txt RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : tony [Admin rights]Mode : Scan -- Date : 02/20/2014 19:04:44| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND¤¤¤ Scheduled tasks : 1 ¤¤¤[V2][sUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [x] -> FOUND¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Browser Addons : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST31000528AS +++++--- User ---[MBR] eff5b03d65f541384fa9c7e432eee8b0[bSP] 6a1febd8552a31d891e36fc90a932978 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 750 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1697792 | Size: 953039 MoUser = LL1 ... OK!User = LL2 ... OK!+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk SanDisk Cruzer USB Device +++++--- User ---[MBR] f9fea5fa2c02941e7b8826eb1f747bd8[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR CodePartition table:0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 MoUser = LL1 ... OK!Error reading LL2 MBR! ([0x32] The request is not supported. )Finished : << RKreport[0]_S_02202014_190444.txt >> Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794511 Share Posted February 21, 2014 Please visit this webpage and read the ComboFix User's Guide:Once you've read the article and are ready to use the program you can download it directly from the link below. Important! - Please make sure you save combofix to your desktop and do not run it from your browser Direct download link for: ComboFix.exe Please make sure you disable your security applications before running ComboFix. Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load. Please attach that log file to your next reply. If needed the file can be located here: C:\combofix.txt NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer. Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794532 Share Posted February 21, 2014 Ron - Ran ComboFix, Log attached. I forgot that I had Windows Defender enabled. Should I run ComboFix again?? Tony ComboFix 14-02-20.01 - tony 02/20/2014 22:32:25.1.2 - x64Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.1976 [GMT -5:00]Running from: c:\users\tony\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\ENDc:\users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\index.datc:\users\tony\AppData\Local\Temp\_MEI7242\_ctypes.pydc:\users\tony\AppData\Local\Temp\_MEI7242\_elementtree.pydc:\users\tony\AppData\Local\Temp\_MEI7242\_hashlib.pydc:\users\tony\AppData\Local\Temp\_MEI7242\_multiprocessing.pydc:\users\tony\AppData\Local\Temp\_MEI7242\_socket.pydc:\users\tony\AppData\Local\Temp\_MEI7242\_ssl.pydc:\users\tony\AppData\Local\Temp\_MEI7242\pyexpat.pydc:\users\tony\AppData\Local\Temp\_MEI7242\pysqlite2._sqlite.pydc:\users\tony\AppData\Local\Temp\_MEI7242\python27.dllc:\users\tony\AppData\Local\Temp\_MEI7242\pythoncom27.dllc:\users\tony\AppData\Local\Temp\_MEI7242\PyWinTypes27.dllc:\users\tony\AppData\Local\Temp\_MEI7242\select.pydc:\users\tony\AppData\Local\Temp\_MEI7242\unicodedata.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32api.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32com.shell.shell.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32crypt.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32event.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32file.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32inet.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32pdh.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32pipe.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32process.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32profile.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32security.pydc:\users\tony\AppData\Local\Temp\_MEI7242\win32ts.pydc:\users\tony\AppData\Local\Temp\_MEI7242\windows._lib_cacheinvalidation.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._controls_.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._core_.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._gdi_.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._html2.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._misc_.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._windows_.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wx._wizard.pydc:\users\tony\AppData\Local\Temp\_MEI7242\wxbase294u_net_vc90.dllc:\users\tony\AppData\Local\Temp\_MEI7242\wxbase294u_vc90.dllc:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_adv_vc90.dllc:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_core_vc90.dllc:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_html_vc90.dllc:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_webview_vc90.dllc:\windows\SysWow64\ReadMe.txtc:\windows\SysWow64\testc:\windows\wininit.ini..((((((((((((((((((((((((( Files Created from 2014-01-21 to 2014-02-21 )))))))))))))))))))))))))))))))..2014-02-21 03:38 . 2014-02-21 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-20 23:57 . 2014-02-20 23:57 -------- d-----w- c:\program files (x86)\ERUNT2014-02-20 03:11 . 2014-02-20 03:11 -------- d-----w- c:\programdata\Microsoft OneDrive2014-02-20 02:45 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E77A58E-072B-423A-A299-C50DE4319329}\mpengine.dll2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\users\tony\AppData\Roaming\Malwarebytes2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\programdata\Malwarebytes2014-02-17 16:09 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2014-02-17 13:24 . 2014-02-17 14:22 -------- d-----w- c:\users\tony\AppData\Roaming\Activeris2014-02-17 13:24 . 2014-02-17 14:17 -------- d-----w- c:\program files (x86)\Bench2014-02-17 13:24 . 2014-02-17 13:24 -------- d-----w- c:\users\tony\AppData\Local\Popajar2014-02-17 13:24 . 2014-02-17 13:24 -------- d-----w- c:\users\tony\AppData\Local\SearchProtect2014-02-16 13:53 . 2014-02-16 13:58 -------- d-----w- c:\windows\system32\catroot2old2014-02-16 00:16 . 2014-02-16 03:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy2014-02-16 00:16 . 2014-02-16 03:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 22014-02-15 00:36 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Roaming\ParetoLogic2014-02-15 00:36 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Roaming\DriverCure2014-02-15 00:36 . 2014-02-15 01:05 -------- d-----w- c:\programdata\ParetoLogic2014-02-15 00:34 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Local\Deployment2014-02-15 00:12 . 2014-02-15 00:26 -------- d-----w- C:\AdwCleaner2014-02-14 23:32 . 2014-02-20 18:02 -------- d-----w- c:\users\tony\AppData\Local\CrashDumps2014-02-14 21:17 . 2014-02-14 21:27 -------- d-----w- c:\programdata\HitmanPro2014-02-14 00:14 . 2014-02-14 00:14 -------- d-----w- c:\windows\CheckSur2014-02-13 19:10 . 2014-02-13 19:10 -------- d-----w- c:\program files (x86)\Common Files\Java2014-02-13 19:10 . 2014-02-13 19:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-02-13 15:33 . 2012-11-01 18:38 741480 ------w- c:\windows\system32\HPDiscoPM5B12.dll2014-02-13 15:33 . 2014-02-13 15:33 -------- d-----w- c:\program files\HP2014-02-13 05:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll2014-02-13 05:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2014-01-30 15:23 . 2014-01-30 15:34 -------- d-----w- c:\program files (x86)\Pegasus Imaging2014-01-30 15:14 . 2000-01-04 11:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll2014-01-29 22:25 . 2014-01-29 22:25 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center2014-01-23 23:48 . 2014-01-24 02:06 -------- d-----w- c:\program files\Microsoft IntelliPoint...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-21 01:20 . 2012-04-06 12:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-02-21 01:20 . 2011-06-09 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-13 05:06 . 2010-02-17 03:00 88567024 ----a-w- c:\windows\system32\MRT.exe2013-12-18 11:13 . 2010-02-16 15:41 270496 ------w- c:\windows\system32\MpSigStub.exe2013-11-27 01:41 . 2014-01-15 02:59 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-27 01:41 . 2014-01-15 02:59 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-27 01:41 . 2014-01-15 02:59 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-27 01:41 . 2014-01-15 02:59 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-27 01:41 . 2014-01-15 02:59 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-27 01:41 . 2014-01-15 02:59 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-27 01:41 . 2014-01-15 02:59 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-26 11:54 . 2013-12-11 12:27 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 11:40 . 2014-01-15 02:59 376768 ----a-w- c:\windows\system32\drivers\netio.sys2013-11-26 10:32 . 2014-01-15 02:59 3156480 ----a-w- c:\windows\system32\win32k.sys2013-11-26 10:19 . 2013-12-11 12:28 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-11 12:28 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-11 12:28 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-11 12:27 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-11 12:27 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-11 12:28 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-11 12:28 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-11 12:28 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-11 12:28 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-11 12:28 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-11 12:27 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-11 12:27 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-11 12:28 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-11 12:27 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-11 12:27 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-11 12:27 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-11 12:27 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-11 12:27 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-11 12:27 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-11 12:27 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-11 12:27 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-11 12:27 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-11 12:27 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-11 12:21 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-11 12:21 465920 ----a-w- c:\windows\system32\WMPhoto.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SkyDrive"="c:\users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-02-20 257224]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"WD Button Manager"="WDBtnMgr.exe" [2010-02-16 364544]"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-02 336384]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1333024].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]@="".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]R4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 01:20].2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 09:37].2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 09:37]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}".[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exeWow6432Node-HKLM-Run-NWEReboot - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startBHO-{F791D8AE-47E8-40A5-A913-EB2D2AF29602} - c:\program files (x86)\Coupon Alerts\FrameworkBHO64.dllToolbar-Locked - (no file)HKLM-Run-ATIModeChange - Ati2mdxx.exeAddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exeAddRemove-V41 - c:\program files (x86)\V41\Uninst.isu...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Creative\Shared Files\CTAudSvc.exec:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exec:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exec:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe.**************************************************************************.Completion time: 2014-02-20 22:54:30 - machine was rebootedComboFix-quarantined-files.txt 2014-02-21 03:54.Pre-Run: 806,532,526,080 bytes freePost-Run: 810,048,524,288 bytes free.- - End Of File - - 129F12B812577BD4697A0F278373BDB0A36C5E4F47E84449FF07ED3517B43A31 Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794536 Share Posted February 21, 2014 Ron - Please note: After I ran Combofix, I had to reboot to get my normal desktop back. Works OK. However, my browser (IE11) will NOT go to Google or to the Wall St Journal publications - WSJ, Market Watch, Barrons. If I click on a link or a bookmark, the browser just pauses a little then does nothing - it stays right where it was. All other sites work normally (at least, the 20 or so I checked). Strange. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794546 Share Posted February 21, 2014 For now let's just reset all your browsers and go from there. Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Then run the following Please download MiniToolBox save it to your desktop and run it.Checkmark the following check-boxes:Flush DNS Report IE Proxy Settings Reset IE Proxy Settings Report FF Proxy Settings Reset FF Proxy Settings List content of Hosts List IP configuration List Winsock Entries List last 10 Event Viewer log List Installed Programs List Devices List Users, Partitions and Memory size. List Minidump FilesClick Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using Reset FF Proxy Settings option Firefox should be closed. Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794552 Share Posted February 21, 2014 OK. Did the reset, browser seems to be behaving now. I only have IE on my machine - I checked programs and features to try to be double sure. Then ran mini tool box - Here's the log: MiniToolBox by Farbar Version: 23-01-2014Ran by tony (administrator) on 21-02-2014 at 00:58:59Running from "C:\Users\tony\Desktop"Microsoft Windows 7 Professional Service Pack 1 (X64)Boot Mode: Normal***************************************************************************========================= Flush DNS: ===================================Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========================= IE Proxy Settings: ==============================Proxy is not enabled.No Proxy Server is set."Reset IE Proxy Settings": IE Proxy Settings were reset.