Jump to content

MBAM writes logfiles in unicode


Recommended Posts

I posted earlier in 'General PC Help' and got redirected here...

 

Has anyone ever figured out why in rare instances MBAM writes its log files in Unicode character mapping??  I saw a couple of old posts along these lines, but no resolution.  My log files are all in Unicode one attached, and are shown correctly in Word using Unicode mapping.

 

I think I have a very hard to find issue with my machine, and this may be one of the symptoms.  On the other hand, it might just be a wrong setting. (My region is US and language is English, nothing else outputs Unicode, just MBAM).

 

Did a full scan with MBAM, McAfee, Kaspersky TDSS killer, Rogue Killer and Hittman Pro, found nothing.  But I cannot update IE 11 or remove it - all other updates work fine.

 

And I have this Unicode log file quirk in MBAM.

 

Sooner or later I'm gonna pull the plug and restore in place.  But I'd really like to know what happened.

 

I attach:

 

1. A logfile from MBAM

 

2. The DDS logfiles

 

===============================================================

MBAM logfile:

 

ÿþM.a.l.w.a.r.e.b.y.t.e.s. .A.n.t.i.-.M.a.l.w.a.r.e. .(.P.R.O.). .1...7.5...0...
1.3.0.0.....w.w.w...m.a.l.w.a.r.e.b.y.t.e.s...o.r.g.........D.a.t.a.b.a.s.e. .v.
e.r.s.i.o.n.:. .v.2.0.1.4...0.2...1.7...0.5.........W.i.n.d.o.w.s. .7. .S.e.r.v.
i.c.e. .P.a.c.k. .1. .x.6.4. .N.T.F.S.....I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r. .1.
1...0...9.6.0.0...1.6.4.7.6.....t.o.n.y. .:.:. .T.O.N.Y.-.P.C. .[.a.d.m.i.n.i.s.
t.r.a.t.o.r.].........P.r.o.t.e.c.t.i.o.n.:. .D.i.s.a.b.l.e.d.........2./.1.7./.
2.0.1.4. .1.2.:.5.6.:.4.1. .P.M.....m.b.a.m.-.l.o.g.-.2.0.1.4.-.0.2.-.1.7. .(.1.
2.-.5.6.-.4.1.)...t.x.t.........S.c.a.n. .t.y.p.e.:. .F.l.a.s.h. .s.c.a.n.....S.
c.a.n. .o.p.t.i.o.n.s. .e.n.a.b.l.e.d.:. .M.e.m.o.r.y. .|. .S.t.a.r.t.u.p. .|. .
H.e.u.r.i.s.t.i.c.s./.E.x.t.r.a. .|. .H.e.u.r.i.s.t.i.c.s./.S.h.u.r.i.k.e.n. .|.
 .P.U.P. .|. .P.U.M.....S.c.a.n. .o.p.t.i.o.n.s. .d.i.s.a.b.l.e.d.:. .R.e.g.i.s.
t.r.y. .|. .F.i.l.e. .S.y.s.t.e.m. .|. .P.2.P.....O.b.j.e.c.t.s. .s.c.a.n.n.e.d.
:. .1.8.3.0.3.3.....T.i.m.e. .e.l.a.p.s.e.d.:. .1.9. .s.e.c.o.n.d.(.s.).........
M.e.m.o.r.y. .P.r.o.c.e.s.s.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.
o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........M.e.m.o.r.y. .M.o.d.u.l.e.s. .D.e.
t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).
........R.e.g.i.s.t.r.y. .K.e.y.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.
i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........R.e.g.i.s.t.r.y. .V.a.l.u.e.s. .
D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.
d.).........R.e.g.i.s.t.r.y. .D.a.t.a. .I.t.e.m.s. .D.e.t.e.c.t.e.d.:. .0.....(.
N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.d.).........F.o.l.d.e.r.s. .
D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.t.e.m.s. .d.e.t.e.c.t.e.
d.).........F.i.l.e.s. .D.e.t.e.c.t.e.d.:. .0.....(.N.o. .m.a.l.i.c.i.o.u.s. .i.
t.e.m.s. .d.e.t.e.c.t.e.d.).........(.e.n.d.).....

 

DDS.txt:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by tony at 8:08:27 on 2014-02-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4094.2317 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\CISVC.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\SysWOW64\WDBtnMgr.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files (x86)\DeLorme\SendToGPS\PNPluginForIE.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [skyDrive] "C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
uRun: [LiveSupport] "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
mRun: [NWEReboot] <no file>
dRun: [CtxfiReg] CTXFIREG.exe /FAIL1
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}




TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3AD0892A-9880-4828-B5C6-45EDAE67AA99} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C0903298-A45B-4C00-9C9E-ABF3F18F0906}\7384249423 : DHCPNameServer = 192.168.1.1 71.243.0.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
LSA: Authentication Packages =  msv1_0 wvauth
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Coupon Alerts BHO: {F791D8AE-47E8-40A5-A913-EB2D2AF29602} -
x64-BHO: DeLorme Send To GPS: {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dll
x64-Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
x64-Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [DellControlPoint] "c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
x64-Run: [ATIModeChange] Ati2mdxx.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-2-10 56336]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-10 203776]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-17 418376]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2010-7-7 1612888]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-17 25928]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtwlanu.sys [2011-9-19 1047144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-17 701512]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-2-10 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-2-10 79360]
S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2010-7-7 230488]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2010-7-7 1445976]
S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2010-7-7 95320]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-5-17 57840]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2013-2-5 1512448]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-11-14 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-23 1255736]
S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S4 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S4 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-7-16 510752]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\poweredit.exe="C:\Program Files (x86)\PowerEdit\poweredit.exe" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-02-17 16:09:37 -------- d-----w- C:\Users\tony\AppData\Roaming\Malwarebytes
2014-02-17 16:09:18 -------- d-----w- C:\ProgramData\Malwarebytes
2014-02-17 16:09:17 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-17 16:09:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 13:24:45 -------- d-----w- C:\Users\tony\AppData\Roaming\Activeris
2014-02-17 13:24:24 -------- d-----w- C:\Program Files (x86)\Bench
2014-02-17 13:24:18 -------- d-----w- C:\Users\tony\AppData\Local\Popajar
2014-02-17 13:24:05 -------- d-----w- C:\Users\tony\AppData\Local\SearchProtect
2014-02-16 13:53:01 -------- d-----w- C:\Windows\System32\catroot2old
2014-02-16 00:16:33 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-02-16 00:16:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\ParetoLogic
2014-02-15 00:36:36 -------- d-----w- C:\Users\tony\AppData\Roaming\DriverCure
2014-02-15 00:36:31 -------- d-----w- C:\ProgramData\ParetoLogic
2014-02-15 00:34:40 -------- d-----w- C:\Users\tony\AppData\Local\Deployment
2014-02-15 00:12:29 -------- d-----w- C:\AdwCleaner
2014-02-14 23:32:45 -------- d-----w- C:\Users\tony\AppData\Local\CrashDumps
2014-02-14 21:17:21 -------- d-----w- C:\ProgramData\HitmanPro
2014-02-14 14:24:10 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D41BCBF7-1D7D-4440-AB13-CCF5F377FC44}\mpengine.dll
2014-02-14 00:14:26 -------- d-----w- C:\Windows\CheckSur
2014-02-13 19:10:06 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-13 15:33:50 741480 ------w- C:\Windows\System32\HPDiscoPM5B12.dll
2014-02-13 15:33:38 -------- d-----w- C:\Program Files\HP
2014-02-13 05:00:43 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-13 05:00:43 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-01-30 15:23:31 -------- d-----w- C:\Program Files (x86)\Pegasus Imaging
2014-01-30 15:14:49 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2014-01-29 22:25:11 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-23 23:48:30 -------- d-----w- C:\Program Files\Microsoft IntelliPoint
.
==================== Find3M  ====================
.
2014-02-05 01:20:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 01:20:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-06 02:30:08 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 23:29:48 5693440 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-11-26 22:49:20 6573056 ----a-w- C:\Windows\System32\mstscax.dll
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 22:48:21 3928064 ----a-w- C:\Windows\System32\d2d1.dll
.
============= FINISH:  8:09:03.45 ===============

 

DDS Attach.txt:  I attached it.  Hard to read otherwise.

 

 

 

attach.txt

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Roger all that.

 

0. Ran RKill, RKill.txt posed at bottom. (I notice that this is coming out in Unicode too!)  The process it stopped (WDBtMgr) is the Western Digital Button Manager for an external hard drive, this has been around for years with no apparent problem

 

1. Ran ERUNT, registry saved (but I didn't check, I trusted)

 

2. Ran RogueKiller, RK report posted below, RK Quarantine folder saved to desktop.

 

Await further wisdom.

 

I really appreciate your taking time to do this!

 

T Aponick (Tony)

 

 

RKill.txt

 

ÿþR.k.i.l.l. .2...6...5. .b.y. .L.a.w.r.e.n.c.e. .A.b.r.a.m.s. .(.G.r.i.n.l.e.r.
).....h.t.t.p.:././.w.w.w...b.l.e.e.p.i.n.g.c.o.m.p.u.t.e.r...c.o.m./.....C.o.p.
y.r.i.g.h.t. .2.0.0.8.-.2.0.1.4. .B.l.e.e.p.i.n.g.C.o.m.p.u.t.e.r...c.o.m.....M.
o.r.e. .I.n.f.o.r.m.a.t.i.o.n. .a.b.o.u.t. .R.k.i.l.l. .c.a.n. .b.e. .f.o.u.n.d.
 .a.t. .t.h.i.s. .l.i.n.k.:..... .h.t.t.p.:././.w.w.w...b.l.e.e.p.i.n.g.c.o.m.p.
u.t.e.r...c.o.m./.f.o.r.u.m.s./.t.o.p.i.c.3.0.8.3.6.4...h.t.m.l.........P.r.o.g.
r.a.m. .s.t.a.r.t.e.d. .a.t.:. .0.2./.2.0./.2.0.1.4. .0.6.:.5.1.:.1.0. .P.M. .i.
n. .x.6.4. .m.o.d.e.......W.i.n.d.o.w.s. .V.e.r.s.i.o.n.:. .W.i.n.d.o.w.s. .7. .
P.r.o.f.e.s.s.i.o.n.a.l. .S.e.r.v.i.c.e. .P.a.c.k. .1.........C.h.e.c.k.i.n.g. .
f.o.r. .W.i.n.d.o.w.s. .s.e.r.v.i.c.e.s. .t.o. .s.t.o.p.:......... .*. .N.o. .m.
a.l.w.a.r.e. .s.e.r.v.i.c.e.s. .f.o.u.n.d. .t.o. .s.t.o.p...........C.h.e.c.k.i.
n.g. .f.o.r. .p.r.o.c.e.s.s.e.s. .t.o. .t.e.r.m.i.n.a.t.e.:......... .*. .C.:.\.
W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.W.D.B.t.n.M.g.r...e.x.e. .(.P.I.D.:. .3.1.1.6.
). .[.W.D.-.H.E.U.R.].........1. .p.r.o.c.c.e.s.s. .t.e.r.m.i.n.a.t.e.d.!.......
..C.h.e.c.k.i.n.g. .R.e.g.i.s.t.r.y. .f.o.r. .m.a.l.w.a.r.e. .r.e.l.a.t.e.d. .s.
e.t.t.i.n.g.s.:......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d. .i.n. .t.h.e. .R.e.
g.i.s.t.r.y...........R.e.s.e.t.t.i.n.g. ...E.X.E.,. ...C.O.M.,. .&. ...B.A.T. .
a.s.s.o.c.i.a.t.i.o.n.s. .i.n. .t.h.e. .W.i.n.d.o.w.s. .R.e.g.i.s.t.r.y.........
..P.e.r.f.o.r.m.i.n.g. .m.i.s.c.e.l.l.a.n.e.o.u.s. .c.h.e.c.k.s.:......... .*. .
N.o. .i.s.s.u.e.s. .f.o.u.n.d...........C.h.e.c.k.i.n.g. .W.i.n.d.o.w.s. .S.e.r.
v.i.c.e. .I.n.t.e.g.r.i.t.y.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d.....
......S.e.a.r.c.h.i.n.g. .f.o.r. .M.i.s.s.i.n.g. .D.i.g.i.t.a.l. .S.i.g.n.a.t.u.
r.e.s.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........C.h.e.c.k.i.n.g.
 .H.O.S.T.S. .F.i.l.e.:. ......... .*. .N.o. .i.s.s.u.e.s. .f.o.u.n.d...........
P.r.o.g.r.a.m. .f.i.n.i.s.h.e.d. .a.t.:. .0.2./.2.0./.2.0.1.4. .0.6.:.5.2.:.5.4.
 .P.M.....E.x.e.c.u.t.i.o.n. .t.i.m.e.:. .0. .h.o.u.r.s.(.s.).,. .1. .m.i.n.u.t.
e.(.s.).,. .a.n.d. .4.4. .s.e.c.o.n.d.s.(.s.).....