========================= Hosts content: =================================127.0.0.1 localhost========================= IP Configuration: ================================ASUS USB-N13 300Mbps 11n Wireless USB dongle = Wireless Network Connection 3 (Connected)Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)# ----------------------------------# IPv4 Configuration# ----------------------------------pushd interface ipv4resetset global icmpredirects=enabledset interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledset interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledset interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledset interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledset interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabledpopd# End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : tony-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : homeWireless LAN adapter Wireless Network Connection 4: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2 Physical Address. . . . . . . . . : 30-85-A9-F4-46-E5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesWireless LAN adapter Wireless Network Connection 3: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : ASUS USB-N13 300Mbps 11n Wireless USB dongle Physical Address. . . . . . . . . : 30-85-A9-F4-46-E5 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::89a0:6ce6:8059:bbf5%18(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, February 20, 2014 11:08:16 PM Lease Expires . . . . . . . . . . : Friday, February 21, 2014 11:08:20 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 439387561 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-04-A7-CD-00-26-B9-7F-DE-E0 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : EnabledEthernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller Physical Address. . . . . . . . . : 00-26-B9-7F-DE-E0 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : YesTunnel adapter isatap.home: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : YesTunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1459:3dab:b881:9da(Preferred) Link-local IPv6 Address . . . . . : fe80::1459:3dab:b881:9da%17(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : DisabledServer: Wireless_Broadband_Router.homeAddress: 192.168.1.1Name: google.comAddresses: 2607:f8b0:4006:809::1008 74.125.226.161 74.125.226.165 74.125.226.167 74.125.226.163 74.125.226.174 74.125.226.162 74.125.226.160 74.125.226.164 74.125.226.168 74.125.226.166 74.125.226.169Pinging google.com [74.125.226.165] with 32 bytes of data:Reply from 74.125.226.165: bytes=32 time=15ms TTL=250Reply from 74.125.226.165: bytes=32 time=15ms TTL=250Ping statistics for 74.125.226.165: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 15ms, Average = 15msServer: Wireless_Broadband_Router.homeAddress: 192.168.1.1Name: yahoo.comAddresses: 98.138.253.109 98.139.183.24 206.190.36.45Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=33ms TTL=250Reply from 98.139.183.24: bytes=32 time=33ms TTL=250Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 33ms, Maximum = 33ms, Average = 33msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================Interface List 19...30 85 a9 f4 46 e5 ......Microsoft Virtual WiFi Miniport Adapter #2 18...30 85 a9 f4 46 e5 ......ASUS USB-N13 300Mbps 11n Wireless USB dongle 10...00 26 b9 7f de e0 ......Broadcom NetXtreme 57xx Gigabit Controller 1...........................Software Loopback Interface 1 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface===========================================================================IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.6 281 192.168.1.6 255.255.255.255 On-link 192.168.1.6 281 192.168.1.255 255.255.255.255 On-link 192.168.1.6 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.6 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.6 281===========================================================================Persistent Routes: NoneIPv6 Route Table===========================================================================Active Routes: If Metric Network Destination Gateway 17 58 ::/0 On-link 1 306 ::1/128 On-link 17 58 2001::/32 On-link 17 306 2001:0:5ef5:79fb:1459:3dab:b881:9da/128 On-link 18 281 fe80::/64 On-link 17 306 fe80::/64 On-link 17 306 fe80::1459:3dab:b881:9da/128 On-link 18 281 fe80::89a0:6ce6:8059:bbf5/128 On-link 1 306 ff00::/8 On-link 17 306 ff00::/8 On-link 18 281 ff00::/8 On-link===========================================================================Persistent Routes: None========================= Winsock entries =====================================Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)========================= Event log errors: ===============================Application errors:==================Error: (02/20/2014 01:02:51 PM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589aException code: 0xc0000005Fault offset: 0x00008be4Faulting process id: 0x1f80Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/20/2014 08:27:44 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589aException code: 0xc0000005Fault offset: 0x00008be4Faulting process id: 0x634Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/18/2014 09:18:12 PM) (Source: Application Hang) (User: )Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: ff0Start Time: 01cf2d18c7a34694Termination Time: 0Application Path: C:\Windows\SysWOW64\NOTEPAD.EXEReport Id: 124832c4-990c-11e3-975b-0026b97fdee0Error: (02/17/2014 07:56:04 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589aException code: 0xc0000005Fault offset: 0x00008be4Faulting process id: 0x25d8Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/15/2014 01:49:18 PM) (Source: Windows Search Service) (User: )Error: (02/14/2014 06:32:40 PM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390Exception code: 0xc0000005Fault offset: 0x000a7e13Faulting process id: 0xe20Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/13/2014 10:53:03 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x04860fa0Faulting process id: 0x1150Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/13/2014 10:53:00 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x04860fa0Faulting process id: 0x1150Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/13/2014 10:52:07 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc000041dFault offset: 0x04000f61Faulting process id: 0x13a4Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3Error: (02/13/2014 10:51:51 AM) (Source: Application Error) (User: )Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664cFaulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x04000f61Faulting process id: 0x13a4Faulting application start time: 0xIEXPLORE.EXE0Faulting application path: IEXPLORE.EXE1Faulting module path: IEXPLORE.EXE2Report Id: IEXPLORE.EXE3System errors:=============Error: (02/20/2014 11:08:31 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:CDRPDACCError: (02/20/2014 11:08:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\Windows\system32\Rtlihvs.dllError Code: 126Error: (02/20/2014 11:07:47 PM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (02/20/2014 11:06:27 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/20/2014 10:48:27 PM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:CDRPDACCError: (02/20/2014 10:48:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\Windows\system32\Rtlihvs.dllError Code: 126Error: (02/20/2014 10:47:39 PM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (02/20/2014 10:46:07 PM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Error: (02/20/2014 10:45:48 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error: (02/20/2014 10:45:43 PM) (Source: Service Control Manager) (User: )Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Microsoft Office Sessions:=========================Error: (10/18/2010 06:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128 seconds with 120 seconds of active time. This session ended with a crash.CodeIntegrity Errors:=================================== Date: 2014-02-20 23:07:47.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 23:07:47.390 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:47:39.593 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:47:39.437 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:38:16.503 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:38:16.353 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 20:50:10.311 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 20:50:10.155 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 11:05:58.427 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 11:05:58.256 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.=========================== Installed Programs ============================ Update for Microsoft Office 2007 (KB2508958)64 Bit HP CIO Components Installer (Version: 7.2.8)AccuBurn-R 1.3 (Version: 1.3)Adobe Acrobat 9 Standard - English, Français, Deutsch (Version: 9.5.5)Adobe Acrobat 9.5.5 - CPSID_83708Adobe AIR (Version: 3.3.0.3650)Adobe Anchor Service CS3 (Version: 1.0)Adobe Asset Services CS3 (Version: 3)Adobe Bridge CS3 (Version: 2)Adobe Bridge Start Meeting (Version: 1.0)Adobe Camera Raw 4.0 (Version: 4.0)Adobe CMaps (Version: 1.0)Adobe Color - Photoshop Specific (Version: 1.0)Adobe Color Common Settings (Version: 1.0)Adobe Color EU Extra Settings (Version: 1.0)Adobe Color JA Extra Settings (Version: 1.0)Adobe Color NA Recommended Settings (Version: 1.0)Adobe Default Language CS3 (Version: 1.0)Adobe Device Central CS3 (Version: 1.0)Adobe ExtendScript Toolkit 2 (Version: 2.0.2)Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)Adobe Fonts All (Version: 1.0)Adobe Help Viewer CS3 (Version: 1)Adobe Linguistics CS3 (Version: 3.0.0)Adobe PDF Library Files (Version: 8.0)Adobe Photoshop CS3 (Version: 10)Adobe Photoshop CS3 (Version: 10.0)Adobe Premiere Elements 11 (Version: 11.0)Adobe Setup (Version: 1.0)Adobe Stock Photos CS3 (Version: 1.5)Adobe Type Support (Version: 1.0)Adobe Update Manager CS3 (Version: 5.1.0)Adobe Version Cue CS3 Client (Version: 3)Adobe WinSoft Linguistics Plugin (Version: 1.0)Adobe XMP Panels CS3 (Version: 1.0)Amazon KindleAMD APP SDK Runtime (Version: 2.4.595.10)Apple Application Support (Version: 2.3.4)Apple Software Update (Version: 2.1.3.127)ATI Catalyst Install Manager (Version: 3.0.825.0)Bing Bar (Version: 7.0.850.0)BioAPI Framework (Version: 1.0.1)Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02)Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)calibre (Version: 0.9.27)Cartes du CielCatalyst Control Center - Branding (Version: 1.00.0000)Catalyst Control Center (Version: 2011.0602.1130.18753)Catalyst Control Center Graphics Previews Common (Version: 2011.0602.1130.18753)Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800)Catalyst Control Center InstallProxy (Version: 2011.0602.1130.18753)Catalyst Control Center Localization All (Version: 2011.0602.1130.18753)Catalyst Control Center Profiles Desktop (Version: 2011.0602.1130.18753)CCC Help Chinese Standard (Version: 2011.0602.1129.18753)CCC Help Chinese Traditional (Version: 2011.0602.1129.18753)CCC Help Czech (Version: 2011.0602.1129.18753)CCC Help Danish (Version: 2011.0602.1129.18753)CCC Help Dutch (Version: 2011.0602.1129.18753)CCC Help English (Version: 2011.0602.1129.18753)CCC Help Finnish (Version: 2011.0602.1129.18753)CCC Help French (Version: 2011.0602.1129.18753)CCC Help German (Version: 2011.0602.1129.18753)CCC Help Greek (Version: 2011.0602.1129.18753)CCC Help Hungarian (Version: 2011.0602.1129.18753)CCC Help Italian (Version: 2011.0602.1129.18753)CCC Help Japanese (Version: 2011.0602.1129.18753)CCC Help Korean (Version: 2011.0602.1129.18753)CCC Help Norwegian (Version: 2011.0602.1129.18753)CCC Help Polish (Version: 2011.0602.1129.18753)CCC Help Portuguese (Version: 2011.0602.1129.18753)CCC Help Russian (Version: 2011.0602.1129.18753)CCC Help Spanish (Version: 2011.0602.1129.18753)CCC Help Swedish (Version: 2011.0602.1129.18753)CCC Help Thai (Version: 2011.0602.1129.18753)CCC Help Turkish (Version: 2011.0602.1129.18753)ccc-utility64 (Version: 2011.0602.1130.18753)CD/DVD Diagnostic 3.1 (Version: 3.1)CONTACT ORGANIZER DELUXE (S) (Version: 2.7)Crayon Physics Deluxe - release 53Creative Audio Control Panel (Version: 3.00)Creative Software AutoUpdate (Version: 1.40)Creative Sound Blaster Properties x64 Edition (Version: 1.02)D3DX10 (Version: 15.4.2368.0902)DCP64MMWrapper (Version: 1.6.326.57)Dell Control Point 64 (Version: 1.6.326.57)Dell ControlPoint Security Manager (Version: 1.6.326.57)Dell ControlPoint System Manager (Version: 1.3.00000)Dell Edoc Viewer (Version: 1.0.0)Dell Embassy Trust Suite by Wave Systems (Version: 02.04.00.031)Dell Resource CD (Version: 1.00.0000)Dell Security Device Driver Pack (Version: 1.3.039)DeLorme Send To GPS 1.2DeLorme Send To GPS 1.5 (Version: 1.5)DeLorme Topo USA 8.0 (Version: 8.091.30874)Desktop Icon Position Saver (64-bit)Dolby Digital Live Pack (Version: 3.00)Elements 11 Organizer (Version: 11.0)EMBASSY Security Center Lite (Version: )EMBASSY Security Center Lite (Version: 03.10.00.038)EMBASSY Security Setup (Version: )EMBASSY Security Setup (Version: 03.10.00.041)ERUNT 1.1jESC Home Page Plugin (Version: )ESC Home Page Plugin (Version: 03.05.00.016)Gemalto (Version: 01.64.00.0010)GoldWave v5.13Google Drive (Version: 1.14.6059.644)Google Earth (Version: 7.1.2.2041)Google Update Helper (Version: 1.3.22.5)HP Officejet Pro 8100 Basic Device Software (Version: 28.0.1321.0)HP Update (Version: 5.005.000.002)IcoFX 1.6.3Intel® Matrix Storage ManagerIpswitch WS_FTP Professional 2007 (Version: 11.00.002)Java 7 Update 51 (Version: 7.0.510)Java Auto Updater (Version: 2.1.9.8)Junk Mail filter update (Version: 16.4.3508.0205)Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)Mathcad 14.0 M020 (Version: 14.0.2.0)Mathcad 14.0 M020 Help (Version: 14.0.2.0)Mathcad 14.0 M020 Resource Center (Version: 14.0.2.0)MeshLab 1.3.2 (Version: 1.3.2)MeshLab_64b 1.3.2 (Version: 1.3.2)MFCLOC (Version: 1.00.0000)Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)Microsoft Application Error Reporting (Version: 12.0.6012.5000)Microsoft Application Error Reporting (Version: 12.0.6015.5000)Microsoft Help Viewer 1.1 (Version: 1.1.40219)Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)Microsoft Office 2003 Web Components (Version: 11.0.8173.0)Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)Microsoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)Microsoft Office Outlook Connector (Version: 14.0.5118.5000)Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)Microsoft OneDrive (Version: 17.0.4029.0217)Microsoft Project 2000 SR-1 (Version: 9.00.4527)Microsoft Silverlight (Version: 5.1.20913.0)Microsoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)Microsoft SQL Server Native Client (Version: 9.00.5000.00)Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)Movie Maker (Version: 16.4.3508.0205)MSVC80_x64_v2 (Version: 1.0.3.0)MSVC80_x86_v2 (Version: 1.0.3.0)MSVC90_x64 (Version: 1.0.1.2)MSVC90_x86 (Version: 1.0.1.2)MSVCRT (Version: 15.4.2862.0708)MSVCRT_amd64 (Version: 15.4.2862.0708)MSVCRT110 (Version: 