 

 

RK Report.txt

 

RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : tony [Admin rights]
Mode : Scan -- Date : 02/20/2014 19:04:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] SomotoUpdateCheckerAutoStart : C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe - /auto [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

 

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) ST31000528AS +++++
--- User ---
[MBR] eff5b03d65f541384fa9c7e432eee8b0
[bSP] 6a1febd8552a31d891e36fc90a932978 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 78 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 161792 | Size: 750 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1697792 | Size: 953039 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) SanDisk SanDisk Cruzer USB Device +++++
--- User ---
[MBR] f9fea5fa2c02941e7b8826eb1f747bd8
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 38 | Size: 3827 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_02202014_190444.txt >>

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Ron -

 

Ran ComboFix, Log attached.

 

I forgot that I had Windows Defender enabled.  Should I run ComboFix again??

 

Tony

 

ComboFix 14-02-20.01 - tony 02/20/2014  22:32:25.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4094.1976 [GMT -5:00]
Running from: c:\users\tony\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\index.dat
c:\users\tony\AppData\Local\Temp\_MEI7242\_ctypes.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\_elementtree.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\_hashlib.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\_multiprocessing.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\_socket.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\_ssl.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\pyexpat.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\pysqlite2._sqlite.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\python27.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\pythoncom27.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\PyWinTypes27.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\select.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\unicodedata.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32api.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32com.shell.shell.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32crypt.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32event.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32file.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32inet.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32pdh.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32pipe.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32process.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32profile.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32security.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\win32ts.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\windows._lib_cacheinvalidation.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._controls_.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._core_.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._gdi_.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._html2.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._misc_.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._windows_.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wx._wizard.pyd
c:\users\tony\AppData\Local\Temp\_MEI7242\wxbase294u_net_vc90.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\wxbase294u_vc90.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_adv_vc90.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_core_vc90.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_html_vc90.dll
c:\users\tony\AppData\Local\Temp\_MEI7242\wxmsw294u_webview_vc90.dll
c:\windows\SysWow64\ReadMe.txt
c:\windows\SysWow64\test
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-21 to 2014-02-21  )))))))))))))))))))))))))))))))
.
.
2014-02-21 03:38 . 2014-02-21 03:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-20 23:57 . 2014-02-20 23:57 -------- d-----w- c:\program files (x86)\ERUNT
2014-02-20 03:11 . 2014-02-20 03:11 -------- d-----w- c:\programdata\Microsoft OneDrive
2014-02-20 02:45 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E77A58E-072B-423A-A299-C50DE4319329}\mpengine.dll
2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\users\tony\AppData\Roaming\Malwarebytes
2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\programdata\Malwarebytes
2014-02-17 16:09 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-17 16:09 . 2014-02-17 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-17 13:24 . 2014-02-17 14:22 -------- d-----w- c:\users\tony\AppData\Roaming\Activeris
2014-02-17 13:24 . 2014-02-17 14:17 -------- d-----w- c:\program files (x86)\Bench
2014-02-17 13:24 . 2014-02-17 13:24 -------- d-----w- c:\users\tony\AppData\Local\Popajar
2014-02-17 13:24 . 2014-02-17 13:24 -------- d-----w- c:\users\tony\AppData\Local\SearchProtect
2014-02-16 13:53 . 2014-02-16 13:58 -------- d-----w- c:\windows\system32\catroot2old
2014-02-16 00:16 . 2014-02-16 03:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-02-16 00:16 . 2014-02-16 03:17 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-02-15 00:36 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Roaming\ParetoLogic
2014-02-15 00:36 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Roaming\DriverCure
2014-02-15 00:36 . 2014-02-15 01:05 -------- d-----w- c:\programdata\ParetoLogic
2014-02-15 00:34 . 2014-02-15 00:36 -------- d-----w- c:\users\tony\AppData\Local\Deployment
2014-02-15 00:12 . 2014-02-15 00:26 -------- d-----w- C:\AdwCleaner
2014-02-14 23:32 . 2014-02-20 18:02 -------- d-----w- c:\users\tony\AppData\Local\CrashDumps
2014-02-14 21:17 . 2014-02-14 21:27 -------- d-----w- c:\programdata\HitmanPro
2014-02-14 00:14 . 2014-02-14 00:14 -------- d-----w- c:\windows\CheckSur
2014-02-13 19:10 . 2014-02-13 19:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-02-13 19:10 . 2014-02-13 19:10 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-02-13 15:33 . 2012-11-01 18:38 741480 ------w- c:\windows\system32\HPDiscoPM5B12.dll
2014-02-13 15:33 . 2014-02-13 15:33 -------- d-----w- c:\program files\HP
2014-02-13 05:00 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-13 05:00 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-01-30 15:23 . 2014-01-30 15:34 -------- d-----w- c:\program files (x86)\Pegasus Imaging
2014-01-30 15:14 . 2000-01-04 11:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2014-01-29 22:25 . 2014-01-29 22:25 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2014-01-23 23:48 . 2014-01-24 02:06 -------- d-----w- c:\program files\Microsoft IntelliPoint
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 01:20 . 2012-04-06 12:24 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 01:20 . 2011-06-09 21:19 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-13 05:06 . 2010-02-17 03:00 88567024 ----a-w- c:\windows\system32\MRT.exe
2013-12-18 11:13 . 2010-02-16 15:41 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-11-27 01:41 . 2014-01-15 02:59 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 02:59 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 02:59 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 02:59 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 02:59 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 02:59 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 02:59 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:54 . 2013-12-11 12:27 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 11:40 . 2014-01-15 02:59 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 02:59 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-26 10:19 . 2013-12-11 12:28 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 12:28 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 12:28 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 12:27 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 12:27 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 12:28 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 12:28 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 12:28 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 12:28 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 12:28 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 12:27 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 12:27 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 12:28 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 12:27 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 12:27 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 12:27 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 12:27 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 12:27 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 12:27 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 12:27 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 12:27 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 12:27 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 12:27 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 12:21 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 12:21 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-20 03:11 222920 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2014-02-20 257224]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128]
"CAHeadless"="c:\program files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 840784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2010-02-16 364544]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-04-09 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-02 336384]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-07-07 24576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-07-07 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-7-16 1333024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R4 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [x]
R4 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS;c:\windows\SYSNATIVE\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS;c:\windows\SYSNATIVE\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS;c:\windows\SYSNATIVE\drivers\CTHWIUT.SYS [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys;c:\windows\SYSNATIVE\drivers\ha20x22k.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 01:20]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 09:37]
.
2014-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17 09:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-20 03:11 261832 ----a-w- c:\users\tony\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-01-30 20:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-12 01:06 40960 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1

.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-LiveSupport - c:\program files (x86)\LiveSupport\LiveSupport.exe
Wow6432Node-HKLM-Run-NWEReboot - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F791D8AE-47E8-40A5-A913-EB2D2AF29602} - c:\program files (x86)\Coupon Alerts\FrameworkBHO64.dll
Toolbar-Locked - (no file)
HKLM-Run-ATIModeChange - Ati2mdxx.exe
AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exe
AddRemove-V41 - c:\program files (x86)\V41\Uninst.isu
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-02-20  22:54:30 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-21 03:54
.
Pre-Run: 806,532,526,080 bytes free
Post-Run: 810,048,524,288 bytes free
.
- - End Of File - - 129F12B812577BD4697A0F278373BDB0
A36C5E4F47E84449FF07ED3517B43A31
 

Link to post
Share on other sites

Ron -

 

Please note:  After I ran Combofix, I had to reboot to get my normal desktop back.  Works OK.

 

However, my browser (IE11) will NOT go to Google or to the Wall St Journal publications - WSJ, Market Watch, Barrons.  If I click on a link or a bookmark, the browser just pauses a little then does nothing - it stays right where it was.  All other sites work normally (at least, the 20 or so I checked).

 

Strange.

Link to post
Share on other sites

  • Root Admin

For now let's just reset all your browsers and go from there.

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

 

Then run the following

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

Link to post
Share on other sites

OK.  Did the reset, browser seems to be behaving now.  I only have IE on my machine - I checked programs and features to try to be double sure.

 

Then ran mini tool box -

 

Here's the log:

 

MiniToolBox by Farbar  Version: 23-01-2014
Ran by tony (administrator) on 21-02-2014 at 00:58:59
Running from "C:\Users\tony\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1       localhost

========================= IP Configuration: ================================

ASUS USB-N13 300Mbps 11n Wireless USB dongle = Wireless Network Connection 3 (Connected)
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 4 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Loopback Pseudo-Interface 1" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection 2" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Bluetooth Network Connection" forwarding=disabled advertise=disabled mtu=1492 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : tony-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Wireless LAN adapter Wireless Network Connection 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2
   Physical Address. . . . . . . . . : 30-85-A9-F4-46-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection 3:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : ASUS USB-N13 300Mbps 11n Wireless USB dongle
   Physical Address. . . . . . . . . : 30-85-A9-F4-46-E5
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::89a0:6ce6:8059:bbf5%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, February 20, 2014 11:08:16 PM
   Lease Expires . . . . . . . . . . : Friday, February 21, 2014 11:08:20 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 439387561
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-04-A7-CD-00-26-B9-7F-DE-E0
   DNS Servers . . . . . . . . . . . : 192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
   Physical Address. . . . . . . . . : 00-26-B9-7F-DE-E0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:1459:3dab:b881:9da(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1459:3dab:b881:9da%17(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    google.com
Addresses:  2607:f8b0:4006:809::1008
   74.125.226.161
   74.125.226.165
   74.125.226.167
   74.125.226.163
   74.125.226.174
   74.125.226.162
   74.125.226.160
   74.125.226.164
   74.125.226.168
   74.125.226.166
   74.125.226.169

Pinging google.com [74.125.226.165] with 32 bytes of data:
Reply from 74.125.226.165: bytes=32 time=15ms TTL=250
Reply from 74.125.226.165: bytes=32 time=15ms TTL=250

Ping statistics for 74.125.226.165:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 15ms, Maximum = 15ms, Average = 15ms
Server:  Wireless_Broadband_Router.home
Address:  192.168.1.1

Name:    yahoo.com
Addresses:  98.138.253.109
   98.139.183.24
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=33ms TTL=250
Reply from 98.139.183.24: bytes=32 time=33ms TTL=250

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 33ms, Maximum = 33ms, Average = 33ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 19...30 85 a9 f4 46 e5 ......Microsoft Virtual WiFi Miniport Adapter #2
 18...30 85 a9 f4 46 e5 ......ASUS USB-N13 300Mbps 11n Wireless USB dongle
 10...00 26 b9 7f de e0 ......Broadcom NetXtreme 57xx Gigabit Controller
  1...........................Software Loopback Interface 1
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.6     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.6    281
      192.168.1.6  255.255.255.255         On-link       192.168.1.6    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.6    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.6    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.6    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 17     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 17     58 2001::/32                On-link
 17    306 2001:0:5ef5:79fb:1459:3dab:b881:9da/128
                                    On-link
 18    281 fe80::/64                On-link
 17    306 fe80::/64                On-link
 17    306 fe80::1459:3dab:b881:9da/128
                                    On-link
 18    281 fe80::89a0:6ce6:8059:bbf5/128
                                    On-link
  1    306 ff00::/8                 On-link
 17    306 ff00::/8                 On-link
 18    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 10 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [327168] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/20/2014 01:02:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589a
Exception code: 0xc0000005
Fault offset: 0x00008be4
Faulting process id: 0x1f80
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/20/2014 08:27:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589a
Exception code: 0xc0000005
Fault offset: 0x00008be4
Faulting process id: 0x634
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/18/2014 09:18:12 PM) (Source: Application Hang) (User: )
Description: The program NOTEPAD.EXE version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ff0

Start Time: 01cf2d18c7a34694

Termination Time: 0

Application Path: C:\Windows\SysWOW64\NOTEPAD.EXE

Report Id: 124832c4-990c-11e3-975b-0026b97fdee0

Error: (02/17/2014 07:56:04 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: jscript9.dll, version: 11.0.9600.16476, time stamp: 0x5294589a
Exception code: 0xc0000005
Fault offset: 0x00008be4
Faulting process id: 0x25d8
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/15/2014 01:49:18 PM) (Source: Windows Search Service) (User: )

Error: (02/14/2014 06:32:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: MSHTML.dll, version: 11.0.9600.16476, time stamp: 0x52947390
Exception code: 0xc0000005
Fault offset: 0x000a7e13
Faulting process id: 0xe20
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/13/2014 10:53:03 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x04860fa0
Faulting process id: 0x1150
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/13/2014 10:53:00 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04860fa0
Faulting process id: 0x1150
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/13/2014 10:52:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc000041d
Fault offset: 0x04000f61
Faulting process id: 0x13a4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (02/13/2014 10:51:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.16428, time stamp: 0x525b664c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x04000f61
Faulting process id: 0x13a4
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

System errors:
=============
Error: (02/20/2014 11:08:31 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CDRPDACC

Error: (02/20/2014 11:08:12 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/20/2014 11:07:47 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/20/2014 11:06:27 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/20/2014 10:48:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CDRPDACC