16.4.1108.0727)MSVCRT110_amd64 (Version: 16.4.1109.0912)MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)neroxml (Version: 1.0.0)Nokia Connectivity Cable Driver (Version: 7.1.101.0)Nokia Suite (Version: 3.7.22.0)NTRU TCG Software Stack (Version: 2.1.29)NVIDIA PhysX (Version: 9.09.0814)OpenALOpenOffice.org 3.4.1 (Version: 3.41.9593)Opti Drive Control 1.00PANDA-glGo (Version: 1.4)PC Connectivity Solution (Version: 12.0.76.0)PDF Settings (Version: 1.0)PEVSoft AssetXPEVSoft AttachmentMakerPEVSoft Images2TGA (Version: 1.13)PEVSoft Trainz Mesh Viewer 2Photo Gallery (Version: 16.4.3508.0205)PokeScope Pro 2.6Power Edit 1.1PowerDVD DX (Version: 8.3.5424)PRE11 STI 64Installer (Version: 11.0)Preboot Manager (Version: 02.10.00.031)QuickTime (Version: 7.74.80.86)Rapport (Version: 3.5.1201.94)Rockstar Games Social Club (Version: 1.0.6.1)Roxio Creator Audio (Version: 3.7.0)Roxio Creator Copy (Version: 3.7.0)Roxio Creator Data (Version: 3.7.0)Roxio Creator DE 10.3 (Version: 10.3)Roxio Creator DE 10.3 (Version: 3.7.0)Roxio Creator Tools (Version: 3.7.0)Roxio Express Labeler 3 (Version: 3.2.2)Roxio Update Manager (Version: 6.0.0)SimLab 3D PDF Exporter 2.3 From Google SketchUp (Version: 2.3)Simple Sudoku 4.1SketchUp Pro 8 (Version: 3.0.16846)SO64MMWrapper (Version: 1.6.326.57)Sound Blaster X-Fi (Version: 1.0)Spectrogram (Version: 14.0)SU Podium V2 1.0Trainz 'Blue Comet' Addon PackTrainz 'Duchess' Addon PackTrainz Simulator 12Trusted Drive Manager (Version: 3.1.0.116)Ubisoft Game Launcher (Version: 1.0.0.0)Update for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)UPEK TouchChip Fingerprint Reader (Version: 1.1.0)V41Wave Infrastructure Installer (Version: 07.64.19.0000)Wave Support Software (Version: )Wave Support Software (Version: 05.11.00.023)WebExWindows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)Windows Live Communications Platform (Version: 16.4.3508.0205)Windows Live Essentials (Version: 16.4.3508.0205)Windows Live Family Safety (Version: 16.4.3508.0205)Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)Windows Live Installer (Version: 16.4.3508.0205)Windows Live Mail (Version: 16.4.3508.0205)Windows Live Messenger (Version: 16.4.3508.0205)Windows Live MIME IFilter (Version: 16.4.3508.0205)Windows Live OneCare safety scannerWindows Live Photo Common (Version: 16.4.3508.0205)Windows Live PIMT Platform (Version: 16.4.3508.0205)Windows Live SOXE (Version: 16.4.3508.0205)Windows Live SOXE Definitions (Version: 16.4.3508.0205)Windows Live Sync (Version: 14.0.8089.726)Windows Live UX Platform (Version: 16.4.3508.0205)Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)Windows Live Writer (Version: 16.4.3508.0205)Windows Live Writer Resources (Version: 16.4.3508.0205)WinZip 14.5 (Version: 14.5.9095)Yahoo! Detect========================= Devices: ================================Name: WFP Lightweight FilterDescription: WFP Lightweight FilterClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: WfpLwfName: NETBTDescription: NETBTClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NetBTName: Generic volumeDescription: Generic volumeClass Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: volsnapName: Security DriverDescription: Security DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: secdrvName: E-mu Plug-in Architecture DriverDescription: E-mu Plug-in Architecture DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: emupiaName: Intel® 82801 PCI Bridge - 244EDescription: Intel® 82801 PCI Bridge - 244EClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: System speakerDescription: System speakerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: File as Volume DriverDescription: File as Volume DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: blbdriveName: Intel® 5520/5500/X58 I/O Hub System Management Registers - 342EDescription: Intel® 5520/5500/X58 I/O Hub System Management Registers - 342EClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService:Name: Intel® ICH10 Family USB Universal Host Controller - 3A39Description: Intel® ICH10 Family USB Universal Host Controller - 3A39Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: HID Keyboard DeviceDescription: HID Keyboard DeviceClass Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard keyboards)Service: kbdhidName: Generic Ultra HS-SD/MMC USB DeviceDescription: Disk driveClass Guid: {4d36e967-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard disk drives)Service: diskName: Winsock IFS DriverDescription: Winsock IFS DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: ws2ifslName: Security Processor Loader DriverDescription: Security Processor Loader DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: spldrName: Composite Bus EnumeratorDescription: Composite Bus EnumeratorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: CompositeBusName: PCI busDescription: PCI busClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: pciName: Generic USB HubDescription: Generic USB HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Generic USB Hub)Service: usbhubName: USB Mass Storage DeviceDescription: USB Mass Storage DeviceClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: Compatible USB storage deviceService: USBSTORName: NSI proxy service driver.Description: NSI proxy service driver.Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: nsiproxyName: User Mode Driver Frameworks Platform DriverDescription: User Mode Driver Frameworks Platform DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: WudfPfName: System CMOS/real time clockDescription: System CMOS/real time clockClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Microsoft Virtual WiFi Miniport Adapter #2Description: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpName: Microsoft USB Dual Receiver Wireless Keyboard (Mouse and Keyboard Center)Description: Microsoft USB Dual Receiver Wireless Keyboard (Mouse and Keyboard Center)Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: kbdhidName: Intel® ICH8R/ICH9R/ICH10R/DO/PCH SATA RAID ControllerDescription: Intel® ICH8R/ICH9R/ICH10R/DO/PCH SATA RAID ControllerClass Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: iaStorName: Intel® ICH10R LPC Interface Controller - 3A16Description: Intel® ICH10R LPC Interface Controller - 3A16Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: msisadrvName: Intel® ICH10 Family USB Enhanced Host Controller - 3A3ADescription: Intel® ICH10 Family USB Enhanced Host Controller - 3A3AClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbehciName: Microsoft System Management BIOS DriverDescription: Microsoft System Management BIOS DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: mssmbiosName: Generic volumeDescription: Generic volumeClass Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: volsnapName: System boardDescription: System boardClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Ancillary Function Driver for WinsockDescription: Ancillary Function Driver for WinsockClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: AFDName: WAN Miniport (IKEv2)Description: WAN Miniport (IKEv2)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasAgileVpnName: NullDescription: NullClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NullName: Numeric data processorDescription: Numeric data processorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: USB Composite DeviceDescription: USB Composite DeviceClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbccgpName: amdkmdagDescription: amdkmdagClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: amdkmdagName: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)Description: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: mouhidName: F:\Description: Ultra HS-SD/MMCClass Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: GenericService: WUDFRdName: Creative OS Services DriverDescription: Creative OS Services DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: ossrvName: ACPI Fixed Feature ButtonDescription: ACPI Fixed Feature ButtonClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: ACPI Power ButtonDescription: ACPI Power ButtonClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Disk Virtual Machine Bus Acceleration Filter DriverDescription: Disk Virtual Machine Bus Acceleration Filter DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: storfltName: Mount Point ManagerDescription: Mount Point ManagerClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: mountmgrName: WAN Miniport (L2TP)Description: WAN Miniport (L2TP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: Rasl2tpName: Intel® 5520/5500/X58 I/O Hub to ESI Port - 3405Description: Intel® 5520/5500/X58 I/O Hub to ESI Port - 3405Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService:Name: BeepDescription: BeepClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: BeepName: Intel® ICH10 Family SMBus Controller - 3A30Description: Intel® ICH10 Family SMBus Controller - 3A30Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService:Name: ST31000528ASDescription: Disk driveClass Guid: {4d36e967-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard disk drives)Service: diskName: Intel® ICH10 Family USB Enhanced Host Controller - 3A3CDescription: Intel® ICH10 Family USB Enhanced Host Controller - 3A3CClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbehciName: Microsoft Hardware USB KeyboardDescription: Microsoft Hardware USB KeyboardClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService: HidUsbName: PBADRVDescription: PBADRVClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: PBADRVName: UMBus EnumeratorDescription: UMBus EnumeratorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: umbusName: Generic volumeDescription: Generic volumeClass Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: volsnapName: Microsoft Windows Management Interface for ACPIDescription: Microsoft Windows Management Interface for ACPIClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: WmiAcpiName: Intel® Xeon® CPU W3505 @ 2.53GHzDescription: Intel ProcessorClass Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}Manufacturer: IntelService: intelppmName: TCP/IP Protocol DriverDescription: TCP/IP Protocol DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: TcpipName: Windows Firewall Authorization DriverDescription: Windows Firewall Authorization DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: mpsdrvName: WAN Miniport (Network Monitor)Description: WAN Miniport (Network Monitor)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanName: Bitlocker Drive Encryption Filter DriverDescription: Bitlocker Drive Encryption Filter DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: fvevolName: HID-compliant consumer control deviceDescription: HID-compliant consumer control deviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService:Name: Performance Counters for Windows DriverDescription: Performance Counters for Windows DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: pcwName: TCP/IP Registry CompatibilityDescription: TCP/IP Registry CompatibilityClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: tcpipregName: Dell U2410(DP)Description: Dell U2410(DP)Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}Manufacturer: Dell Inc.Service: monitorName: WAN Miniport (IP)Description: WAN Miniport (IP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanName: Creative 20X2 HAL DriverDescription: Creative 20X2 HAL DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: ha20x22kName: USB Input DeviceDescription: USB Input DeviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: (Standard system devices)Service: HidUsbName: PEAUTHDescription: PEAUTHClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: PEAUTHName: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 1 - 3408Description: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 1 - 3408Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: Intel® ICH10 Family USB Universal Host Controller - 3A34Description: Intel® ICH10 Family USB Universal Host Controller - 3A34Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: Microsoft ACPI-Compliant SystemDescription: Microsoft ACPI-Compliant SystemClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: ACPIName: Intel® ICH10 Family PCI Express Root Port 1 - 3A40Description: Intel® ICH10 Family PCI Express Root Port 1 - 3A40Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: WAN Miniport (IPv6)Description: WAN Miniport (IPv6)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: NdisWanName: TDTCPDescription: TDTCPClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: TDTCPName: Common Log (CLFS)Description: Common Log (CLFS)Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CLFSName: Printer Port Logical InterfaceDescription: Printer Port Logical InterfaceClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: HTTPDescription: HTTPClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: HTTPName: HID-compliant consumer control deviceDescription: HID-compliant consumer control deviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService:Name: Generic volumeDescription: Generic volumeClass Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: volsnapName: Generic volume shadow copyDescription: Generic volume shadow copyClass Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}Manufacturer: MicrosoftService:Name: UMBus EnumeratorDescription: UMBus EnumeratorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: umbusName: CNGDescription: CNGClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CNGName: NetIO Legacy TDI Support DriverDescription: NetIO Legacy TDI Support DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: tdxName: WAN Miniport (PPPOE)Description: WAN Miniport (PPPOE)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasPppoeName: Microsoft Mouse and Keyboard Detection Driver (USB)Description: Microsoft Mouse and Keyboard Detection Driver (USB)Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: MicrosoftService: usbccgpName: Hardware Policy DriverDescription: Hardware Policy DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: hwpolicyName: ATI FirePro V8700 (FireGL)Description: ATI FirePro V8700 (FireGL)Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}Manufacturer: ATI Technologies Inc.Service: amdkmdapName: Intel® Xeon® CPU W3505 @ 2.53GHzDescription: Intel ProcessorClass Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}Manufacturer: IntelService: intelppmName: Offline Files DriverDescription: Offline Files DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CSCName: Remote Desktop Services Security Filter