Error: (02/20/2014 10:48:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/20/2014 10:47:39 PM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/20/2014 10:46:07 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Error: (02/20/2014 10:45:48 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (02/20/2014 10:45:43 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Microsoft Office Sessions:
=========================
Error: (10/18/2010 06:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-02-20 23:07:47.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 23:07:47.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:47:39.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:47:39.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:38:16.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:38:16.353
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 20:50:10.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 20:50:10.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 11:05:58.427
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 11:05:58.256
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

=========================== Installed Programs ============================

 Update for Microsoft Office 2007 (KB2508958)
64 Bit HP CIO Components Installer (Version: 7.2.8)
AccuBurn-R 1.3 (Version: 1.3)
Adobe Acrobat  9 Standard - English, Français, Deutsch (Version: 9.5.5)
Adobe Acrobat 9.5.5 - CPSID_83708
Adobe AIR (Version: 3.3.0.3650)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop CS3 (Version: 10.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Setup (Version: 1.0)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
Amazon Kindle
AMD APP SDK Runtime (Version: 2.4.595.10)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Bing Bar (Version: 7.0.850.0)
BioAPI Framework (Version: 1.0.1)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
calibre (Version: 0.9.27)
Cartes du Ciel
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2011.0602.1130.18753)
Catalyst Control Center Graphics Previews Common (Version: 2011.0602.1130.18753)
Catalyst Control Center InstallProxy (Version: 2009.0614.2131.36800)
Catalyst Control Center InstallProxy (Version: 2011.0602.1130.18753)
Catalyst Control Center Localization All (Version: 2011.0602.1130.18753)
Catalyst Control Center Profiles Desktop (Version: 2011.0602.1130.18753)
CCC Help Chinese Standard (Version: 2011.0602.1129.18753)
CCC Help Chinese Traditional (Version: 2011.0602.1129.18753)
CCC Help Czech (Version: 2011.0602.1129.18753)
CCC Help Danish (Version: 2011.0602.1129.18753)
CCC Help Dutch (Version: 2011.0602.1129.18753)
CCC Help English (Version: 2011.0602.1129.18753)
CCC Help Finnish (Version: 2011.0602.1129.18753)
CCC Help French (Version: 2011.0602.1129.18753)
CCC Help German (Version: 2011.0602.1129.18753)
CCC Help Greek (Version: 2011.0602.1129.18753)
CCC Help Hungarian (Version: 2011.0602.1129.18753)
CCC Help Italian (Version: 2011.0602.1129.18753)
CCC Help Japanese (Version: 2011.0602.1129.18753)
CCC Help Korean (Version: 2011.0602.1129.18753)
CCC Help Norwegian (Version: 2011.0602.1129.18753)
CCC Help Polish (Version: 2011.0602.1129.18753)
CCC Help Portuguese (Version: 2011.0602.1129.18753)
CCC Help Russian (Version: 2011.0602.1129.18753)
CCC Help Spanish (Version: 2011.0602.1129.18753)
CCC Help Swedish (Version: 2011.0602.1129.18753)
CCC Help Thai (Version: 2011.0602.1129.18753)
CCC Help Turkish (Version: 2011.0602.1129.18753)
ccc-utility64 (Version: 2011.0602.1130.18753)
CD/DVD Diagnostic 3.1 (Version: 3.1)
CONTACT ORGANIZER DELUXE (S) (Version: 2.7)
Crayon Physics Deluxe - release 53
Creative Audio Control Panel (Version: 3.00)
Creative Software AutoUpdate (Version: 1.40)
Creative Sound Blaster Properties x64 Edition (Version: 1.02)
D3DX10 (Version: 15.4.2368.0902)
DCP64MMWrapper (Version: 1.6.326.57)
Dell Control Point 64 (Version: 1.6.326.57)
Dell ControlPoint Security Manager (Version: 1.6.326.57)
Dell ControlPoint System Manager (Version: 1.3.00000)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 02.04.00.031)
Dell Resource CD (Version: 1.00.0000)
Dell Security Device Driver Pack (Version: 1.3.039)
DeLorme Send To GPS 1.2
DeLorme Send To GPS 1.5 (Version: 1.5)
DeLorme Topo USA 8.0 (Version: 8.091.30874)
Desktop Icon Position Saver (64-bit)
Dolby Digital Live Pack (Version: 3.00)
Elements 11 Organizer (Version: 11.0)
EMBASSY Security Center Lite (Version: )
EMBASSY Security Center Lite (Version: 03.10.00.038)
EMBASSY Security Setup (Version: )
EMBASSY Security Setup (Version: 03.10.00.041)
ERUNT 1.1j
ESC Home Page Plugin (Version: )
ESC Home Page Plugin (Version: 03.05.00.016)
Gemalto (Version: 01.64.00.0010)
GoldWave v5.13
Google Drive (Version: 1.14.6059.644)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.5)
HP Officejet Pro 8100 Basic Device Software (Version: 28.0.1321.0)
HP Update (Version: 5.005.000.002)
IcoFX 1.6.3
Intel® Matrix Storage Manager
Ipswitch WS_FTP Professional 2007 (Version: 11.00.002)
Java 7 Update 51 (Version: 7.0.510)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 16.4.3508.0205)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mathcad 14.0 M020 (Version: 14.0.2.0)
Mathcad 14.0 M020 Help (Version: 14.0.2.0)
Mathcad 14.0 M020 Resource Center (Version: 14.0.2.0)
MeshLab 1.3.2 (Version: 1.3.2)
MeshLab_64b 1.3.2 (Version: 1.3.2)
MFCLOC (Version: 1.00.0000)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft OneDrive (Version: 17.0.4029.0217)
Microsoft Project 2000 SR-1 (Version: 9.00.4527)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (Version: 10.0.40219.1)
Movie Maker (Version: 16.4.3508.0205)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (Version: 1.0.1.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Nokia Connectivity Cable Driver (Version: 7.1.101.0)
Nokia Suite (Version: 3.7.22.0)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA PhysX (Version: 9.09.0814)
OpenAL
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Opti Drive Control 1.00
PANDA-glGo (Version: 1.4)
PC Connectivity Solution (Version: 12.0.76.0)
PDF Settings (Version: 1.0)
PEVSoft AssetX
PEVSoft AttachmentMaker
PEVSoft Images2TGA (Version: 1.13)
PEVSoft Trainz Mesh Viewer 2
Photo Gallery (Version: 16.4.3508.0205)
PokeScope Pro 2.6
Power Edit 1.1
PowerDVD DX (Version: 8.3.5424)
PRE11 STI 64Installer (Version: 11.0)
Preboot Manager (Version: 02.10.00.031)
QuickTime (Version: 7.74.80.86)
Rapport (Version: 3.5.1201.94)
Rockstar Games Social Club (Version: 1.0.6.1)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
SimLab 3D PDF Exporter 2.3 From Google SketchUp (Version: 2.3)
Simple Sudoku 4.1
SketchUp Pro 8 (Version: 3.0.16846)
SO64MMWrapper (Version: 1.6.326.57)
Sound Blaster X-Fi (Version: 1.0)
Spectrogram (Version: 14.0)
SU Podium V2 1.0
Trainz 'Blue Comet' Addon Pack
Trainz 'Duchess' Addon Pack
Trainz Simulator 12
Trusted Drive Manager (Version: 3.1.0.116)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
UPEK TouchChip Fingerprint Reader (Version: 1.1.0)
V41
Wave Infrastructure Installer (Version: 07.64.19.0000)
Wave Support Software (Version: )
Wave Support Software (Version: 05.11.00.023)
WebEx
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0)
Windows Live Communications Platform (Version: 16.4.3508.0205)
Windows Live Essentials (Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3508.0205)
Windows Live Mail (Version: 16.4.3508.0205)
Windows Live Messenger (Version: 16.4.3508.0205)
Windows Live MIME IFilter (Version: 16.4.3508.0205)
Windows Live OneCare safety scanner
Windows Live Photo Common (Version: 16.4.3508.0205)
Windows Live PIMT Platform (Version: 16.4.3508.0205)
Windows Live SOXE (Version: 16.4.3508.0205)
Windows Live SOXE Definitions (Version: 16.4.3508.0205)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205)
Windows Live Writer (Version: 16.4.3508.0205)
Windows Live Writer Resources (Version: 16.4.3508.0205)
WinZip 14.5 (Version: 14.5.9095)
Yahoo! Detect

========================= Devices: ================================

Name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WfpLwf

Name: NETBT
Description: NETBT
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NetBT

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Security Driver
Description: Security Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: secdrv

Name: E-mu Plug-in Architecture Driver
Description: E-mu Plug-in Architecture Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: emupia

Name: Intel® 82801 PCI Bridge - 244E
Description: Intel® 82801 PCI Bridge - 244E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: File as Volume Driver
Description: File as Volume Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: blbdrive

Name: Intel® 5520/5500/X58 I/O Hub System Management Registers - 342E
Description: Intel® 5520/5500/X58 I/O Hub System Management Registers - 342E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Intel® ICH10 Family USB Universal Host Controller - 3A39
Description: Intel® ICH10 Family USB Universal Host Controller - 3A39
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid

Name: Generic Ultra HS-SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Winsock IFS Driver
Description: Winsock IFS Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ws2ifsl

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus

Name: PCI bus
Description: PCI bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

Name: NSI proxy service driver.
Description: NSI proxy service driver.
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: nsiproxy

Name: User Mode Driver Frameworks Platform Driver
Description: User Mode Driver Frameworks Platform Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: WudfPf

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp

Name: Microsoft USB Dual Receiver Wireless Keyboard (Mouse and Keyboard Center)
Description: Microsoft USB Dual Receiver Wireless Keyboard (Mouse and Keyboard Center)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kbdhid

Name: Intel® ICH8R/ICH9R/ICH10R/DO/PCH SATA RAID Controller
Description: Intel® ICH8R/ICH9R/ICH10R/DO/PCH SATA RAID Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: iaStor

Name: Intel® ICH10R LPC Interface Controller - 3A16
Description: Intel® ICH10R LPC Interface Controller - 3A16
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv

Name: Intel® ICH10 Family USB Enhanced Host Controller - 3A3A
Description: Intel® ICH10 Family USB Enhanced Host Controller - 3A3A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Ancillary Function Driver for Winsock
Description: Ancillary Function Driver for Winsock
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AFD

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn

Name: Null
Description: Null
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Null

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp

Name: amdkmdag
Description: amdkmdag
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: amdkmdag

Name: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)
Description: Microsoft USB Dual Receiver Wireless Mouse (Mouse and Keyboard Center)
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid

Name: F:\
Description: Ultra HS-SD/MMC
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic
Service: WUDFRd

Name: Creative OS Services Driver
Description: Creative OS Services Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ossrv

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Disk Virtual Machine Bus Acceleration Filter Driver
Description: Disk Virtual Machine Bus Acceleration Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: storflt

Name: Mount Point Manager
Description: Mount Point Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mountmgr

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp

Name: Intel® 5520/5500/X58 I/O Hub to ESI Port - 3405
Description: Intel® 5520/5500/X58 I/O Hub to ESI Port - 3405
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep

Name: Intel® ICH10 Family SMBus Controller - 3A30
Description: Intel® ICH10 Family SMBus Controller - 3A30
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: ST31000528AS
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: Intel® ICH10 Family USB Enhanced Host Controller - 3A3C
Description: Intel® ICH10 Family USB Enhanced Host Controller - 3A3C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci

Name: Microsoft Hardware USB Keyboard
Description: Microsoft Hardware USB Keyboard
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: PBADRV
Description: PBADRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PBADRV

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Microsoft Windows Management Interface for ACPI
Description: Microsoft Windows Management Interface for ACPI
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: WmiAcpi

Name: Intel® Xeon® CPU           W3505  @ 2.53GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: TCP/IP Protocol Driver
Description: TCP/IP Protocol Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Tcpip

Name: Windows Firewall Authorization Driver
Description: Windows Firewall Authorization Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mpsdrv

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Bitlocker Drive Encryption Filter Driver
Description: Bitlocker Drive Encryption Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: fvevol

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Performance Counters for Windows Driver
Description: Performance Counters for Windows Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: pcw

Name: TCP/IP Registry Compatibility
Description: TCP/IP Registry Compatibility
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tcpipreg

Name: Dell U2410(DP)
Description: Dell U2410(DP)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Dell Inc.
Service: monitor

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: Creative 20X2 HAL Driver
Description: Creative 20X2 HAL Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ha20x22k

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: PEAUTH
Description: PEAUTH
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: PEAUTH

Name: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 1 - 3408
Description: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 1 - 3408
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH10 Family USB Universal Host Controller - 3A34
Description: Intel® ICH10 Family USB Universal Host Controller - 3A34
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI

Name: Intel® ICH10 Family PCI Express Root Port 1 - 3A40
Description: Intel® ICH10 Family PCI Express Root Port 1 - 3A40
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan

Name: TDTCP
Description: TDTCP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: TDTCP

Name: Common Log (CLFS)
Description: Common Log (CLFS)
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CLFS

Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: HTTP
Description: HTTP
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: HTTP

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: UMBus Enumerator
Description: UMBus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: CNG
Description: CNG
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CNG

Name: NetIO Legacy TDI Support Driver
Description: NetIO Legacy TDI Support Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tdx

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe

Name: Microsoft Mouse and Keyboard Detection Driver (USB)
Description: Microsoft Mouse and Keyboard Detection Driver (USB)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Microsoft
Service: usbccgp