DriverDescription: Remote Desktop Services Security Filter DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: tssecsrvName: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 3 - 340ADescription: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 3 - 340AClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: Intel® ICH10 Family USB Universal Host Controller - 3A35Description: Intel® ICH10 Family USB Universal Host Controller - 3A35Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: Intel® ICH10 Family PCI Express Root Port 6 - 3A4ADescription: Intel® ICH10 Family PCI Express Root Port 6 - 3A4AClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: WAN Miniport (PPTP)Description: WAN Miniport (PPTP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: PptpMiniportName: KSecDDDescription: KSecDDClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: KSecDDName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: HID-compliant consumer control deviceDescription: HID-compliant consumer control deviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService:Name: Microsoft Hardware USB KeyboardDescription: Microsoft Hardware USB KeyboardClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService: HidUsbName: Generic volume shadow copyDescription: Generic volume shadow copyClass Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}Manufacturer: MicrosoftService:Name: CT20XUT.SYSDescription: CT20XUT.SYSClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CT20XUT.SYSName: QoS Packet SchedulerDescription: QoS Packet SchedulerClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: PschedName: WAN Miniport (SSTP)Description: WAN Miniport (SSTP)Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: RasSstpName: KSecPkgDescription: KSecPkgClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: KSecPkgName: SanDisk SanDisk Cruzer USB DeviceDescription: Disk driveClass Guid: {4d36e967-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard disk drives)Service: diskName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: VgaSaveDescription: VgaSaveClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: VgaSaveName: msisadrvDescription: msisadrvClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: msisadrvName: CTEXFIFX.SYSDescription: CTEXFIFX.SYSClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CTEXFIFX.SYSName: Creative SB X-FiDescription: Creative X-Fi Audio Processor (WDM)Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}Manufacturer: Creative Technology, Ltd.Service: ctaud2kName: HP Officejet Pro 8100Description: HP Officejet Pro 8100Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}Manufacturer: HPService:Name: Link-Layer Topology Discovery Mapper I/O DriverDescription: Link-Layer Topology Discovery Mapper I/O DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: lltdioName: ASUS USB-N13 300Mbps 11n Wireless USB dongleDescription: ASUS USB-N13 300Mbps 11n Wireless USB dongleClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: ASUSService: RTL8192cuName: Microsoft Hardware USB MouseDescription: Microsoft Hardware USB MouseClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService: HidUsbName: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 7 - 340EDescription: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 7 - 340EClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService: pciName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: Intel® ICH10 Family USB Universal Host Controller - 3A36Description: Intel® ICH10 Family USB Universal Host Controller - 3A36Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: HID-compliant deviceDescription: HID-compliant deviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: (Standard system devices)Service:Name: Virtual Machine BusDescription: Virtual Machine BusClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: vmbusName: Generic USB HubDescription: Generic USB HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Generic USB Hub)Service: usbhubName: Remote Desktop Device Redirector BusDescription: Remote Desktop Device Redirector BusClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: rdpbusName: CTHWIUT.SYSDescription: CTHWIUT.SYSClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: CTHWIUT.SYSName: RDPCDDDescription: RDPCDDClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: RDPCDDName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: Programmable interrupt controllerDescription: Programmable interrupt controllerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Terminal Server Keyboard DriverDescription: Terminal Server Keyboard DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: TermDDName: Dynamic Volume ManagerDescription: Dynamic Volume ManagerClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: volmgrxName: NativeWiFi FilterDescription: NativeWiFi FilterClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NativeWifiPName: USB Input DeviceDescription: USB Input DeviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: (Standard system devices)Service: HidUsbName: Terminal Server Device Redirector DriverDescription: Terminal Server Device Redirector DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: RDPDRName: Creative Proxy DriverDescription: Creative Proxy DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: ctprxy2kName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: Terminal Server Mouse DriverDescription: Terminal Server Mouse DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: TermDDName: LSI 1394 OHCI Compliant Host ControllerDescription: LSI 1394 OHCI Compliant Host ControllerClass Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}Manufacturer: LSIService: 1394ohciName: System timerDescription: System timerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Intel® 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers - 3422Description: Intel® 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers - 3422Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService:Name: Intel® ICH10 Family USB Universal Host Controller - 3A37Description: Intel® ICH10 Family USB Universal Host Controller - 3A37Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: Storage volumesDescription: Storage volumesClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: volsnapName: NDIS System DriverDescription: NDIS System DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NDISName: Plug and Play Software Device EnumeratorDescription: Plug and Play Software Device EnumeratorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: swenumName: RDP Encoder Mirror DriverDescription: RDP Encoder Mirror DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: RDPENCDDName: Creative SoundFont Management Device DriverDescription: Creative SoundFont Management Device DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: ctsfm2kName: Generic volumeDescription: Generic volumeClass Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}Manufacturer: MicrosoftService: volsnapName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: HL-DT-ST DVD+-RW GH50NDescription: CD-ROM DriveClass Guid: {4d36e965-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard CD-ROM drives)Service: cdromName: High precision event timerDescription: High precision event timerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: Microsoft ISATAP AdapterDescription: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelName: Microsoft SideWinder X4 Keyboard (Mouse and Keyboard Center)Description: Microsoft SideWinder X4 Keyboard (Mouse and Keyboard Center)Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: kbdhidName: Generic USB HubDescription: Generic USB HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Generic USB Hub)Service: usbhubName: Virtual WiFi Filter DriverDescription: Virtual WiFi Filter DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: vwififltName: NDIS Usermode I/O ProtocolDescription: NDIS Usermode I/O ProtocolClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NdisuioName: UMBus Root Bus EnumeratorDescription: UMBus Root Bus EnumeratorClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: umbusName: Reflector Display Driver used to gain access to graphics dataDescription: Reflector Display Driver used to gain access to graphics dataClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: RDPREFMPName: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: Microsoft Virtual Drive Enumerator DriverDescription: Microsoft Virtual Drive Enumerator DriverClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: vdrvrootName: Direct memory access controllerDescription: Direct memory access controllerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service:Name: ICRUZERDescription: SanDisk Cruzer Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}Manufacturer: SanDiskService: WUDFRdName: Generic volume shadow copyDescription: Generic volume shadow copyClass Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}Manufacturer: MicrosoftService:Name: Remote Access IPv6 ARP DriverDescription: Remote Access IPv6 ARP DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: Wanarpv6Name: NDProxyDescription: NDProxyClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: NDProxyName: Broadcom NetXtreme 57xx Gigabit ControllerDescription: Broadcom NetXtreme 57xx Gigabit ControllerClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: BroadcomService: b57nd60aName: Intel® 5520/5500/X58 I/O Hub Control Status and RAS Registers - 3423Description: Intel® 5520/5500/X58 I/O Hub Control Status and RAS Registers - 3423Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: IntelService:Name: Microsoft ISATAP Adapter #3Description: Microsoft ISATAP AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelName: Intel® ICH10 Family USB Universal Host Controller - 3A38Description: Intel® ICH10 Family USB Universal Host Controller - 3A38Class Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: IntelService: usbuhciName: System Attribute CacheDescription: System Attribute CacheClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: discacheName: RDP Winstation DriverDescription: RDP Winstation DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: RDPWDName: Volume ManagerDescription: Volume ManagerClass Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard system devices)Service: volmgrName: HID-compliant consumer control deviceDescription: HID-compliant consumer control deviceClass Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}Manufacturer: MicrosoftService:Name: USB Root HubDescription: USB Root HubClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: (Standard USB Host Controller)Service: usbhubName: ECP Printer Port (LPT1)Description: ECP Printer PortClass Guid: {4d36e978-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard port types)Service: ParportName: Teredo Tunneling Pseudo-InterfaceDescription: Microsoft Teredo Tunneling AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: tunnelName: Kernel Mode Driver Frameworks serviceDescription: Kernel Mode Driver Frameworks serviceClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: Wdf01000Name: Link-Layer Topology Discovery ResponderDescription: Link-Layer Topology Discovery ResponderClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: rspndrName: LDDM Graphics SubsystemDescription: LDDM Graphics SubsystemClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer:Service: DXGKrnlName: Generic volume shadow copyDescription: Generic volume shadow copyClass Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}Manufacturer: MicrosoftService:Name: PLDS DVD-ROM DH-16D5SDescription: CD-ROM DriveClass Guid: {4d36e965-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard CD-ROM drives)Service: cdromName: ACPI x64-based PCDescription: ACPI x64-based PCClass Guid: {4d36e966-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard computers)Service: \Driver\ACPI_HALName: Communications Port (COM1)Description: Communications PortClass Guid: {4d36e978-e325-11ce-bfc1-08002be10318}Manufacturer: (Standard port types)Service: SerialName: USB Mass Storage DeviceDescription: USB Mass Storage DeviceClass Guid: {36fc9e60-c465-11cf-8056-444553540000}Manufacturer: Compatible USB storage deviceService: USBSTOR========================= Memory info: ===================================Percentage of memory in use: 41%Total physical RAM: 4093.55 MBAvailable physical RAM: 2394.8 MBTotal Pagefile: 8185.29 MBAvailable Pagefile: 6176.25 MBTotal Virtual: 4095.88 MBAvailable Virtual: 3966.21 MB========================= Partitions: =====================================1 Drive c: (OS) (Fixed) (Total:930.7 GB) (Free:755.28 GB) NTFS2 Drive d: (Hom Bak 08) (CDROM) (Total:2.91 GB) (Free:0 GB) CDFS5 Drive i: (ICRUZER) (Removable) (Total:3.73 GB) (Free:1.91 GB) FAT32========================= Users: ========================================User accounts for \\TONY-PCAdministrator Guest tony ========================= Minidump Files ==================================No minidump file found**** End of log **** Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794554 Share Posted February 21, 2014 Please uninstall ALL versions of Java from your Control Panel, Add/RemoveThen run the following.Please download JavaRa-1.16 and save it to your computer.Double click to open the zip file and then select all and choose Copy.Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.Quit all browsers and other running applications.Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.From the drop-down menu, choose English and click on Select.JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.A logfile will pop up. Please save it to a convenient location and post it in your next reply. Then run this temporary file cleaner.Please Run TFC by OldTimer to clear temporary files:Download TFC from here and save it to your desktop.http://oldtimer.geekstogo.com/TFC.exeClose any open programs and Internet browsers.Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.Please be patient as clearing out temp files may take a while.Once it completes you may be prompted to restart your computer, please do so.Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files. Then Please run a Quick Scan with Malwarebytes and post the log:Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected. Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794570 Share Posted February 21, 2014 Ron- Removed Java 7 rev 51 which is all that was there (apparently) Ran JavaRA, removed older versions. Log attached. Ran TFC, it deleted about 350 MB without incident and without reboot. Ran MBAB with PUPs shown and checked. It found only one, and it was removed successfully. Log Attached. (I notice the log is STILL stored in unicode, I post the original popup version here) JavaRA Log: JavaRa 1.16 Removal Log.Report follows after line.------------------------------------The JavaRa removal process was started on Fri Feb 21 01:25:29 2014There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkitFound and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalledFound and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper ObjectsFound and removed: SOFTWARE\JavaSoftFound and removed: SOFTWARE\JreMetricsFound and removed: SOFTWARE\MozillaPlugins------------------------------------Finished reporting. MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.02.21.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476tony :: TONY-PC [administrator]Protection: Disabled2/21/2014 1:33:23 AMmbam-log-2014-02-21 (01-33-23).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 226685Time elapsed: 4 minute(s), 16 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 1HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} (PUP.Optional.CouponAlerts.A) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794571 Share Posted February 21, 2014 Okay, Please go ahead and run through the following steps and post back the logs when ready.STEP 03Please download Malwarebytes Anti-Rootkit from hereUnzip the contents to a folder in a convenient location. Open the folder where the contents were unzipped and run mbar.exe Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process. When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txtSTEP 04Please download Junkware Removal Tool to your desktop.Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirusSTEP 05Lets clean out any adware now: (this will require a reboot so save all your work)Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.Then..................Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.Make sure that everything is checked, and click Remove Selected.STEP 06Please go here to run the online antivirus scannner from ESET.Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked:Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.STEP 07Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bitDouble-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794653 Share Posted February 21, 2014 OK Ran MBAR as updated - it found nothing the first time through and only produced one log System-log.txt. It was in unicode, so I converted it in Word for easier reading. Shut down defender. Ran JRT. Log attached. Re-activated Defender. Ran AdwCleaner. Log attached. Ran MBAM with PUPs checked. Nothing found, log attached. Turned off defender again. Ran the ESET online scanner - nothing found, no log appended. I uninstalled the ESET files. Ran FRST, logs appended. MBAR system-log, converted from Unicode: --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 11.0.9600.16476 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.533000 GHz Memory total: 4292403200, free: 2253529088 Downloaded database version: v2014.02.21.03 Downloaded database version: v2014.02.20.01 Initializing... ====================== ------------ Kernel report ------------ 02/21/2014 02:05:38 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\vmbus.sys \SystemRoot\system32\drivers\winhv.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\vmstorfl.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\PBADRV64.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\serial.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\system32\drivers\csc.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\drivers\ctaud2k.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ctoss2k.sys \SystemRoot\system32\drivers\ctprxy2k.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\atikmpag.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\usbuhci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\b57nd60a.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\DRIVERS\parport.sys \SystemRoot\system32\DRIVERS\serenum.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\rdpbus.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\drivers\ha20x22k.sys \SystemRoot\system32\drivers\emupia2k.sys \SystemRoot\system32\drivers\ctsfm2k.sys \SystemRoot\System32\drivers\CTHWIUT.SYS \SystemRoot\System32\drivers\CT20XUT.SYS \SystemRoot\System32\drivers\CTEXFIFX.SYS \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\rtwlanu.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\dc3d.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\point64.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8008a74790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xfffffa80078bf2b0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80078ba060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xfffffa800792b2b0 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80051b0230 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa8004097050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80051b0230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80051b1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80051b0230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004097050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: F8000000 Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 160587 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 161792 Numsec = 1536000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1697792 Numsec = 1951823872 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa80078ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80081cdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80078ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800792b2b0, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 0 Partition information: Partition 0 type is Other (0xb) Partition is NOT ACTIVE. Partition starts at LBA: 38 Numsec = 7839682 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 4051697152 bytes Sector size: 512 bytes Done! Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8008a74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80078b6040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008a74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80078bf2b0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Scan finished JRT.txt: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.2 (02.20.2014:1)OS: Windows 7 Professional x64Ran by tony on Fri 02/21/2014 at 2:29:43.83~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somotoSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect ~~~ Files ~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\tony\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\tony\appdata\local\searchprotect"Successfully deleted: [Folder] "C:\Users\tony\documents\optimizer pro" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 02/21/2014 at 2:33:47.62End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwClean.txt # AdwCleaner v3.019 - Report created 21/02/2014 at 02:47:22# Updated 17/02/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (64 bits)# Username : tony - TONY-PC# Running from : C:\Users\tony\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\ParetoLogicFolder Deleted : C:\Program Files (x86)\BenchFolder Deleted : C:\Users\tony\AppData\Roaming\ParetoLogic***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}Key Deleted : HKCU\Software\ParetoLogicKey Deleted : HKCU\Software\PopajarKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\Software\BenchKey Deleted : HKLM\Software\caphyonKey Deleted : HKLM\Software\ParetoLogic***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Google Chrome v[ File : C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\preferences ]*************************AdwCleaner[R0].txt - [1324 octets] - [14/02/2014 19:12:44]AdwCleaner[R1].txt - [866 octets] - [14/02/2014 19:25:34]AdwCleaner[R2].txt - [1701 octets] - [21/02/2014 02:42:34]AdwCleaner[s0].txt - [1348 octets] - [14/02/2014 19:16:03]AdwCleaner[s1].txt - [1568 octets] - [21/02/2014 02:47:22]########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1628 octets] ########## MBAM.log (After AdwClean): Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.02.21.03Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476tony :: TONY-PC [administrator]Protection: Disabled2/21/2014 2:54:45 AMmbam-log-2014-02-21 (02-54-45).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 228199Time elapsed: 4 minute(s), 55 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) ==========================No logs from ESET - Nothing found....================================ Link to post Share on other sites More sharing options...
taponick Posted February 21, 2014 Author ID:794654 Share Posted February 21, 2014 And here are the FRST logs - the earlier post was too long: FRST Logs:FRST.txtScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014Ran by tony (administrator) on TONY-PC on 21-02-2014 04:40:42Running from C:\Users\tony\DesktopWindows 7 Professional Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(AMD) C:\Windows\system32\atiesrxx.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(AMD) C:\Windows\system32\atieclxx.exe(Microsoft Corporation) C:\Windows\system32\CISVC.EXE(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe(Microsoft Corporation) C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Western Digital Technologies, Inc.) C:\Windows\SysWOW64\WDBtnMgr.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exeAdvanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe(Glenn Alcott Software) C:\Program Files (x86)\PowerEdit\poweredit.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe ==================== Registry (Whitelisted) ==================HKLM\...\Run: [uSCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [15872 2009-07-05] (Broadcom Corporation)HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)HKLM\...\Run: [DellControlPoint] - c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)HKLM\...\Run: [ATIModeChange] - Ati2mdxx.exeHKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)HKLM-x32\...\Run: [] - [X]HKLM-x32\...\Run: [WD Button Manager] - WDBtnMgr.exeHKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-02] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXEHKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [skyDrive] - C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-19] (Microsoft Corporation)HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/?oref=loginStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKCU - DefaultScope {C3578EC6-3778-409F-B77F-3F74E6E0E098} URL =SearchScopes: HKCU - {C3578EC6-3778-409F-B77F-3F74E6E0E098} URL =SearchScopes: HKCU - {C5B228F9-578B-4C13-AE85-1C5127775C25} URL =BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Coupon Alerts BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Alerts\FrameworkBHO64.dll No FileBHO: DeLorme Send To GPS - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dll (DeLorme)Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileToolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No FileDPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cabDPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabDPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/CallAssistant/UnProtected/Voice%20Mail/VCAVMUtil.CABDPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CABDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cabHandler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHandler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Chrome:=======CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}==================== Services (Whitelisted) =================R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [510752 2009-07-16] (Dell Inc.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S4 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()==================== Drivers (Whitelisted) ====================S1 CDRPDACC; C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys [4633 2005-03-30] (Arrowkey)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV64.sys [32240 2008-06-04] (Dell Inc)R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2011-09-19] (Realtek Semiconductor Corporation )R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 catchme; \??\C:\ComboFix\catchme.sys [X]==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2014-02-21 04:40 - 2014-02-21 04:40 - 00011915 _____ () C:\Users\tony\Desktop\FRST.txt2014-02-21 04:40 - 2014-02-21 04:40 - 00000000 ____D () C:\FRST2014-02-21 04:39 - 2014-02-21 04:39 - 02153984 _____ (Farbar) C:\Users\tony\Desktop\FRST64.exe2014-02-21 03:06 - 2014-02-21 03:06 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-21 02:51 - 2014-02-21 02:51 - 00001706 _____ () C:\Users\tony\Desktop\AdwCleaner[s1].txt2014-02-21 02:40 - 2014-02-21 02:40 - 01241834 _____ () C:\Users\tony\Desktop\AdwCleaner.exe2014-02-21 02:38 - 2014-02-21 03:01 - 00000340 _____ () C:\Users\tony\Desktop\Lewis note Fri am early.txt2014-02-21 02:33 - 2014-02-21 02:33 - 00001011 _____ () C:\Users\tony\Desktop\JRT.txt.txt2014-02-21 02:29 - 2014-02-21 02:29 - 01037734 _____ (Thisisu) C:\Users\tony\Desktop\JRT.exe2014-02-21 02:29 - 2014-02-21 02:29 - 00000000 ____D () C:\Windows\ERUNT2014-02-21 02:05 - 2014-02-21 02:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-21 02:04 - 2014-02-21 02:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-21 02:03 - 2014-02-21 02:52 - 00000000 ____D () C:\Users\tony\Desktop\MBAR2014-02-21 01:58 - 2014-02-21 01:59 - 00000000 ____D () C:\Users\tony\Desktop\Past Runs2014-02-20 22:54 - 2014-02-20 22:54 - 00030829 _____ () C:\ComboFix.txt2014-02-20 22:30 - 2014-02-20 22:54 - 00000000 ____D () C:\Qoobox2014-02-20 22:30 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe2014-02-20 22:30 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe2014-02-20 22:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2014-02-20 22:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2014-02-20 22:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2014-02-20 22:30 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe2014-02-20 22:30 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe2014-02-20 22:30 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe2014-02-20 22:29 - 2014-02-20 22:29 - 05183886 ____R (Swearware) C:\Users\tony\Desktop\ComboFix.exe2014-02-20 20:14 - 2014-02-20 22:53 - 00000000 ____D () C:\Windows\ERDNT2014-02-20 18:57 - 2014-02-20 18:57 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-19 22:11 - 2014-02-19 22:11 - 00002156 