Name: Hardware Policy Driver
Description: Hardware Policy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: hwpolicy

Name: ATI FirePro V8700 (FireGL)
Description: ATI FirePro V8700 (FireGL)
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: ATI Technologies Inc.
Service: amdkmdap

Name: Intel® Xeon® CPU           W3505  @ 2.53GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm

Name: Offline Files Driver
Description: Offline Files Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CSC

Name: Remote Desktop Services Security Filter Driver
Description: Remote Desktop Services Security Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: tssecsrv

Name: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 3 - 340A
Description: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 3 - 340A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: Intel® ICH10 Family USB Universal Host Controller - 3A35
Description: Intel® ICH10 Family USB Universal Host Controller - 3A35
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: Intel® ICH10 Family PCI Express Root Port 6 - 3A4A
Description: Intel® ICH10 Family PCI Express Root Port 6 - 3A4A
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport

Name: KSecDD
Description: KSecDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecDD

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: Microsoft Hardware USB Keyboard
Description: Microsoft Hardware USB Keyboard
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: CT20XUT.SYS
Description: CT20XUT.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CT20XUT.SYS

Name: QoS Packet Scheduler
Description: QoS Packet Scheduler
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Psched

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp

Name: KSecPkg
Description: KSecPkg
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: KSecPkg

Name: SanDisk SanDisk Cruzer USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: VgaSave
Description: VgaSave
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: VgaSave

Name: msisadrv
Description: msisadrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: msisadrv

Name: CTEXFIFX.SYS
Description: CTEXFIFX.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CTEXFIFX.SYS

Name: Creative SB X-Fi
Description: Creative X-Fi Audio Processor (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Creative Technology, Ltd.
Service: ctaud2k

Name: HP Officejet Pro 8100
Description: HP Officejet Pro 8100
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:

Name: Link-Layer Topology Discovery Mapper I/O Driver
Description: Link-Layer Topology Discovery Mapper I/O Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: lltdio

Name: ASUS USB-N13 300Mbps 11n Wireless USB dongle
Description: ASUS USB-N13 300Mbps 11n Wireless USB dongle
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ASUS
Service: RTL8192cu

Name: Microsoft Hardware USB Mouse
Description: Microsoft Hardware USB Mouse
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: HidUsb

Name: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 7 - 340E
Description: Intel® 5520/5500/X58 I/O Hub PCI Express Root Port 7 - 340E
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: pci

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Intel® ICH10 Family USB Universal Host Controller - 3A36
Description: Intel® ICH10 Family USB Universal Host Controller - 3A36
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: HID-compliant device
Description: HID-compliant device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:

Name: Virtual Machine Bus
Description: Virtual Machine Bus
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vmbus

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus

Name: CTHWIUT.SYS
Description: CTHWIUT.SYS
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: CTHWIUT.SYS

Name: RDPCDD
Description: RDPCDD
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPCDD

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Terminal Server Keyboard Driver
Description: Terminal Server Keyboard Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: Dynamic Volume Manager
Description: Dynamic Volume Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volmgrx

Name: NativeWiFi Filter
Description: NativeWiFi Filter
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NativeWifiP

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb

Name: Terminal Server Device Redirector Driver
Description: Terminal Server Device Redirector Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPDR

Name: Creative Proxy Driver
Description: Creative Proxy Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctprxy2k

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Terminal Server Mouse Driver
Description: Terminal Server Mouse Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: TermDD

Name: LSI 1394 OHCI Compliant Host Controller
Description: LSI 1394 OHCI Compliant Host Controller
Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f}
Manufacturer: LSI
Service: 1394ohci

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Intel® 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers - 3422
Description: Intel® 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers - 3422
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Intel® ICH10 Family USB Universal Host Controller - 3A37
Description: Intel® ICH10 Family USB Universal Host Controller - 3A37
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: Storage volumes
Description: Storage volumes
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: volsnap

Name: NDIS System Driver
Description: NDIS System Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDIS

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum

Name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPENCDD

Name: Creative SoundFont Management Device Driver
Description: Creative SoundFont Management Device Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ctsfm2k

Name: Generic volume
Description: Generic volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volsnap

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: HL-DT-ST DVD+-RW GH50N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Microsoft SideWinder X4 Keyboard (Mouse and Keyboard Center)
Description: Microsoft SideWinder X4 Keyboard (Mouse and Keyboard Center)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kbdhid

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub

Name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: vwififlt

Name: NDIS Usermode I/O Protocol
Description: NDIS Usermode I/O Protocol
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Ndisuio

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus

Name: Reflector Display Driver used to gain access to graphics data
Description: Reflector Display Driver used to gain access to graphics data
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPREFMP

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: Microsoft Virtual Drive Enumerator Driver
Description: Microsoft Virtual Drive Enumerator Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: vdrvroot

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:

Name: ICRUZER
Description: SanDisk Cruzer 
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: SanDisk
Service: WUDFRd

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wanarpv6

Name: NDProxy
Description: NDProxy
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: NDProxy

Name: Broadcom NetXtreme 57xx Gigabit Controller
Description: Broadcom NetXtreme 57xx Gigabit Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: b57nd60a

Name: Intel® 5520/5500/X58 I/O Hub Control Status and RAS Registers - 3423
Description: Intel® 5520/5500/X58 I/O Hub Control Status and RAS Registers - 3423
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:

Name: Microsoft ISATAP Adapter #3
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Intel® ICH10 Family USB Universal Host Controller - 3A38
Description: Intel® ICH10 Family USB Universal Host Controller - 3A38
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci

Name: System Attribute Cache
Description: System Attribute Cache
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: discache

Name: RDP Winstation Driver
Description: RDP Winstation Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: RDPWD

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: volmgr

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub

Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Parport

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel

Name: Kernel Mode Driver Frameworks service
Description: Kernel Mode Driver Frameworks service
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Wdf01000

Name: Link-Layer Topology Discovery Responder
Description: Link-Layer Topology Discovery Responder
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: rspndr

Name: LDDM Graphics Subsystem
Description: LDDM Graphics Subsystem
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: DXGKrnl

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:

Name: PLDS DVD-ROM DH-16D5S
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL

Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR

========================= Memory info: ===================================

Percentage of memory in use: 41%
Total physical RAM: 4093.55 MB
Available physical RAM: 2394.8 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 6176.25 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.21 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:930.7 GB) (Free:755.28 GB) NTFS
2 Drive d: (Hom Bak 08) (CDROM) (Total:2.91 GB) (Free:0 GB) CDFS
5 Drive i: (ICRUZER) (Removable) (Total:3.73 GB) (Free:1.91 GB) FAT32

========================= Users: ========================================

User accounts for \\TONY-PC

Administrator            Guest                    tony                    

========================= Minidump Files ==================================

No minidump file found

**** End of log ****
 

Link to post
Share on other sites

  • Root Admin

Please uninstall ALL versions of Java from your Control Panel, Add/Remove

Then run the following.


Please download JavaRa-1.16 and save it to your computer.

  • Double click to open the zip file and then select all and choose Copy.
  • Create a new folder on your Desktop named RemoveJava and paste the files into this new folder.
  • Quit all browsers and other running applications.
  • Right-click on JavaRa.exe in RemoveJava folder and choose Run as administrator to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

 

 

 

Then run this temporary file cleaner.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

Then Please run a Quick Scan with Malwarebytes and post the log:
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.
Make sure that everything is checked, and click Remove Selected.

Link to post
Share on other sites

Ron-

 

Removed Java 7 rev 51 which is all that was there (apparently)

 

Ran JavaRA, removed older versions.  Log attached.

 

Ran TFC, it deleted about 350 MB without incident and without reboot.

 

Ran MBAB with PUPs  shown and checked.  It found only one, and it was removed successfully.  Log Attached. (I notice the log is STILL stored in unicode, I post the original popup version here)

 

JavaRA Log:

 

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Feb 21 01:25:29 2014

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0001-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0002-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0003-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0004-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0005-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0006-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0007-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0008-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0009-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0010-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0011-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0012-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0013-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0014-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0015-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0016-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0017-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0018-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0019-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0020-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0021-ABCDEFFDCBA}. The error returned was 124.

There was an error removing C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0022-ABCDEFFDCBA}. The error returned was 124.

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

Found and removed: SOFTWARE\Classes\CLSID\{5852F5ED-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

Found and removed: SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Found and removed: SOFTWARE\Classes\Interface\{5852F5EC-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\MIME\Database\Content Type\application/java-deployment-toolkit

Found and removed: SOFTWARE\Classes\TypeLib\{5852F5E0-8BF4-11D4-A245-0080C6F74284}

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.7.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

Found and removed: SOFTWARE\JavaSoft

Found and removed: SOFTWARE\JreMetrics

Found and removed: SOFTWARE\MozillaPlugins

------------------------------------

Finished reporting.

 

 

MBAM log: 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
tony :: TONY-PC [administrator]

Protection: Disabled

2/21/2014 1:33:23 AM
mbam-log-2014-02-21 (01-33-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226685
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F791D8AE-47E8-40A5-A913-EB2D2AF29602} (PUP.Optional.CouponAlerts.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

  • Root Admin

Okay, Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

OK

 

Ran MBAR as updated - it found nothing the first time through and only produced one log System-log.txt. It was in unicode, so I converted it in Word for easier reading.

 

Shut down defender. Ran JRT.  Log attached.  Re-activated Defender.

 

Ran AdwCleaner. Log attached. Ran MBAM with PUPs checked.  Nothing found, log attached.

 

Turned off defender again. Ran the ESET online scanner - nothing found, no log appended.  I uninstalled the ESET files.

 

Ran FRST, logs appended.

 

 

MBAR system-log, converted from Unicode:

 

---------------------------------------

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009

 

 

 

© Malwarebytes Corporation 2011-2012

 

 

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

 

 

Account is Administrative

 

 

 

Internet Explorer version: 11.0.9600.16476

 

 

 

File system is: NTFS

 

Disk drives: C:\ DRIVE_FIXED

 

CPU speed: 2.533000 GHz

 

Memory total: 4292403200, free: 2253529088

 

 

 

Downloaded database version: v2014.02.21.03

 

Downloaded database version: v2014.02.20.01

 

Initializing...

 

======================

 

------------ Kernel report ------------

 

     02/21/2014 02:05:38

 

------------ Loaded modules -----------

 

\SystemRoot\system32\ntoskrnl.exe

 

\SystemRoot\system32\hal.dll

 

\SystemRoot\system32\kdcom.dll

 

\SystemRoot\system32\mcupdate_GenuineIntel.dll

 

\SystemRoot\system32\PSHED.dll

 

\SystemRoot\system32\CLFS.SYS

 

\SystemRoot\system32\CI.dll

 

\SystemRoot\system32\drivers\Wdf01000.sys

 

\SystemRoot\system32\drivers\WDFLDR.SYS

 

\SystemRoot\system32\drivers\ACPI.sys

 

\SystemRoot\system32\drivers\WMILIB.SYS

 

\SystemRoot\system32\drivers\msisadrv.sys

 

\SystemRoot\system32\drivers\pci.sys

 

\SystemRoot\system32\drivers\vdrvroot.sys

 

\SystemRoot\System32\drivers\partmgr.sys

 

\SystemRoot\system32\drivers\volmgr.sys

 

\SystemRoot\System32\drivers\volmgrx.sys

 

\SystemRoot\System32\drivers\mountmgr.sys

 

\SystemRoot\system32\drivers\vmbus.sys

 

\SystemRoot\system32\drivers\winhv.sys

 

\SystemRoot\system32\DRIVERS\iaStor.sys

 

\SystemRoot\system32\drivers\amdxata.sys

 

\SystemRoot\system32\drivers\fltmgr.sys

 

\SystemRoot\system32\drivers\fileinfo.sys

 

\SystemRoot\System32\Drivers\PxHlpa64.sys

 

\SystemRoot\System32\Drivers\Ntfs.sys

 

\SystemRoot\System32\Drivers\msrpc.sys

 

\SystemRoot\System32\Drivers\ksecdd.sys

 

\SystemRoot\System32\Drivers\cng.sys

 

\SystemRoot\System32\drivers\pcw.sys

 

\SystemRoot\System32\Drivers\Fs_Rec.sys

 

\SystemRoot\system32\drivers\ndis.sys

 

\SystemRoot\system32\drivers\NETIO.SYS

 

\SystemRoot\System32\Drivers\ksecpkg.sys

 

\SystemRoot\System32\drivers\tcpip.sys

 

\SystemRoot\System32\drivers\fwpkclnt.sys

 

\SystemRoot\system32\drivers\vmstorfl.sys

 

\SystemRoot\system32\drivers\volsnap.sys

 

\SystemRoot\System32\Drivers\spldr.sys

 

\SystemRoot\System32\drivers\rdyboost.sys

 

\SystemRoot\system32\DRIVERS\PBADRV64.sys

 

\SystemRoot\System32\Drivers\mup.sys

 

\SystemRoot\System32\drivers\hwpolicy.sys

 

\SystemRoot\System32\DRIVERS\fvevol.sys

 

\SystemRoot\system32\DRIVERS\disk.sys

 