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk2014-02-19 22:11 - 2014-02-19 22:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive2014-02-18 07:56 - 2014-02-21 01:50 - 00000482 _____ () C:\Users\tony\Desktop\Malwarebytes Forum.website2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Malwarebytes2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-17 11:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-02-17 08:28 - 2014-02-17 08:30 - 00026448 _____ () C:\Windows\diagwrn.xml2014-02-17 08:28 - 2014-02-17 08:30 - 00001908 _____ () C:\Windows\diagerr.xml2014-02-17 08:24 - 2014-02-17 09:22 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Activeris2014-02-17 08:24 - 2014-02-17 08:24 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart2014-02-17 08:24 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Local\Popajar2014-02-16 18:33 - 2014-02-16 22:44 - 00000000 ____D () C:\Users\tony\Desktop\Workstation 142014-02-16 08:53 - 2014-02-16 08:58 - 00000000 ____D () C:\Windows\system32\catroot2old2014-02-15 22:17 - 2014-02-15 22:17 - 00001415 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-02-15 19:16 - 2014-02-15 22:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-15 19:16 - 2014-02-15 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-14 19:34 - 2014-02-14 19:36 - 00000000 ____D () C:\Users\tony\AppData\Local\Deployment2014-02-14 19:12 - 2014-02-21 02:47 - 00000000 ____D () C:\AdwCleaner2014-02-14 18:32 - 2014-02-20 13:02 - 00000000 ____D () C:\Users\tony\AppData\Local\CrashDumps2014-02-14 16:17 - 2014-02-14 16:27 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-14 15:48 - 2014-02-20 20:14 - 00000000 ____D () C:\Users\tony\Desktop\Trojan agent2014-02-13 23:59 - 2014-02-13 23:59 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online2014-02-13 20:07 - 2014-02-13 20:07 - 35974048 _____ () C:\Users\tony\Downloads\IE11-Windows6.1-KB2909921-x64.msu2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ____D () C:\Windows\CheckSur2014-02-13 10:33 - 2014-02-13 10:33 - 00002202 _____ () C:\Users\Public\Desktop\HP 8100.lnk2014-02-13 10:33 - 2014-02-13 10:33 - 00000000 ____D () C:\Program Files\HP2014-02-13 10:33 - 2012-11-01 13:38 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5B12.dll2014-02-13 00:00 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-13 00:00 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-12 23:58 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls2014-02-12 23:58 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls2014-02-12 23:58 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-02-12 23:58 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-02-12 23:58 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-12 23:58 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-02-12 23:58 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-12 23:58 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-02-12 23:58 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll2014-02-12 23:58 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll2014-02-12 23:58 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll2014-02-12 23:58 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll2014-02-12 23:58 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll2014-02-12 23:58 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe2014-02-12 23:58 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe2014-02-12 23:58 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe2014-02-12 23:58 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe2014-02-12 23:58 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll2014-02-12 23:58 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll2014-02-12 23:58 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll2014-02-12 23:58 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll2014-02-12 23:58 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll2014-02-12 23:58 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe2014-02-12 23:58 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe2014-02-12 23:58 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe2014-02-12 23:58 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe2014-02-12 23:58 - 2013-11-26 18:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-02-12 23:58 - 2013-11-26 17:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-02-12 23:58 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-02-12 23:58 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-02-12 21:55 - 2014-02-12 21:55 - 00001756 _____ () C:\Users\tony\Desktop\Lenox 2014 - Shortcut.lnk2014-02-06 21:16 - 2014-02-06 21:16 - 00276816 _____ () C:\Windows\Minidump\020614-77454-01.dmp2014-01-30 10:23 - 2014-01-30 10:34 - 00000000 ____D () C:\Program Files (x86)\Pegasus Imaging2014-01-30 08:34 - 2014-01-30 09:21 - 00001511 _____ () C:\Users\tony\Desktop\Media Player.lnk2014-01-29 17:26 - 2014-01-29 17:26 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe2014-01-29 17:26 - 2014-01-29 17:26 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe2014-01-29 17:25 - 2014-01-29 17:25 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-23 18:48 - 2014-01-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft IntelliPoint2014-01-23 15:39 - 2004-02-26 19:21 - 00163840 _____ (Warren Furlow) C:\Users\tony\Desktop\V41.exe2014-01-23 08:07 - 2014-01-23 17:18 - 00000000 ____D () C:\Users\tony\Desktop\ProcMon==================== One Month Modified Files and Folders =======2014-02-21 04:40 - 2014-02-21 04:40 - 00011915 _____ () C:\Users\tony\Desktop\FRST.txt2014-02-21 04:40 - 2014-02-21 04:40 - 00000000 ____D () C:\FRST2014-02-21 04:39 - 2014-02-21 04:39 - 02153984 _____ (Farbar) C:\Users\tony\Desktop\FRST64.exe2014-02-21 04:20 - 2012-04-06 07:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-02-21 04:04 - 2010-02-17 04:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-21 03:06 - 2014-02-21 03:06 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-21 03:01 - 2014-02-21 02:38 - 00000340 _____ () C:\Users\tony\Desktop\Lewis note Fri am early.txt2014-02-21 02:56 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-21 02:56 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-21 02:52 - 2014-02-21 02:03 - 00000000 ____D () C:\Users\tony\Desktop\MBAR2014-02-21 02:52 - 2009-07-14 00:10 - 01638106 _____ () C:\Windows\WindowsUpdate.log2014-02-21 02:51 - 2014-02-21 02:51 - 00001706 _____ () C:\Users\tony\Desktop\AdwCleaner[s1].txt2014-02-21 02:50 - 2013-05-17 06:50 - 00000000 ___RD () C:\Users\tony\SkyDrive2014-02-21 02:50 - 2012-12-28 06:47 - 00000000 ___RD () C:\Users\tony\Google Drive2014-02-21 02:49 - 2010-02-17 04:37 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-21 02:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-21 02:49 - 2009-07-13 23:51 - 00013491 _____ () C:\Windows\setupact.log2014-02-21 02:47 - 2014-02-14 19:12 - 00000000 ____D () C:\AdwCleaner2014-02-21 02:40 - 2014-02-21 02:40 - 01241834 _____ () C:\Users\tony\Desktop\AdwCleaner.exe2014-02-21 02:33 - 2014-02-21 02:33 - 00001011 _____ () C:\Users\tony\Desktop\JRT.txt.txt2014-02-21 02:29 - 2014-02-21 02:29 - 01037734 _____ (Thisisu) C:\Users\tony\Desktop\JRT.exe2014-02-21 02:29 - 2014-02-21 02:29 - 00000000 ____D () C:\Windows\ERUNT2014-02-21 02:24 - 2014-02-21 02:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-21 02:04 - 2014-02-21 02:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-21 01:59 - 2014-02-21 01:58 - 00000000 ____D () C:\Users\tony\Desktop\Past Runs2014-02-21 01:50 - 2014-02-18 07:56 - 00000482 _____ () C:\Users\tony\Desktop\Malwarebytes Forum.website2014-02-21 00:28 - 2012-09-13 07:10 - 00000477 _____ () C:\Users\tony\Desktop\Gmail.website2014-02-20 22:54 - 2014-02-20 22:54 - 00030829 _____ () C:\ComboFix.txt2014-02-20 22:54 - 2014-02-20 22:30 - 00000000 ____D () C:\Qoobox2014-02-20 22:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default2014-02-20 22:53 - 2014-02-20 20:14 - 00000000 ____D () C:\Windows\ERDNT2014-02-20 22:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-02-20 22:47 - 2010-02-10 12:39 - 00534364 _____ () C:\Windows\PFRO.log2014-02-20 22:46 - 2009-07-13 21:34 - 26476544 _____ () C:\Windows\system32\config\SYSTEM.bak2014-02-20 22:46 - 2009-07-13 21:34 - 100139008 _____ () C:\Windows\system32\config\SOFTWARE.bak2014-02-20 22:46 - 2009-07-13 21:34 - 02621440 _____ () C:\Windows\system32\config\DEFAULT.bak2014-02-20 22:46 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak2014-02-20 22:46 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak2014-02-20 22:29 - 2014-02-20 22:29 - 05183886 ____R (Swearware) C:\Users\tony\Desktop\ComboFix.exe2014-02-20 20:22 - 2010-02-16 17:32 - 00000000 ____D () C:\V412014-02-20 20:20 - 2012-04-06 07:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-02-20 20:20 - 2012-04-06 07:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-02-20 20:20 - 2011-06-09 16:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-02-20 20:14 - 2014-02-14 15:48 - 00000000 ____D () C:\Users\tony\Desktop\Trojan agent2014-02-20 18:57 - 2014-02-20 18:57 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-20 18:35 - 2010-02-16 12:10 - 00000000 ____D () C:\Users\tony\Desktop\CnvrtXL2014-02-20 13:02 - 2014-02-14 18:32 - 00000000 ____D () C:\Users\tony\AppData\Local\CrashDumps2014-02-19 22:58 - 2013-12-07 10:56 - 00000633 _____ () C:\Users\tony\Desktop\Windows Mobile Products - Mobile Devices - Dell Community.website2014-02-19 22:52 - 2013-10-31 15:27 - 00000555 _____ () C:\Users\tony\Desktop\Venue 8 Pro Owner's Lounge - Page 196 last read.website2014-02-19 22:11 - 2014-02-19 22:11 - 00002156 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk2014-02-19 22:11 - 2014-02-19 22:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive2014-02-19 11:27 - 2013-01-14 07:54 - 00000369 _____ () C:\Users\tony\Desktop\Untitled.txt2014-02-19 00:07 - 2010-02-17 03:05 - 02155008 _____ () C:\Users\tony\Desktop\Chase.xls2014-02-18 20:54 - 2010-02-18 09:48 - 00000000 ____D () C:\Users\Public\Documents\Local Win 7 Public Shared2014-02-17 22:29 - 2010-02-28 11:08 - 00007635 _____ () C:\Users\tony\AppData\Local\Resmon.ResmonCfg2014-02-17 20:50 - 2011-02-23 16:41 - 00000000 ____D () C:\ProgramData\McAfee2014-02-17 17:44 - 2010-10-03 06:05 - 00000000 ____D () C:\Users\tony\Desktop\Manuals and Guides2014-02-17 17:22 - 2009-07-14 00:13 - 00858164 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-17 16:54 - 2010-02-16 09:25 - 00000000 ____D () C:\Users\tony\AppData\Local\VirtualStore2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Malwarebytes2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-17 09:22 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Activeris2014-02-17 08:30 - 2014-02-17 08:28 - 00026448 _____ () C:\Windows\diagwrn.xml2014-02-17 08:30 - 2014-02-17 08:28 - 00001908 _____ () C:\Windows\diagerr.xml2014-02-17 08:28 - 2009-07-13 23:51 - 00000000 _____ () C:\Windows\setuperr.log2014-02-17 08:24 - 2014-02-17 08:24 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart2014-02-17 08:24 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Local\Popajar2014-02-16 22:44 - 2014-02-16 18:33 - 00000000 ____D () C:\Users\tony\Desktop\Workstation 142014-02-16 09:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-02-16 08:58 - 2014-02-16 08:53 - 00000000 ____D () C:\Windows\system32\catroot2old2014-02-15 22:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-02-15 22:17 - 2014-02-15 22:17 - 00001415 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2014-02-15 22:17 - 2014-02-15 19:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-02-15 22:15 - 2014-02-15 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-02-15 18:59 - 2010-02-17 04:37 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-02-15 18:59 - 2010-02-17 04:37 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-02-15 13:52 - 2012-05-22 06:44 - 00000495 _____ () C:\Users\tony\Desktop\People Search Zaba.website2014-02-14 19:36 - 2014-02-14 19:34 - 00000000 ____D () C:\Users\tony\AppData\Local\Deployment2014-02-14 19:34 - 2010-02-16 16:39 - 00000000 ____D () C:\Users\tony\AppData\Local\Apps\2.02014-02-14 16:27 - 2014-02-14 16:17 - 00000000 ____D () C:\ProgramData\HitmanPro2014-02-13 23:59 - 2014-02-13 23:59 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online2014-02-13 23:59 - 2013-02-20 11:25 - 00002137 _____ () C:\Users\tony\Desktop\CGoban 3.lnk2014-02-13 22:39 - 2013-11-14 12:47 - 00009798 _____ () C:\Windows\IE11_main.log2014-02-13 20:52 - 2013-12-01 17:52 - 00000000 ____D () C:\Users\tony\AppData\Roaming\HpUpdate2014-02-13 20:41 - 2013-05-17 06:56 - 00000000 ____D () C:\Users\tony\Tracing2014-02-13 20:39 - 2013-03-30 11:33 - 00000000 ____D () C:\Windows\pss2014-02-13 20:07 - 2014-02-13 20:07 - 35974048 _____ () C:\Users\tony\Downloads\IE11-Windows6.1-KB2909921-x64.msu2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ____D () C:\Windows\CheckSur2014-02-13 17:36 - 2010-02-16 13:03 - 00000000 ____D () C:\ZZxfer2014-02-13 14:10 - 2013-09-15 10:38 - 00000000 ____D () C:\ProgramData\Oracle2014-02-13 13:22 - 2013-01-18 11:28 - 00000420 _____ () C:\Users\tony\Desktop\Pandanet.website2014-02-13 13:12 - 2013-02-20 09:49 - 00000414 _____ () C:\Users\tony\Desktop\Verizon Phone.website2014-02-13 12:50 - 2010-02-18 11:29 - 01286656 ___SH () C:\Users\tony\Desktop\Thumbs.db2014-02-13 10:54 - 2013-12-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2014-02-13 10:33 - 2014-02-13 10:33 - 00002202 _____ () C:\Users\Public\Desktop\HP 8100.lnk2014-02-13 10:33 - 2014-02-13 10:33 - 00000000 ____D () C:\Program Files\HP2014-02-13 10:33 - 2010-02-17 22:42 - 00000000 ____D () C:\Program Files (x86)\HP2014-02-13 10:33 - 2010-02-17 22:39 - 00000000 ____D () C:\ProgramData\HP2014-02-13 10:23 - 2014-01-02 15:01 - 00000000 ____D () C:\Users\tony\Desktop\Doug Mills2014-02-13 00:11 - 2013-07-13 06:22 - 00000000 ____D () C:\Windows\system32\MRT2014-02-13 00:06 - 2010-02-16 22:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-02-13 00:02 - 2010-02-10 11:10 - 00850286 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-02-12 21:55 - 2014-02-12 21:55 - 00001756 _____ () C:\Users\tony\Desktop\Lenox 2014 - Shortcut.lnk2014-02-06 21:16 - 2014-02-06 21:16 - 00276816 _____ () C:\Windows\Minidump\020614-77454-01.dmp2014-02-06 21:16 - 2011-12-18 22:58 - 614582642 _____ () C:\Windows\MEMORY.DMP2014-02-06 21:16 - 2010-02-16 10:44 - 00000000 ____D () C:\Windows\Minidump2014-02-02 07:53 - 2010-02-17 18:51 - 00000000 ____D () C:\Users\tony\Desktop\ML Statements2014-01-30 20:01 - 2013-09-05 18:27 - 00000536 _____ () C:\Users\tony\Desktop\Yahoo! Mail.website2014-01-30 10:34 - 2014-01-30 10:23 - 00000000 ____D () C:\Program Files (x86)\Pegasus Imaging2014-01-30 10:34 - 2010-02-10 10:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-01-30 10:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help2014-01-30 10:19 - 2010-02-10 10:52 - 00000000 ____D () C:\Windows\Downloaded Installations2014-01-30 09:37 - 2013-05-13 08:11 - 00010752 _____ () C:\Users\tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini2014-01-30 09:21 - 2014-01-30 08:34 - 00001511 _____ () C:\Users\tony\Desktop\Media Player.lnk2014-01-29 17:26 - 2014-01-29 17:26 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe2014-01-29 17:26 - 2014-01-29 17:26 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe2014-01-29 17:26 - 2013-12-19 18:42 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe2014-01-29 17:26 - 2013-12-19 18:42 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe2014-01-29 17:26 - 2013-12-19 18:42 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe2014-01-29 17:25 - 2014-01-29 17:25 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center2014-01-29 16:56 - 2009-07-13 23:45 - 05143248 _____ () C:\Windows\system32\FNTCACHE.DAT2014-01-25 18:09 - 2010-02-17 10:54 - 00000000 ____D () C:\Users\tony\Desktop\Drawings2014-01-23 21:06 - 2014-01-23 18:48 - 00000000 ____D () C:\Program Files\Microsoft IntelliPoint2014-01-23 18:51 - 2010-02-16 09:26 - 00117560 _____ () C:\Users\tony\AppData\Local\GDIPFONTCACHEV1.DAT2014-01-23 17:22 - 2012-01-17 16:12 - 00000000 ____D () C:\Users\tony\Documents\My Games2014-01-23 17:21 - 2011-03-30 17:45 - 00000000 ____D () C:\Program Files (x86)\Ubisoft2014-01-23 17:18 - 2014-01-23 08:07 - 00000000 ____D () C:\Users\tony\Desktop\ProcMonSome content of TEMP:====================C:\Users\tony\AppData\Local\Temp\Quarantine.exe==================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitLastRegBack: 2014-02-18 09:56==================== End Of Log ============================ Addition.txt: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014Ran by tony at 2014-02-21 04:41:12Running from C:\Users\tony\DesktopBoot Mode: Normal============================================================================== Security Center ========================AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32 Version: - Microsoft)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAccuBurn-R 1.3 (x32 Version: 1.3 - InfinaDyne)Adobe Acrobat 9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) HiddenAdobe Acrobat 9.5.5 - CPSID_83708 (x32 Version: - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) HiddenAdobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) HiddenAdobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) HiddenAdobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated)Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) HiddenAdobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) HiddenAdobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) HiddenAdobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS3 (x32 Version: 10.0 - Adobe Systems Incorporated)Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated)Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) HiddenAdobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) HiddenAdobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) HiddenAdobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) HiddenAdobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAdobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenAmazon Kindle (HKCU Version: - Amazon)AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) HiddenApple Application Support (x32 Version: 2.3.4 - Apple Inc.)Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)ATI Catalyst Install Manager (Version: 3.0.825.0 - ATI Technologies, Inc.)Bing Bar (x32 Version: 7.0.850.0 - Microsoft Corporation)BioAPI Framework (Version: 1.0.1 - Dell Inc.) HiddenBroadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02 - Broadcom Corporation)Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation)Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hiddencalibre (x32 Version: 0.9.27 - Kovid Goyal)Cartes du Ciel (x32 Version: - )Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center (x32 Version: 2011.0602.1130.18753 - ATI) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2011.0602.1130.18753 - ATI) HiddenCatalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2011.0602.1130.18753 - ATI Technologies, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2011.0602.1130.18753 - ATI) HiddenCatalyst Control Center Profiles Desktop (x32 Version: 2011.0602.1130.18753 - ATI) HiddenCCC Help Chinese Standard (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Chinese Traditional (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Czech (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Danish (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Dutch (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help English (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Finnish (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help French (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help German (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Greek (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Hungarian (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Italian (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Japanese (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Korean (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Norwegian (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Polish (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Portuguese (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Russian (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Spanish (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Swedish (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Thai (x32 Version: 2011.0602.1129.18753 - ATI) HiddenCCC Help Turkish (x32 Version: 2011.0602.1129.18753 - ATI) Hiddenccc-utility64 (Version: 2011.0602.1130.18753 - ATI) HiddenCD/DVD Diagnostic 3.1 (HKCU Version: 3.1 - InfinaDyne)CONTACT ORGANIZER DELUXE (S) (x32 Version: 2.7 - PRIMASOFT PC, INC.)Crayon Physics Deluxe - release 53 (x32 Version: - Kloonigames)Creative Audio Control Panel (x32 Version: 3.00 - Creative Technology Limited)Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)Creative Sound Blaster Properties x64 Edition (x32 Version: 1.02 - Creative Technology Limited)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDCP64MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) HiddenDell Control Point 64 (Version: 1.6.326.57 - Broadcom Corporation) HiddenDell ControlPoint Security Manager (x32 Version: 1.6.326.57 - Dell Inc.)Dell ControlPoint System Manager (Version: 1.3.00000 - Dell Inc.)Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)Dell Embassy Trust Suite by Wave Systems (Version: 02.04.00.031 - Wave Systems Corp) HiddenDell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)Dell Security Device Driver Pack (x32 Version: 1.3.039 - Dell Inc.)DeLorme Send To GPS 1.2 (x32 Version: - DeLorme Publishing)DeLorme Send To GPS 1.5 (Version: 1.5 - DeLorme Publishing)DeLorme Topo USA 8.0 (x32 Version: 8.091.30874 - DeLorme Publishing)Desktop Icon Position Saver (64-bit) (x32 Version: - )Dolby Digital Live Pack (x32 Version: 3.00 - Creative Technology Limited)Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) HiddenEMBASSY Security Center Lite (Version: 03.10.00.038 - Wave Systems Corp) HiddenEMBASSY Security Center Lite (x32 Version: - ) HiddenEMBASSY Security Setup (Version: 03.10.00.041 - Wave Systems Corp) HiddenEMBASSY Security Setup (x32 Version: - ) HiddenERUNT 1.1j (x32 Version: - Lars Hederer)ESC Home Page Plugin (Version: 03.05.00.016 - Wave Systems Corp) HiddenESC Home Page Plugin (x32 Version: - ) HiddenGemalto (Version: 01.64.00.0010 - Wave Systems Corp) HiddenGoldWave v5.13 (x32 Version: - )Google Drive (x32 Version: 1.14.6059.644 - Google, Inc.)Google Earth (x32 Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenHP Officejet Pro 8100 Basic Device Software (Version: 28.0.1321.0 - Hewlett-Packard Co.)HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)IcoFX 1.6.3 (x32 Version: - )Intel® Matrix Storage Manager (Version: - Intel Corporation)Ipswitch WS_FTP Professional 2007 (x32 Version: 11.00.002 - Ipswitch)Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)Mathcad 14.0 M020 (x32 Version: 14.0.2.0 - PTC)Mathcad 14.0 M020 Help (x32 Version: 14.0.2.0 - PTC)Mathcad 14.0 M020 Resource Center (x32 Version: 14.0.2.0 - PTC)MeshLab 1.3.2 (x32 Version: 1.3.2 - Paolo Cignoni, Guido Ranzuglia VCG - ISTI - CNR)MeshLab_64b 1.3.2 (Version: 1.3.2 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)MFCLOC (x32 Version: 1.00.0000 - Dell Inc.) HiddenMicrosoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) HiddenMicrosoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) HiddenMicrosoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0 - Microsoft Corporation)Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft OneDrive (HKCU Version: 17.0.4029.0217 - Microsoft Corporation)Microsoft Project 2000 SR-1 (x32 Version: 9.00.4527 - Microsoft Corporation)Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)Microsoft SQL Server 2005 (x32 Version: - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) HiddenMicrosoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) HiddenMicrosoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) HiddenMicrosoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) HiddenMicrosoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) HiddenMovie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenMSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) HiddenMSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) HiddenMSVC90_x64 (Version: 1.0.1.2 - Nokia) HiddenMSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) HiddenMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) HiddenMSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)neroxml (x32 Version: 1.0.0 - Nero AG) HiddenNokia Connectivity Cable Driver (x32 Version: 7.1.101.0 - Nokia)Nokia Suite (x32 Version: 3.7.22.0 - Nokia)Nokia Suite (x32 Version: 3.7.22.0 - Nokia) HiddenNTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) HiddenNVIDIA PhysX (x32 Version: 9.09.0814 - NVIDIA Corporation)OpenAL (x32 Version: - )OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)Opti Drive Control 1.00 (x32 Version: - Erik Deppe)PANDA-glGo (x32 Version: 1.4 - PANDANET Inc.)PC Connectivity Solution (x32 Version: 12.0.76.0 - Nokia)PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) HiddenPEVSoft AssetX (x32 Version: - )PEVSoft AttachmentMaker (x32 Version: - )PEVSoft Images2TGA (x32 Version: 1.13 - PEVSoft)PEVSoft Trainz Mesh Viewer 2 (x32 Version: - )Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenPokeScope Pro 2.6 (x32 Version: - )Power Edit 1.1 (x32 Version: - )PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) HiddenPreboot Manager (Version: 02.10.00.031 - Wave Systems Corp.) HiddenQuickTime (x32 Version: 7.74.80.86 - Apple Inc.)Rapport (Version: 3.5.1201.94 - Trusteer) HiddenRockstar Games Social Club (x32 Version: 1.0.6.1 - Rockstar Games)Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Copy (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Data (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator DE 10.3 (x32 Version: 10.3 - Roxio)Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) HiddenRoxio Creator Tools (x32 Version: 3.7.0 - Roxio) HiddenRoxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) HiddenRoxio Update Manager (x32 Version: 6.0.0 - Roxio) HiddenSimLab 3D PDF Exporter 2.3 From Google SketchUp (x32 Version: 2.3 - SimLab Soft)Simple Sudoku 4.1 (x32 Version: - )SketchUp Pro 8 (x32 Version: 3.0.16846 - Trimble Navigation Limited)SO64MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) HiddenSound Blaster X-Fi (x32 Version: 1.0 - )Spectrogram (x32 Version: 14.0 - Visualization Software LLC)SU Podium V2 1.0 (x32 Version: - Cadalog Inc.)Trainz 'Blue Comet' Addon Pack (x32 Version: - Auran)Trainz 'Duchess' Addon Pack (x32 Version: - Auran)Trainz Simulator 12 (x32 Version: - Auran)Trusted Drive Manager (Version: 3.1.0.116 - Wave Systems Corp.) HiddenUbisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)UPEK TouchChip Fingerprint Reader (Version: 1.1.0 - Dell Inc.) HiddenV41 (x32 Version: - )Wave Infrastructure Installer (Version: 07.64.19.0000 - Wave Systems Corp) HiddenWave Support Software (Version: 05.11.00.023 - Wave Systems Corp) HiddenWave Support Software (x32 Version: - ) HiddenWebEx (HKCU Version: - Cisco WebEx LLC)Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live OneCare safety scanner (x32 Version: - Microsoft Corporation)Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) HiddenWinZip 14.5 (x32 Version: 14.5.9095 - WinZip Computing, S.L. )Yahoo! Detect (x32 Version: - )==================== Restore Points =========================16-02-2014 03:51:08 Windows Modules Installer16-02-2014 05:14:07 Windows Update16-02-2014 13:59:19 Windows Update20-02-2014 02:44:23 Windows Update21-02-2014 06:20:29 Removed Java 7 Update 51==================== Hosts content: ==========================2009-07-13 21:34 - 2014-02-20 22:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: {039D92A6-4B83-4861-A905-8D7494079C50} - System32\Tasks\{F74AD95A-EF11-44EB-9AA7-FF2E071B97AE} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXETask: {29143838-83A5-44EE-B728-D0815F003B67} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {378A022B-DC01-4AE6-BC1D-3C71F66E99BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTIONTask: {652D3767-7C0C-4063-AA18-B40EDF88B045} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)Task: {6B771B07-9087-4006-80E5-EA20BF1982C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)Task: {7C089F71-8D71-4992-992E-7E699FA7A150} - System32\Tasks\{0D71117A-04B8-47A3-8410-96AC429EB3C6} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXETask: {80642D28-6E58-4697-83D3-BAA88A15E0BB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: {8A5FABFD-F7A4-4D89-95A1-D830E885666C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {99AD247B-3141-4B91-AA37-318EE8CAA19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)Task: {C325D537-6AD5-4953-8F0F-8F1739893C45} - System32\Tasks\{3F25A4E3-0A56-4C30-8F5D-B8649DD4FD80} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXETask: {F8AEC764-A6C2-4A92-A532-321F94BD3903} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {FA8CDD13-3CB9-4CBC-AB15-5D61E3193C20} - System32\Tasks\{1B3F4A40-D0AC-4B44-981B-21F61FEF0819} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXETask: {FC2D0B7E-3FD0-49CD-BFCB-BFFC327FF2C7} - System32\Tasks\AdobeAAMUpdater-1.0-tony-PC-tony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2009-06-03 13:13 - 2009-06-03 13:13 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll2008-11-12 14:24 - 2008-11-12 14:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll2011-06-02 10:28 - 2011-06-02 10:28 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll2014-02-21 02:49 - 2014-02-21 02:49 - 00098816 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32api.