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

 

\SystemRoot\system32\drivers\cdrom.sys

 

\SystemRoot\System32\Drivers\Null.SYS

 

\SystemRoot\System32\Drivers\Beep.SYS

 

\SystemRoot\System32\drivers\vga.sys

 

\SystemRoot\System32\drivers\VIDEOPRT.SYS

 

\SystemRoot\System32\drivers\watchdog.sys

 

\SystemRoot\System32\DRIVERS\RDPCDD.sys

 

\SystemRoot\system32\drivers\rdpencdd.sys

 

\SystemRoot\system32\drivers\rdprefmp.sys

 

\SystemRoot\System32\Drivers\Msfs.SYS

 

\SystemRoot\System32\Drivers\Npfs.SYS

 

\SystemRoot\system32\DRIVERS\tdx.sys

 

\SystemRoot\system32\DRIVERS\TDI.SYS

 

\SystemRoot\System32\DRIVERS\netbt.sys

 

\SystemRoot\system32\drivers\afd.sys

 

\SystemRoot\system32\drivers\ws2ifsl.sys

 

\SystemRoot\system32\DRIVERS\wfplwf.sys

 

\SystemRoot\system32\DRIVERS\pacer.sys

 

\SystemRoot\system32\DRIVERS\vwififlt.sys

 

\SystemRoot\system32\DRIVERS\netbios.sys

 

\SystemRoot\system32\DRIVERS\serial.sys

 

\SystemRoot\system32\DRIVERS\wanarp.sys

 

\SystemRoot\system32\drivers\termdd.sys

 

\SystemRoot\system32\DRIVERS\rdbss.sys

 

\SystemRoot\system32\drivers\nsiproxy.sys

 

\SystemRoot\system32\drivers\mssmbios.sys

 

\SystemRoot\System32\drivers\discache.sys

 

\SystemRoot\system32\drivers\csc.sys

 

\SystemRoot\System32\Drivers\dfsc.sys

 

\SystemRoot\system32\DRIVERS\blbdrive.sys

 

\SystemRoot\system32\DRIVERS\tunnel.sys

 

\SystemRoot\system32\drivers\wmiacpi.sys

 

\SystemRoot\system32\DRIVERS\intelppm.sys

 

\SystemRoot\system32\drivers\ctaud2k.sys

 

\SystemRoot\system32\drivers\portcls.sys

 

\SystemRoot\system32\drivers\drmk.sys

 

\SystemRoot\system32\drivers\ks.sys

 

\SystemRoot\system32\drivers\ctoss2k.sys

 

\SystemRoot\system32\drivers\ctprxy2k.sys

 

\SystemRoot\system32\drivers\ksthunk.sys

 

\SystemRoot\system32\DRIVERS\atikmpag.sys

 

\SystemRoot\system32\DRIVERS\atikmdag.sys

 

\SystemRoot\System32\drivers\dxgkrnl.sys

 

\SystemRoot\System32\drivers\dxgmms1.sys

 

\SystemRoot\system32\DRIVERS\usbuhci.sys

 

\SystemRoot\system32\DRIVERS\USBPORT.SYS

 

\SystemRoot\system32\DRIVERS\usbehci.sys

 

\SystemRoot\system32\DRIVERS\b57nd60a.sys

 

\SystemRoot\system32\drivers\1394ohci.sys

 

\SystemRoot\system32\DRIVERS\parport.sys

 

\SystemRoot\system32\DRIVERS\serenum.sys

 

\SystemRoot\system32\drivers\CompositeBus.sys

 

\SystemRoot\system32\DRIVERS\AgileVpn.sys

 

\SystemRoot\system32\DRIVERS\rasl2tp.sys

 

\SystemRoot\system32\DRIVERS\ndistapi.sys

 

\SystemRoot\system32\DRIVERS\ndiswan.sys

 

\SystemRoot\system32\DRIVERS\raspppoe.sys

 

\SystemRoot\system32\DRIVERS\raspptp.sys

 

\SystemRoot\system32\DRIVERS\rassstp.sys

 

\SystemRoot\system32\DRIVERS\rdpbus.sys

 

\SystemRoot\system32\DRIVERS\kbdclass.sys

 

\SystemRoot\system32\DRIVERS\mouclass.sys

 

\SystemRoot\system32\drivers\swenum.sys

 

\SystemRoot\system32\DRIVERS\umbus.sys

 

\SystemRoot\system32\DRIVERS\usbhub.sys

 

\SystemRoot\system32\drivers\ha20x22k.sys

 

\SystemRoot\system32\drivers\emupia2k.sys

 

\SystemRoot\system32\drivers\ctsfm2k.sys

 

\SystemRoot\System32\drivers\CTHWIUT.SYS

 

\SystemRoot\System32\drivers\CT20XUT.SYS

 

\SystemRoot\System32\drivers\CTEXFIFX.SYS

 

\SystemRoot\System32\Drivers\NDProxy.SYS

 

\SystemRoot\system32\DRIVERS\rtwlanu.sys

 

\SystemRoot\system32\DRIVERS\vwifibus.sys

 

\SystemRoot\system32\DRIVERS\cdfs.sys

 

\SystemRoot\system32\DRIVERS\usbccgp.sys

 

\SystemRoot\system32\DRIVERS\USBD.SYS

 

\SystemRoot\system32\DRIVERS\hidusb.sys

 

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

 

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

 

\SystemRoot\system32\DRIVERS\kbdhid.sys

 

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

 

\SystemRoot\System32\Drivers\crashdmp.sys

 

\SystemRoot\System32\Drivers\dump_iaStor.sys

 

\SystemRoot\System32\Drivers\dump_dumpfve.sys

 

\SystemRoot\System32\win32k.sys

 

\SystemRoot\System32\drivers\Dxapi.sys

 

\SystemRoot\system32\DRIVERS\dc3d.sys

 

\SystemRoot\system32\DRIVERS\mouhid.sys

 

\SystemRoot\system32\DRIVERS\point64.sys

 

\SystemRoot\system32\DRIVERS\monitor.sys

 

\SystemRoot\System32\TSDDD.dll

 

\SystemRoot\System32\cdd.dll

 

\SystemRoot\System32\ATMFD.DLL

 

\SystemRoot\system32\drivers\luafv.sys

 

\??\C:\Windows\system32\drivers\mbam.sys

 

\SystemRoot\system32\DRIVERS\lltdio.sys

 

\SystemRoot\system32\DRIVERS\nwifi.sys

 

\SystemRoot\system32\DRIVERS\ndisuio.sys

 

\SystemRoot\system32\DRIVERS\rspndr.sys

 

\SystemRoot\system32\drivers\HTTP.sys

 

\SystemRoot\system32\DRIVERS\vwifimp.sys

 

\SystemRoot\System32\Drivers\fastfat.SYS

 

\SystemRoot\system32\DRIVERS\bowser.sys

 

\SystemRoot\System32\drivers\mpsdrv.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

 

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

 

\SystemRoot\system32\drivers\peauth.sys

 

\SystemRoot\System32\Drivers\secdrv.SYS

 

\SystemRoot\System32\DRIVERS\srvnet.sys

 

\SystemRoot\System32\drivers\tcpipreg.sys

 

\SystemRoot\System32\DRIVERS\srv2.sys

 

\SystemRoot\System32\DRIVERS\srv.sys

 

\SystemRoot\system32\drivers\WudfPf.sys

 

\SystemRoot\system32\DRIVERS\WUDFRd.sys

 

\??\C:\Windows\system32\drivers\mbamchameleon.sys

 

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

 

\Windows\System32\ntdll.dll

 

\Windows\System32\smss.exe

 

\Windows\System32\apisetschema.dll

 

----------- End -----------

 

Done!

 

<<<1>>>

 

Upper Device Name: \Device\Harddisk2\DR2

 

Upper Device Object: 0xfffffa8008a74790

 

Upper Device Driver Name: \Driver\Disk\

 

Lower Device Name: \Device\0000007c\

 

Lower Device Object: 0xfffffa80078bf2b0

 

Lower Device Driver Name: \Driver\USBSTOR\

 

<<<1>>>

 

Upper Device Name: \Device\Harddisk1\DR1

 

Upper Device Object: 0xfffffa80078ba060

 

Upper Device Driver Name: \Driver\Disk\

 

Lower Device Name: \Device\0000007a\

 

Lower Device Object: 0xfffffa800792b2b0

 

Lower Device Driver Name: \Driver\USBSTOR\

 

<<<1>>>

 

Upper Device Name: \Device\Harddisk0\DR0

 

Upper Device Object: 0xfffffa80051b0230

 

Upper Device Driver Name: \Driver\Disk\

 

Lower Device Name: \Device\Ide\IAAStorageDevice-2\

 

Lower Device Object: 0xfffffa8004097050

 

Lower Device Driver Name: \Driver\iaStor\

 

<<<2>>>

 

Physical Sector Size: 512

 

Drive: 0, DevicePointer: 0xfffffa80051b0230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

 

--------- Disk Stack ------

 

DevicePointer: 0xfffffa80051b1b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

 

DevicePointer: 0xfffffa80051b0230, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

 

DevicePointer: 0xfffffa8004097050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\

 

------------ End ----------

 

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

 

Upper DeviceData: 0x0, 0x0, 0x0

 

Lower DeviceData: 0x0, 0x0, 0x0

 

<<<3>>>

 

Volume: C:

 

File system type: NTFS

 

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

 

<<<2>>>

 

<<<3>>>

 

Volume: C:

 

File system type: NTFS

 

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

 

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

 

<<<2>>>

 

<<<3>>>

 

Volume: C:

 

File system type: NTFS

 

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

 

Done!

 

Drive 0

 

Scanning MBR on drive 0...

 

Inspecting partition table:

 

MBR Signature: 55AA

 

Disk Signature: F8000000

 

 

 

Partition information:

 

 

 

    Partition 0 type is Other (0xde)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 63  Numsec = 160587

 

 

 

    Partition 1 type is Primary (0x7)

 

    Partition is ACTIVE.

 

    Partition starts at LBA: 161792  Numsec = 1536000

 

    Partition file system is NTFS

 

    Partition is bootable

 

 

 

    Partition 2 type is Primary (0x7)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 1697792  Numsec = 1951823872

 

 

 

    Partition 3 type is Empty (0x0)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 0  Numsec = 0

 

 

 

Disk Size: 1000204886016 bytes

 

Sector size: 512 bytes

 

 

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1953505168-1953525168)...

 

Done!

 

Physical Sector Size: 512

 

Drive: 1, DevicePointer: 0xfffffa80078ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

 

--------- Disk Stack ------

 

DevicePointer: 0xfffffa80081cdb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

 

DevicePointer: 0xfffffa80078ba060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

 

DevicePointer: 0xfffffa800792b2b0, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\

 

------------ End ----------

 

Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

 

Upper DeviceData: 0x0, 0x0, 0x0

 

Lower DeviceData: 0x0, 0x0, 0x0

 

Drive 1

 

Scanning MBR on drive 1...

 

Inspecting partition table:

 

MBR Signature: 55AA

 

Disk Signature: 0

 

 

 

Partition information:

 

 

 

    Partition 0 type is Other (0xb)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 38  Numsec = 7839682

 

 

 

    Partition 1 type is Empty (0x0)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 0  Numsec = 0

 

 

 

    Partition 2 type is Empty (0x0)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 0  Numsec = 0

 

 

 

    Partition 3 type is Empty (0x0)

 

    Partition is NOT ACTIVE.

 

    Partition starts at LBA: 0  Numsec = 0

 

 

 

Disk Size: 4051697152 bytes

 

Sector size: 512 bytes

 

 

 

Done!

 

Physical Sector Size: 0

 

Drive: 2, DevicePointer: 0xfffffa8008a74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

 

--------- Disk Stack ------

 

DevicePointer: 0xfffffa80078b6040, DeviceName: Unknown, DriverName: \Driver\partmgr\

 

DevicePointer: 0xfffffa8008a74790, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

 

DevicePointer: 0xfffffa80078bf2b0, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

 

------------ End ----------

 

Scan finished

 

 

JRT.txt:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Professional x64
Ran by tony on Fri 02/21/2014 at  2:29:43.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\somoto
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\Users\tony\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\tony\appdata\local\searchprotect"
Successfully deleted: [Folder] "C:\Users\tony\documents\optimizer pro"

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/21/2014 at  2:33:47.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AdwClean.txt

 

# AdwCleaner v3.019 - Report created 21/02/2014 at 02:47:22
# Updated 17/02/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : tony - TONY-PC
# Running from : C:\Users\tony\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Users\tony\AppData\Roaming\ParetoLogic

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Popajar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\Bench
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\ParetoLogic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Google Chrome v

[ File : C:\Users\tony\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1324 octets] - [14/02/2014 19:12:44]
AdwCleaner[R1].txt - [866 octets] - [14/02/2014 19:25:34]
AdwCleaner[R2].txt - [1701 octets] - [21/02/2014 02:42:34]
AdwCleaner[s0].txt - [1348 octets] - [14/02/2014 19:16:03]
AdwCleaner[s1].txt - [1568 octets] - [21/02/2014 02:47:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1628 octets] ##########

 

 

MBAM.log (After AdwClean):

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
tony :: TONY-PC [administrator]

Protection: Disabled

2/21/2014 2:54:45 AM
mbam-log-2014-02-21 (02-54-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228199
Time elapsed: 4 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

==========================

No logs from ESET - Nothing found....