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00110080 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pywintypes27.dll2014-02-21 02:49 - 2014-02-21 02:49 - 00364544 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pythoncom27.dll2014-02-21 02:49 - 2014-02-21 02:49 - 00044032 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_socket.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 01157120 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_ssl.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00320512 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32com.shell.shell.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00712192 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_hashlib.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 01175040 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._core_.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00805888 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._gdi_.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00811008 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._windows_.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 01062400 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._controls_.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00735232 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._misc_.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00128512 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_elementtree.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00127488 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pyexpat.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00557056 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pysqlite2._sqlite.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00087040 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_ctypes.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00119808 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32file.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00108544 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32security.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00018432 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32event.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00038912 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32inet.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00122368 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._wizard.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00070656 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._html2.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00026624 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_multiprocessing.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00010240 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\select.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00024064 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32pipe.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00686080 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\unicodedata.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00025600 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32pdh.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00525640 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\windows._lib_cacheinvalidation.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00011264 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32crypt.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00035840 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32process.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00017408 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32profile.pyd2014-02-21 02:49 - 2014-02-21 02:49 - 00022528 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32ts.pyd2010-02-10 10:50 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL2010-02-10 10:50 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL2013-02-05 21:57 - 2013-02-05 21:57 - 00269824 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""==================== Disabled items from MSCONFIG ==============MSCONFIG\Services: BBSvc => 2MSCONFIG\Services: BBUpdate => 2MSCONFIG\Services: BcmSqlStartupSvc => 2MSCONFIG\Services: Bonjour Service => 2MSCONFIG\Services: dcpsysmgrsvc => 2MSCONFIG\Services: SecureStorageService => 3MSCONFIG\Services: stllssvr => 3MSCONFIG\Services: tcsd_win32.exe => 2MSCONFIG\Services: TdmService => 2MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================System errors:=============Error: (02/21/2014 02:49:39 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load:CDRPDACCError: (02/21/2014 02:49:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)Description: WLAN Extensibility Module has failed to start.Module Path: C:\Windows\system32\Rtlihvs.dllError Code: 126Error: (02/21/2014 02:49:11 AM) (Source: Application Popup) (User: )Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error: (02/21/2014 02:47:49 AM) (Source: DCOM) (User: )Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}Microsoft Office Sessions:=========================Error: (10/18/2010 06:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128 seconds with 120 seconds of active time. This session ended with a crash.CodeIntegrity Errors:=================================== Date: 2014-02-21 02:49:11.861 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-21 02:49:11.690 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 23:07:47.546 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 23:07:47.390 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:47:39.593 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:47:39.437 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:38:16.503 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-20 22:38:16.353 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 20:50:10.311 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-02-17 20:50:10.155 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.==================== Memory info ===========================Percentage of memory in use: 48%Total physical RAM: 4093.55 MBAvailable physical RAM: 2091.77 MBTotal Pagefile: 8185.29 MBAvailable Pagefile: 6161.73 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB==================== Drives ================================Drive c: (OS) (Fixed) (Total:930.7 GB) (Free:754.74 GB) NTFSDrive d: (Hom Bak 08) (CDROM) (Total:2.91 GB) (Free:0 GB) CDFSDrive i: (ICRUZER) (Removable) (Total:3.73 GB) (Free:1.91 GB) FAT32==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F8000000)Partition: GPT Partition Type.========================================================Disk: 1 (Size: 4 GB) (Disk ID: 00000000)Partition: GPT Partition Type.==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 22, 2014 Root Admin ID:794960 Share Posted February 22, 2014 Please click on the "More Reply Options" button and attach the FRST logs. Then let's do another MBAM CLEAN and reinstall now. MBAM Clean Removal Process Link to post Share on other sites More sharing options...
taponick Posted February 22, 2014 Author ID:794971 Share Posted February 22, 2014 Hi Ron! Here are the FRST logs. Will run MBAM cleaner, reinstall MBAB, update, run and post log.FRST.txtAddition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 22, 2014 Root Admin ID:794982 Share Posted February 22, 2014 Please download the attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version.fixlist.txt Link to post Share on other sites More sharing options...
taponick Posted February 22, 2014 Author ID:794993 Share Posted February 22, 2014 OK - cleaned and installed MBAM, running in the system tray. Quck scan found nothing, log appended. Will run the fixlist.txt script and report back Clean MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.02.21.12Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476tony :: TONY-PC [administrator]Protection: Enabled2/21/2014 9:05:33 PMmbam-log-2014-02-21 (21-05-33).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 229746Time elapsed: 5 minute(s), 26 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
taponick Posted February 22, 2014 Author ID:794996 Share Posted February 22, 2014 OK! Ran FRST64 and it updated itself, pushed the fix button, and it made the appended log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2014Ran by tony at 2014-02-21 21:18:31 Run:1Running from C:\Users\tony\Desktop\FRST 64 for FridayBoot Mode: Normal==============================================Content of fixlist:*****************Task: {3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTIONHKLM-x32\...\Run: [] - [X]C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart*****************HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} => Key deleted successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} => Key deleted successfully.C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully."C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart" => File/Directory not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 22, 2014 Root Admin ID:795013 Share Posted February 22, 2014 Please run a NEW Quick Scan and ATTACH the log please. Do not copy paste it. Thanks Link to post Share on other sites More sharing options...
taponick Posted February 22, 2014 Author ID:795016 Share Posted February 22, 2014 I just saw something: My txt file association is with PowerEdit, an old editor I've been using since the 90's. If you open an MBAM logfile with Notepad, sure it's in Unicode, but Notepad can handle it and doesn't show the dots. I'm gonna change the association to notepad, and I bet the dots go away when you read the file from within MBAM. That fixed the dots! (I attach the untouched logfile). Kind of embarrassing - I should have though of that.... I still have the more important problem of not being able to update or delete IE11 - which is the problem that drove me here in the first place, and I thought the Unicode dots might be a symptomatic clue. Looks like your FRST fixit was aimed at that?mbam-log-2014-02-21 (22-04-41).txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 22, 2014 Root Admin ID:795032 Share Posted February 22, 2014 No problem. Let me have you reset all your browsers to make sure that is not causing you any issues for IE11Do you just want to uninstall IE11 or you want to clean it up some so that it works better? Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.Internet ExplorerHow to reset Internet Explorer settingsFirefoxClick on Help / Troubleshooting Information then click on the Reset Firefox button.ChromeChrome - Reset browser settingsOperaHow to Perform a (really) clean Reinstall of Opera Link to post Share on other sites More sharing options...
taponick Posted February 22, 2014 Author ID:795122 Share Posted February 22, 2014 I only use IE 11. I want to continue using it, but I need to keep it updated and it won't update. The updates download and do the pre-boot install ok, then after the reboot windows update just reverts the changes with error 80073AA2 and 8007005. 8007005 results when the process lacks 'sufficient permission', a situation that 'can be caused by a virus' (says Microsoft). If I try to do an uninstall / reinstall to try to get it to update, it won't uninstall and I can't get it to update that way either. I never tried a reset - frankly, I didn't know that button was there. I haven't tried an update since we reset IE11 after the comboFix run last Thursday night because I'm trying not to change much without telling you. This reset might be all that is needed. I use Google a lot (calendar, news, books, etc.) but I don't use Chrome on this machine and it's not on the 'remove programs and features' list. I see from the various clean logs that there are (were?) little traces of Chrome scattered around the system. But these have probably been there for a while and haven't interfered with IE update. IE 11 updated just fine on 11 December. The Cumulative update on 13 February is what failed. All other updates work fine, including minor security updates to IE 11. This may be a Windows issue and perhaps should not be thought of as a virus / malware problem now that the MBAM Unicode dots symptom has evaporated. I need to use this machine over the weekend, so I'll reset the browser when I know you're in and we can do the next step. If I reset it now, I'll wind up changing everything back as I use it, and I'll just have to reset it again before we start work on it. So ping me when you're back and I'll leap into action - have a weekend! Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 23, 2014 Root Admin ID:795383 Share Posted February 23, 2014 There should not be any issue doing a Reset for IE - I do it quite often with no issues. For uninstalling IE11 you need to go into Control Panel, Add/Remove Uninstall a Program and click on the "View installed updates" to see IE11 where you should be able to uninstall it and drop back to IE10 if you wanted to. Link to post Share on other sites More sharing options...
taponick Posted February 23, 2014 Author ID:795502 Share Posted February 23, 2014 Ron - Reset IE11, did not check 'reset personal settings', much easier restart. Tried to uninstall IE 11, system rebooted, then reverted changes just as before. Disabled MBAM and Defender, tried to uninstall IE 11 again, same response, unsuccessful. Windows Update log indicates error 800F0902 and 240001. Checked CBS log around the same timestamp and it showed "Cannot perform concurrent read while CSI transaction is on the way" and gave error "800F0902 CBS_E_BUSY" So: I can't uninstall IE 11, as before. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 24, 2014 Root Admin ID:795672 Share Posted February 24, 2014 You can try the following and see if that corrects the issue.How to Repair Windows 7 System Files with System File Checker If not then you might need to post on the Microsoft support site about the IE11 issue. Link to post Share on other sites More sharing options...
Recommended Posts