================================

Link to post
Share on other sites

And here are the FRST logs - the earlier post was too long:

 

 

 

 

FRST Logs:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-02-2014
Ran by tony (administrator) on TONY-PC on 21-02-2014 04:40:42
Running from C:\Users\tony\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\CISVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Microsoft Corporation) C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Western Digital Technologies, Inc.) C:\Windows\SysWOW64\WDBtnMgr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTXFISPI.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Glenn Alcott Software) C:\Program Files (x86)\PowerEdit\poweredit.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

 

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [uSCService] - C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [15872 2009-07-05] (Broadcom Corporation)
HKLM\...\Run: [iAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-07] (Intel Corporation)
HKLM\...\Run: [DellControlPoint] - c:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [ATIModeChange] - Ati2mdxx.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [WD Button Manager] - WDBtnMgr.exe
HKLM-x32\...\Run: [VolPanel] - C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe [241789 2009-04-09] (Creative Technology Ltd)
HKLM-x32\...\Run: [updReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [CTxfiHlp] - CTXFIHLP.EXE
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKU\.DEFAULT\...\Run: [CtxfiReg] - CTXFIREG.exe /FAIL1
HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [skyDrive] - C:\Users\tony\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-19] (Microsoft Corporation)
HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)
HKU\S-1-5-21-2415652156-3631022186-376388657-1003\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/?oref=login
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {C3578EC6-3778-409F-B77F-3F74E6E0E098} URL =
SearchScopes: HKCU - {C3578EC6-3778-409F-B77F-3F74E6E0E098} URL =
SearchScopes: HKCU - {C5B228F9-578B-4C13-AE85-1C5127775C25} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Coupon Alerts BHO - {F791D8AE-47E8-40A5-A913-EB2D2AF29602} - C:\Program Files (x86)\Coupon Alerts\FrameworkBHO64.dll No File
BHO: DeLorme Send To GPS - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE-x64.dll (DeLorme)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8BE5651C-D60B-4B59-B5B2-F0EB93733D17} https://www36.verizon.com/CallAssistant/UnProtected/Voice%20Mail/VCAVMUtil.CAB
DPF: HKLM-x32 {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Chrome:
=======

CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S4 dcpsysmgrsvc; c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [510752 2009-07-16] (Dell Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()

==================== Drivers (Whitelisted) ====================

S1 CDRPDACC; C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys [4633 2005-03-30] (Arrowkey)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV64.sys [32240 2008-06-04] (Dell Inc)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1047144 2011-09-19] (Realtek Semiconductor Corporation                           )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-21 04:40 - 2014-02-21 04:40 - 00011915 _____ () C:\Users\tony\Desktop\FRST.txt
2014-02-21 04:40 - 2014-02-21 04:40 - 00000000 ____D () C:\FRST
2014-02-21 04:39 - 2014-02-21 04:39 - 02153984 _____ (Farbar) C:\Users\tony\Desktop\FRST64.exe
2014-02-21 03:06 - 2014-02-21 03:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-21 02:51 - 2014-02-21 02:51 - 00001706 _____ () C:\Users\tony\Desktop\AdwCleaner[s1].txt
2014-02-21 02:40 - 2014-02-21 02:40 - 01241834 _____ () C:\Users\tony\Desktop\AdwCleaner.exe
2014-02-21 02:38 - 2014-02-21 03:01 - 00000340 _____ () C:\Users\tony\Desktop\Lewis note Fri am early.txt
2014-02-21 02:33 - 2014-02-21 02:33 - 00001011 _____ () C:\Users\tony\Desktop\JRT.txt.txt
2014-02-21 02:29 - 2014-02-21 02:29 - 01037734 _____ (Thisisu) C:\Users\tony\Desktop\JRT.exe
2014-02-21 02:29 - 2014-02-21 02:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-21 02:05 - 2014-02-21 02:24 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 02:04 - 2014-02-21 02:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 02:03 - 2014-02-21 02:52 - 00000000 ____D () C:\Users\tony\Desktop\MBAR
2014-02-21 01:58 - 2014-02-21 01:59 - 00000000 ____D () C:\Users\tony\Desktop\Past Runs
2014-02-20 22:54 - 2014-02-20 22:54 - 00030829 _____ () C:\ComboFix.txt
2014-02-20 22:30 - 2014-02-20 22:54 - 00000000 ____D () C:\Qoobox
2014-02-20 22:30 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-20 22:30 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-20 22:30 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-20 22:30 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-20 22:30 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-20 22:30 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-20 22:30 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-20 22:30 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-20 22:29 - 2014-02-20 22:29 - 05183886 ____R (Swearware) C:\Users\tony\Desktop\ComboFix.exe
2014-02-20 20:14 - 2014-02-20 22:53 - 00000000 ____D () C:\Windows\ERDNT
2014-02-20 18:57 - 2014-02-20 18:57 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-19 22:11 - 2014-02-19 22:11 - 00002156 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 22:11 - 2014-02-19 22:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-02-18 07:56 - 2014-02-21 01:50 - 00000482 _____ () C:\Users\tony\Desktop\Malwarebytes Forum.website
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Malwarebytes
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 11:09 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-17 08:28 - 2014-02-17 08:30 - 00026448 _____ () C:\Windows\diagwrn.xml
2014-02-17 08:28 - 2014-02-17 08:30 - 00001908 _____ () C:\Windows\diagerr.xml
2014-02-17 08:24 - 2014-02-17 09:22 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Activeris
2014-02-17 08:24 - 2014-02-17 08:24 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-17 08:24 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Local\Popajar
2014-02-16 18:33 - 2014-02-16 22:44 - 00000000 ____D () C:\Users\tony\Desktop\Workstation 14
2014-02-16 08:53 - 2014-02-16 08:58 - 00000000 ____D () C:\Windows\system32\catroot2old
2014-02-15 22:17 - 2014-02-15 22:17 - 00001415 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-15 19:16 - 2014-02-15 22:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 19:16 - 2014-02-15 22:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-14 19:34 - 2014-02-14 19:36 - 00000000 ____D () C:\Users\tony\AppData\Local\Deployment
2014-02-14 19:12 - 2014-02-21 02:47 - 00000000 ____D () C:\AdwCleaner
2014-02-14 18:32 - 2014-02-20 13:02 - 00000000 ____D () C:\Users\tony\AppData\Local\CrashDumps
2014-02-14 16:17 - 2014-02-14 16:27 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-14 15:48 - 2014-02-20 20:14 - 00000000 ____D () C:\Users\tony\Desktop\Trojan agent
2014-02-13 23:59 - 2014-02-13 23:59 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online
2014-02-13 20:07 - 2014-02-13 20:07 - 35974048 _____ () C:\Users\tony\Downloads\IE11-Windows6.1-KB2909921-x64.msu
2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ____D () C:\Windows\CheckSur
2014-02-13 10:33 - 2014-02-13 10:33 - 00002202 _____ () C:\Users\Public\Desktop\HP 8100.lnk
2014-02-13 10:33 - 2014-02-13 10:33 - 00000000 ____D () C:\Program Files\HP
2014-02-13 10:33 - 2012-11-01 13:38 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPM5B12.dll
2014-02-13 00:00 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-13 00:00 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 23:58 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 23:58 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 23:58 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 23:58 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 23:58 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 23:58 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 23:58 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 23:58 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 23:58 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 23:58 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 23:58 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 23:58 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 23:58 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 23:58 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 23:58 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 23:58 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 23:58 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 23:58 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 23:58 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 23:58 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 23:58 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 23:58 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 23:58 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 23:58 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 23:58 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 23:58 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 23:58 - 2013-11-26 18:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-02-12 23:58 - 2013-11-26 17:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-02-12 23:58 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 23:58 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-12 21:55 - 2014-02-12 21:55 - 00001756 _____ () C:\Users\tony\Desktop\Lenox 2014 - Shortcut.lnk
2014-02-06 21:16 - 2014-02-06 21:16 - 00276816 _____ () C:\Windows\Minidump\020614-77454-01.dmp
2014-01-30 10:23 - 2014-01-30 10:34 - 00000000 ____D () C:\Program Files (x86)\Pegasus Imaging
2014-01-30 08:34 - 2014-01-30 09:21 - 00001511 _____ () C:\Users\tony\Desktop\Media Player.lnk
2014-01-29 17:26 - 2014-01-29 17:26 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-29 17:26 - 2014-01-29 17:26 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-29 17:25 - 2014-01-29 17:25 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-23 18:48 - 2014-01-23 21:06 - 00000000 ____D () C:\Program Files\Microsoft IntelliPoint
2014-01-23 15:39 - 2004-02-26 19:21 - 00163840 _____ (Warren Furlow) C:\Users\tony\Desktop\V41.exe
2014-01-23 08:07 - 2014-01-23 17:18 - 00000000 ____D () C:\Users\tony\Desktop\ProcMon

==================== One Month Modified Files and Folders =======

2014-02-21 04:40 - 2014-02-21 04:40 - 00011915 _____ () C:\Users\tony\Desktop\FRST.txt
2014-02-21 04:40 - 2014-02-21 04:40 - 00000000 ____D () C:\FRST
2014-02-21 04:39 - 2014-02-21 04:39 - 02153984 _____ (Farbar) C:\Users\tony\Desktop\FRST64.exe
2014-02-21 04:20 - 2012-04-06 07:24 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 04:04 - 2010-02-17 04:37 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 03:06 - 2014-02-21 03:06 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-02-21 03:01 - 2014-02-21 02:38 - 00000340 _____ () C:\Users\tony\Desktop\Lewis note Fri am early.txt
2014-02-21 02:56 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-21 02:56 - 2009-07-13 23:45 - 00014256 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-21 02:52 - 2014-02-21 02:03 - 00000000 ____D () C:\Users\tony\Desktop\MBAR
2014-02-21 02:52 - 2009-07-14 00:10 - 01638106 _____ () C:\Windows\WindowsUpdate.log
2014-02-21 02:51 - 2014-02-21 02:51 - 00001706 _____ () C:\Users\tony\Desktop\AdwCleaner[s1].txt
2014-02-21 02:50 - 2013-05-17 06:50 - 00000000 ___RD () C:\Users\tony\SkyDrive
2014-02-21 02:50 - 2012-12-28 06:47 - 00000000 ___RD () C:\Users\tony\Google Drive
2014-02-21 02:49 - 2010-02-17 04:37 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 02:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-21 02:49 - 2009-07-13 23:51 - 00013491 _____ () C:\Windows\setupact.log
2014-02-21 02:47 - 2014-02-14 19:12 - 00000000 ____D () C:\AdwCleaner
2014-02-21 02:40 - 2014-02-21 02:40 - 01241834 _____ () C:\Users\tony\Desktop\AdwCleaner.exe
2014-02-21 02:33 - 2014-02-21 02:33 - 00001011 _____ () C:\Users\tony\Desktop\JRT.txt.txt
2014-02-21 02:29 - 2014-02-21 02:29 - 01037734 _____ (Thisisu) C:\Users\tony\Desktop\JRT.exe
2014-02-21 02:29 - 2014-02-21 02:29 - 00000000 ____D () C:\Windows\ERUNT
2014-02-21 02:24 - 2014-02-21 02:05 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-21 02:04 - 2014-02-21 02:04 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-21 01:59 - 2014-02-21 01:58 - 00000000 ____D () C:\Users\tony\Desktop\Past Runs
2014-02-21 01:50 - 2014-02-18 07:56 - 00000482 _____ () C:\Users\tony\Desktop\Malwarebytes Forum.website
2014-02-21 00:28 - 2012-09-13 07:10 - 00000477 _____ () C:\Users\tony\Desktop\Gmail.website
2014-02-20 22:54 - 2014-02-20 22:54 - 00030829 _____ () C:\ComboFix.txt
2014-02-20 22:54 - 2014-02-20 22:30 - 00000000 ____D () C:\Qoobox
2014-02-20 22:54 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-02-20 22:53 - 2014-02-20 20:14 - 00000000 ____D () C:\Windows\ERDNT
2014-02-20 22:48 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-20 22:47 - 2010-02-10 12:39 - 00534364 _____ () C:\Windows\PFRO.log
2014-02-20 22:46 - 2009-07-13 21:34 - 26476544 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-20 22:46 - 2009-07-13 21:34 - 100139008 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-20 22:46 - 2009-07-13 21:34 - 02621440 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-20 22:46 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-20 22:46 - 2009-07-13 21:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-20 22:29 - 2014-02-20 22:29 - 05183886 ____R (Swearware) C:\Users\tony\Desktop\ComboFix.exe
2014-02-20 20:22 - 2010-02-16 17:32 - 00000000 ____D () C:\V41
2014-02-20 20:20 - 2012-04-06 07:24 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:20 - 2012-04-06 07:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 20:20 - 2011-06-09 16:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 20:14 - 2014-02-14 15:48 - 00000000 ____D () C:\Users\tony\Desktop\Trojan agent
2014-02-20 18:57 - 2014-02-20 18:57 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-02-20 18:35 - 2010-02-16 12:10 - 00000000 ____D () C:\Users\tony\Desktop\CnvrtXL
2014-02-20 13:02 - 2014-02-14 18:32 - 00000000 ____D () C:\Users\tony\AppData\Local\CrashDumps
2014-02-19 22:58 - 2013-12-07 10:56 - 00000633 _____ () C:\Users\tony\Desktop\Windows Mobile Products - Mobile Devices - Dell Community.website
2014-02-19 22:52 - 2013-10-31 15:27 - 00000555 _____ () C:\Users\tony\Desktop\Venue 8 Pro Owner's Lounge - Page 196 last read.website
2014-02-19 22:11 - 2014-02-19 22:11 - 00002156 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-02-19 22:11 - 2014-02-19 22:11 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-02-19 11:27 - 2013-01-14 07:54 - 00000369 _____ () C:\Users\tony\Desktop\Untitled.txt
2014-02-19 00:07 - 2010-02-17 03:05 - 02155008 _____ () C:\Users\tony\Desktop\Chase.xls
2014-02-18 20:54 - 2010-02-18 09:48 - 00000000 ____D () C:\Users\Public\Documents\Local Win 7 Public Shared
2014-02-17 22:29 - 2010-02-28 11:08 - 00007635 _____ () C:\Users\tony\AppData\Local\Resmon.ResmonCfg
2014-02-17 20:50 - 2011-02-23 16:41 - 00000000 ____D () C:\ProgramData\McAfee
2014-02-17 17:44 - 2010-10-03 06:05 - 00000000 ____D () C:\Users\tony\Desktop\Manuals and Guides
2014-02-17 17:22 - 2009-07-14 00:13 - 00858164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-17 16:54 - 2010-02-16 09:25 - 00000000 ____D () C:\Users\tony\AppData\Local\VirtualStore
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Malwarebytes
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-17 11:09 - 2014-02-17 11:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-17 09:22 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Activeris
2014-02-17 08:30 - 2014-02-17 08:28 - 00026448 _____ () C:\Windows\diagwrn.xml
2014-02-17 08:30 - 2014-02-17 08:28 - 00001908 _____ () C:\Windows\diagerr.xml
2014-02-17 08:28 - 2009-07-13 23:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-17 08:24 - 2014-02-17 08:24 - 00003242 _____ () C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart
2014-02-17 08:24 - 2014-02-17 08:24 - 00000000 ____D () C:\Users\tony\AppData\Local\Popajar
2014-02-16 22:44 - 2014-02-16 18:33 - 00000000 ____D () C:\Users\tony\Desktop\Workstation 14
2014-02-16 09:45 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 08:58 - 2014-02-16 08:53 - 00000000 ____D () C:\Windows\system32\catroot2old
2014-02-15 22:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-02-15 22:17 - 2014-02-15 22:17 - 00001415 _____ () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-15 22:17 - 2014-02-15 19:16 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-15 22:15 - 2014-02-15 22:15 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-02-15 22:15 - 2014-02-15 19:16 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-15 18:59 - 2010-02-17 04:37 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 18:59 - 2010-02-17 04:37 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 13:52 - 2012-05-22 06:44 - 00000495 _____ () C:\Users\tony\Desktop\People Search Zaba.website
2014-02-14 19:36 - 2014-02-14 19:34 - 00000000 ____D () C:\Users\tony\AppData\Local\Deployment
2014-02-14 19:34 - 2010-02-16 16:39 - 00000000 ____D () C:\Users\tony\AppData\Local\Apps\2.0
2014-02-14 16:27 - 2014-02-14 16:17 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-02-13 23:59 - 2014-02-13 23:59 - 00000000 ____D () C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online
2014-02-13 23:59 - 2013-02-20 11:25 - 00002137 _____ () C:\Users\tony\Desktop\CGoban 3.lnk
2014-02-13 22:39 - 2013-11-14 12:47 - 00009798 _____ () C:\Windows\IE11_main.log
2014-02-13 20:52 - 2013-12-01 17:52 - 00000000 ____D () C:\Users\tony\AppData\Roaming\HpUpdate
2014-02-13 20:41 - 2013-05-17 06:56 - 00000000 ____D () C:\Users\tony\Tracing
2014-02-13 20:39 - 2013-03-30 11:33 - 00000000 ____D () C:\Windows\pss
2014-02-13 20:07 - 2014-02-13 20:07 - 35974048 _____ () C:\Users\tony\Downloads\IE11-Windows6.1-KB2909921-x64.msu
2014-02-13 19:14 - 2014-02-13 19:14 - 00000000 ____D () C:\Windows\CheckSur
2014-02-13 17:36 - 2010-02-16 13:03 - 00000000 ____D () C:\ZZxfer
2014-02-13 14:10 - 2013-09-15 10:38 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-13 13:22 - 2013-01-18 11:28 - 00000420 _____ () C:\Users\tony\Desktop\Pandanet.website
2014-02-13 13:12 - 2013-02-20 09:49 - 00000414 _____ () C:\Users\tony\Desktop\Verizon Phone.website
2014-02-13 12:50 - 2010-02-18 11:29 - 01286656 ___SH () C:\Users\tony\Desktop\Thumbs.db
2014-02-13 10:54 - 2013-12-01 17:52 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-13 10:33 - 2014-02-13 10:33 - 00002202 _____ () C:\Users\Public\Desktop\HP 8100.lnk
2014-02-13 10:33 - 2014-02-13 10:33 - 00000000 ____D () C:\Program Files\HP
2014-02-13 10:33 - 2010-02-17 22:42 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-13 10:33 - 2010-02-17 22:39 - 00000000 ____D () C:\ProgramData\HP
2014-02-13 10:23 - 2014-01-02 15:01 - 00000000 ____D () C:\Users\tony\Desktop\Doug Mills
2014-02-13 00:11 - 2013-07-13 06:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-13 00:06 - 2010-02-16 22:00 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-13 00:02 - 2010-02-10 11:10 - 00850286 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 21:55 - 2014-02-12 21:55 - 00001756 _____ () C:\Users\tony\Desktop\Lenox 2014 - Shortcut.lnk
2014-02-06 21:16 - 2014-02-06 21:16 - 00276816 _____ () C:\Windows\Minidump\020614-77454-01.dmp
2014-02-06 21:16 - 2011-12-18 22:58 - 614582642 _____ () C:\Windows\MEMORY.DMP
2014-02-06 21:16 - 2010-02-16 10:44 - 00000000 ____D () C:\Windows\Minidump
2014-02-02 07:53 - 2010-02-17 18:51 - 00000000 ____D () C:\Users\tony\Desktop\ML Statements
2014-01-30 20:01 - 2013-09-05 18:27 - 00000536 _____ () C:\Users\tony\Desktop\Yahoo! Mail.website
2014-01-30 10:34 - 2014-01-30 10:23 - 00000000 ____D () C:\Program Files (x86)\Pegasus Imaging
2014-01-30 10:34 - 2010-02-10 10:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-30 10:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-01-30 10:19 - 2010-02-10 10:52 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-01-30 09:37 - 2013-05-13 08:11 - 00010752 _____ () C:\Users\tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-30 09:21 - 2014-01-30 08:34 - 00001511 _____ () C:\Users\tony\Desktop\Media Player.lnk
2014-01-29 17:26 - 2014-01-29 17:26 - 00003062 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-01-29 17:26 - 2014-01-29 17:26 - 00003060 _____ () C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-01-29 17:26 - 2013-12-19 18:42 - 00003118 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-01-29 17:26 - 2013-12-19 18:42 - 00003092 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-01-29 17:26 - 2013-12-19 18:42 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-01-29 17:25 - 2014-01-29 17:25 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-01-29 16:56 - 2009-07-13 23:45 - 05143248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-25 18:09 - 2010-02-17 10:54 - 00000000 ____D () C:\Users\tony\Desktop\Drawings
2014-01-23 21:06 - 2014-01-23 18:48 - 00000000 ____D () C:\Program Files\Microsoft IntelliPoint
2014-01-23 18:51 - 2010-02-16 09:26 - 00117560 _____ () C:\Users\tony\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-23 17:22 - 2012-01-17 16:12 - 00000000 ____D () C:\Users\tony\Documents\My Games
2014-01-23 17:21 - 2011-03-30 17:45 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-01-23 17:18 - 2014-01-23 08:07 - 00000000 ____D () C:\Users\tony\Desktop\ProcMon

Some content of TEMP:
====================
C:\Users\tony\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-18 09:56

==================== End Of Log ============================

 

 

Addition.txt:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-02-2014
Ran by tony at 2014-02-21 04:41:12
Running from C:\Users\tony\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32 Version:  - Microsoft)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
AccuBurn-R 1.3 (x32 Version: 1.3 - InfinaDyne)
Adobe Acrobat  9 Standard - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (x32 Version:  - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3650 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (x32 Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (x32 Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Fonts All (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (x32 Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (x32 Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (x32 Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 11 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos CS3 (x32 Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (x32 Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (x32 Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
Amazon Kindle (HKCU Version:  - Amazon)
AMD APP SDK Runtime (Version: 2.4.595.10 - Advanced Micro Devices Inc.) Hidden
Apple Application Support (x32 Version: 2.3.4 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (Version: 3.0.825.0 - ATI Technologies, Inc.)
Bing Bar (x32 Version: 7.0.850.0 - Microsoft Corporation)
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02 - Broadcom Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation)
Business Contact Manager for Outlook 2007 SP2 (x32 Version: 3.0.8619.1 - Microsoft Corporation) Hidden
calibre (x32 Version: 0.9.27 - Kovid Goyal)
Cartes du Ciel (x32 Version:  - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2011.0602.1130.18753 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0602.1130.18753 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0614.2131.36800 - ATI Technologies, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0602.1130.18753 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0602.1130.18753 - ATI) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0602.1130.18753 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help English (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help French (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help German (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0602.1129.18753 - ATI) Hidden
ccc-utility64 (Version: 2011.0602.1130.18753 - ATI) Hidden
CD/DVD Diagnostic 3.1 (HKCU Version: 3.1 - InfinaDyne)
CONTACT ORGANIZER DELUXE (S) (x32 Version: 2.7 - PRIMASOFT PC, INC.)
Crayon Physics Deluxe - release 53 (x32 Version:  - Kloonigames)
Creative Audio Control Panel (x32 Version: 3.00 - Creative Technology Limited)
Creative Software AutoUpdate (x32 Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (x32 Version: 1.02 - Creative Technology Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DCP64MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Dell Control Point 64 (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Dell ControlPoint Security Manager (x32 Version: 1.6.326.57 - Dell Inc.)
Dell ControlPoint System Manager (Version: 1.3.00000 - Dell Inc.)
Dell Edoc Viewer (Version: 1.0.0 - Dell Inc)
Dell Embassy Trust Suite by Wave Systems (Version: 02.04.00.031 - Wave Systems Corp) Hidden
Dell Resource CD (x32 Version: 1.00.0000 - Dell Inc.)
Dell Security Device Driver Pack (x32 Version: 1.3.039 - Dell Inc.)
DeLorme Send To GPS 1.2 (x32 Version:  - DeLorme Publishing)
DeLorme Send To GPS 1.5 (Version: 1.5 - DeLorme Publishing)
DeLorme Topo USA 8.0 (x32 Version: 8.091.30874 - DeLorme Publishing)
Desktop Icon Position Saver (64-bit) (x32 Version:  - )
Dolby Digital Live Pack (x32 Version: 3.00 - Creative Technology Limited)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
EMBASSY Security Center Lite (Version: 03.10.00.038 - Wave Systems Corp) Hidden
EMBASSY Security Center Lite (x32 Version:  - ) Hidden
EMBASSY Security Setup (Version: 03.10.00.041 - Wave Systems Corp) Hidden
EMBASSY Security Setup (x32 Version:  - ) Hidden
ERUNT 1.1j (x32 Version:  - Lars Hederer)
ESC Home Page Plugin (Version: 03.05.00.016 - Wave Systems Corp) Hidden
ESC Home Page Plugin (x32 Version:  - ) Hidden
Gemalto (Version: 01.64.00.0010 - Wave Systems Corp) Hidden
GoldWave v5.13 (x32 Version:  - )
Google Drive (x32 Version: 1.14.6059.644 - Google, Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Officejet Pro 8100 Basic Device Software (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
IcoFX 1.6.3 (x32 Version:  - )
Intel® Matrix Storage Manager (Version:  - Intel Corporation)
Ipswitch WS_FTP Professional 2007 (x32 Version: 11.00.002 - Ipswitch)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mathcad 14.0 M020 (x32 Version: 14.0.2.0 - PTC)
Mathcad 14.0 M020 Help (x32 Version: 14.0.2.0 - PTC)
Mathcad 14.0 M020 Resource Center (x32 Version: 14.0.2.0 - PTC)
MeshLab 1.3.2 (x32 Version: 1.3.2 - Paolo Cignoni, Guido Ranzuglia VCG - ISTI - CNR)
MeshLab_64b 1.3.2 (Version: 1.3.2 - Paolo Cignoni - Guido Ranzuglia VCG - ISTI - CNR)
MFCLOC (x32 Version: 1.00.0000 - Dell Inc.) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (x32 Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Small Business 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Small Business Connectivity Components (x32 Version: 2.0.7024.0 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU Version: 17.0.4029.0217 - Microsoft Corporation)
Microsoft Project 2000 SR-1 (x32 Version: 9.00.4527 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (x32 Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++  Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - ENU (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (x32 Version: 7.1.101.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia)
Nokia Suite (x32 Version: 3.7.22.0 - Nokia) Hidden
NTRU TCG Software Stack (Version: 2.1.29 - NTRU Cryptosystems) Hidden
NVIDIA PhysX (x32 Version: 9.09.0814 - NVIDIA Corporation)
OpenAL (x32 Version:  - )
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593 - Apache Software Foundation)
Opti Drive Control 1.00 (x32 Version:  - Erik Deppe)
PANDA-glGo (x32 Version: 1.4 - PANDANET Inc.)
PC Connectivity Solution (x32 Version: 12.0.76.0 - Nokia)
PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PEVSoft AssetX (x32 Version:  - )
PEVSoft AttachmentMaker (x32 Version:  - )
PEVSoft Images2TGA (x32 Version: 1.13 - PEVSoft)
PEVSoft Trainz Mesh Viewer 2 (x32 Version:  - )
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PokeScope Pro 2.6 (x32 Version:  - )
Power Edit 1.1 (x32 Version:  - )
PowerDVD DX (x32 Version: 8.3.5424 - CyberLink Corp.)
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Preboot Manager (Version: 02.10.00.031 - Wave Systems Corp.) Hidden
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Rapport (Version: 3.5.1201.94 - Trusteer) Hidden
Rockstar Games Social Club (x32 Version: 1.0.6.1 - Rockstar Games)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE 10.3 (x32 Version: 10.3 - Roxio)
Roxio Creator DE 10.3 (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
SimLab 3D PDF Exporter 2.3 From Google SketchUp (x32 Version: 2.3 - SimLab Soft)
Simple Sudoku 4.1 (x32 Version:  - )
SketchUp Pro 8 (x32 Version: 3.0.16846 - Trimble Navigation Limited)
SO64MMWrapper (Version: 1.6.326.57 - Broadcom Corporation) Hidden
Sound Blaster X-Fi (x32 Version: 1.0 - )
Spectrogram (x32 Version: 14.0 - Visualization Software LLC)
SU Podium V2 1.0 (x32 Version:  - Cadalog Inc.)
Trainz 'Blue Comet' Addon Pack (x32 Version:  - Auran)
Trainz 'Duchess' Addon Pack (x32 Version:  - Auran)
Trainz Simulator 12 (x32 Version:  - Auran)
Trusted Drive Manager (Version: 3.1.0.116 - Wave Systems Corp.) Hidden
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Update for 2007 Microsoft Office System (KB967642) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version:  - Microsoft)
UPEK TouchChip Fingerprint Reader (Version: 1.1.0 - Dell Inc.) Hidden
V41 (x32 Version:  - )
Wave Infrastructure Installer (Version: 07.64.19.0000 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.11.00.023 - Wave Systems Corp) Hidden
Wave Support Software (x32 Version:  - ) Hidden
WebEx (HKCU Version:  - Cisco WebEx LLC)
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5 - Dell Inc.)
Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (x32 Version:  - Microsoft Corporation)
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Sync (x32 Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinZip 14.5 (x32 Version: 14.5.9095 - WinZip Computing, S.L. )
Yahoo! Detect (x32 Version:  - )

==================== Restore Points  =========================

16-02-2014 03:51:08 Windows Modules Installer
16-02-2014 05:14:07 Windows Update
16-02-2014 13:59:19 Windows Update
20-02-2014 02:44:23 Windows Update
21-02-2014 06:20:29 Removed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-02-20 22:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {039D92A6-4B83-4861-A905-8D7494079C50} - System32\Tasks\{F74AD95A-EF11-44EB-9AA7-FF2E071B97AE} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXE
Task: {29143838-83A5-44EE-B728-D0815F003B67} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {378A022B-DC01-4AE6-BC1D-3C71F66E99BD} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
Task: {652D3767-7C0C-4063-AA18-B40EDF88B045} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)
Task: {6B771B07-9087-4006-80E5-EA20BF1982C5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {7C089F71-8D71-4992-992E-7E699FA7A150} - System32\Tasks\{0D71117A-04B8-47A3-8410-96AC429EB3C6} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXE
Task: {80642D28-6E58-4697-83D3-BAA88A15E0BB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {8A5FABFD-F7A4-4D89-95A1-D830E885666C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {99AD247B-3141-4B91-AA37-318EE8CAA19A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-17] (Google Inc.)
Task: {C325D537-6AD5-4953-8F0F-8F1739893C45} - System32\Tasks\{3F25A4E3-0A56-4C30-8F5D-B8649DD4FD80} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXE
Task: {F8AEC764-A6C2-4A92-A532-321F94BD3903} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {FA8CDD13-3CB9-4CBC-AB15-5D61E3193C20} - System32\Tasks\{1B3F4A40-D0AC-4B44-981B-21F61FEF0819} => C:\Astrolabe\Electric Astro\Electric astrolab\ASTRO.EXE
Task: {FC2D0B7E-3FD0-49CD-BFCB-BFFC327FF2C7} - System32\Tasks\AdobeAAMUpdater-1.0-tony-PC-tony => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2009-06-03 13:13 - 2009-06-03 13:13 - 00013824 _____ () C:\Windows\system32\Wavx_ESC_Logging.dll
2008-11-12 14:24 - 2008-11-12 14:24 - 00004608 _____ () C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
2011-06-17 12:42 - 2011-06-17 12:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-06-02 10:28 - 2011-06-02 10:28 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-02-21 02:49 - 2014-02-21 02:49 - 00098816 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32api.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00110080 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pywintypes27.dll
2014-02-21 02:49 - 2014-02-21 02:49 - 00364544 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pythoncom27.dll
2014-02-21 02:49 - 2014-02-21 02:49 - 00044032 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_socket.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 01157120 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_ssl.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00320512 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32com.shell.shell.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00712192 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_hashlib.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 01175040 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._core_.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00805888 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._gdi_.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00811008 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._windows_.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 01062400 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._controls_.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00735232 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._misc_.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00128512 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_elementtree.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00127488 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pyexpat.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00557056 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\pysqlite2._sqlite.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00087040 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_ctypes.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00119808 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32file.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00108544 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32security.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00018432 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32event.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00038912 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32inet.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00122368 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._wizard.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00070656 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\wx._html2.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00026624 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\_multiprocessing.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00010240 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\select.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00024064 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32pipe.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00686080 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\unicodedata.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00025600 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32pdh.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00525640 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\windows._lib_cacheinvalidation.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00011264 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32crypt.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00035840 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32process.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00017408 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32profile.pyd
2014-02-21 02:49 - 2014-02-21 02:49 - 00022528 _____ () C:\Users\tony\AppData\Local\Temp\_MEI30922\win32ts.pyd
2010-02-10 10:50 - 2009-02-06 18:52 - 00073728 _____ () C:\Windows\SysWOW64\CmdRtr.DLL
2010-02-10 10:50 - 2009-07-10 09:07 - 00166912 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2010-07-07 11:33 - 2010-07-07 11:33 - 00002560 _____ () C:\Windows\SysWOW64\CTXFIRES.DLL
2013-02-05 21:57 - 2013-02-05 21:57 - 00269824 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: BBSvc => 2
MSCONFIG\Services: BBUpdate => 2
MSCONFIG\Services: BcmSqlStartupSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dcpsysmgrsvc => 2
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: tcsd_win32.exe => 2
MSCONFIG\Services: TdmService => 2
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (02/21/2014 02:49:39 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
CDRPDACC

Error: (02/21/2014 02:49:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (02/21/2014 02:49:11 AM) (Source: Application Popup) (User: )
Description: \??\C:\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDAC has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (02/21/2014 02:47:49 AM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}

Microsoft Office Sessions:
=========================
Error: (10/18/2010 06:04:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 128 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-02-21 02:49:11.861
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-21 02:49:11.690
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 23:07:47.546
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 23:07:47.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:47:39.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:47:39.437
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:38:16.503
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-20 22:38:16.353
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 20:50:10.311
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-02-17 20:50:10.155
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\InfinaDyne\Diagnostic\Shared\CDRPDACC.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 4093.55 MB
Available physical RAM: 2091.77 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 6161.73 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:930.7 GB) (Free:754.74 GB) NTFS
Drive d: (Hom Bak 08) (CDROM) (Total:2.91 GB) (Free:0 GB) CDFS
Drive i: (ICRUZER) (Removable) (Total:3.73 GB) (Free:1.91 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F8000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

OK - cleaned and installed MBAM, running in the system tray.  Quck scan found nothing, log appended.

 

Will run the fixlist.txt script and report back

 

 

Clean MBAM log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.21.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
tony :: TONY-PC [administrator]

Protection: Enabled

2/21/2014 9:05:33 PM
mbam-log-2014-02-21 (21-05-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229746
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

OK!

 

Ran FRST64 and it updated itself, pushed the fix button, and it made the appended log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2014
Ran by tony at 2014-02-21 21:18:31 Run:1
Running from C:\Users\tony\Desktop\FRST 64 for Friday
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} - System32\Tasks\SomotoUpdateCheckerAutoStart => C:\Users\tony\AppData\Local\FilesFrog Update Checker\update_checker.exe <==== ATTENTION
HKLM-x32\...\Run: [] - [X]
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart

*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EC72F53-98F4-4ACA-9D1E-F3FEBABA8071} => Key deleted successfully.
C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SomotoUpdateCheckerAutoStart => Key deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
"C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart" => File/Directory not found.

==== End of Fixlog ====

Link to post
Share on other sites

I just saw something:  My txt file association is with PowerEdit, an old editor I've been using since the 90's.  If you open an MBAM logfile with Notepad, sure it's in Unicode, but Notepad can handle it and doesn't show the dots.  I'm gonna change the association to notepad, and I bet the dots go away when you read the file from within MBAM.

 

That fixed the dots! (I attach the untouched logfile).  Kind of embarrassing - I should have though of that....

 

I still have the more important problem of not being able to update or delete IE11 - which is the problem that drove me here in the first place, and I thought the Unicode dots might be a symptomatic clue.  Looks like your FRST fixit was aimed at that?

mbam-log-2014-02-21 (22-04-41).txt

Link to post
Share on other sites

  • Root Admin

No problem. 

 

Let me have you reset all your browsers to make sure that is not causing you any issues for IE11

Do you just want to uninstall IE11 or you want to clean it up some so that it works better?

 

 

 

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings

Opera
How to Perform a (really) clean Reinstall of Opera
 
 
 

Link to post
Share on other sites

I only use IE 11.  I want to continue using it, but I need to keep it updated and it won't update. The updates download and do the pre-boot install ok, then after the reboot windows update just reverts the changes with error 80073AA2 and 8007005. 8007005 results when the process lacks 'sufficient permission', a situation that 'can be caused by a virus' (says Microsoft).

 

If I try to do an uninstall / reinstall to try to get it to update, it won't uninstall and I can't get it to update that way either.  I never tried a reset - frankly, I didn't know that button was there.  I haven't tried an update since we reset IE11 after the comboFix run last Thursday night because I'm trying not to change much without telling you. This reset might be all that is needed.

 

I use Google a lot (calendar, news, books, etc.) but I don't use Chrome on this machine and it's not on the 'remove programs and features' list.  I see from the various clean logs that there are (were?) little traces of Chrome scattered around the system.  But these have probably been there for a while and haven't interfered with IE update.  IE 11 updated just fine on 11 December.  The Cumulative update on 13 February is what failed.  All other updates work fine, including minor security updates to IE 11.

 

This may be a Windows issue and perhaps should not be thought of as a virus / malware problem now that the MBAM Unicode dots symptom has evaporated. 

 

I need to use this machine over the weekend, so I'll reset the browser when I know you're in and we can do the next step.  If I reset it now, I'll wind up changing everything back as I use it, and I'll just have to reset it again before we start work on it. 

 

So ping me when you're back and I'll leap into action - have a weekend!

Link to post
Share on other sites

  • Root Admin

There should not be any issue doing a Reset for IE - I do it quite often with no issues.

 

For uninstalling IE11 you need to go into Control Panel, Add/Remove Uninstall a Program and click on the "View installed updates" to see IE11 where you should be able to uninstall it and drop back to IE10 if you wanted to.

Link to post
Share on other sites

Ron -

 

Reset IE11, did not check 'reset personal settings', much easier restart.

 

Tried to uninstall IE 11, system rebooted, then reverted changes just as before. 

 

Disabled MBAM and Defender, tried to uninstall IE 11 again, same response, unsuccessful.

 

Windows Update log indicates error 800F0902 and 240001. 

 

Checked CBS log around the same timestamp and it showed "Cannot perform concurrent read while CSI transaction is on the way" and gave error "800F0902  CBS_E_BUSY"

 

So:  I can't uninstall IE 11, as before.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.