Jump to content

FBI Warning Malware


Recommended Posts

Hello

 

I've had this malware before and got help here. Although it hasn't happened again, I saw the warning pop up today so I closed everything ran malwarebytes and microsoft security essentials.

 

I'm interested in avoiding this happening again. Everything seems ok right now but I'm nervous. Any advice would be most appreciated.

 

Thanks

 

Terry

Link to post
Share on other sites

Hello Terry! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Link to post
Share on other sites



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02

Ran by terry at 2014-02-27 18:21:44

Running from C:\Users\terry\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

1001 Minigolf Challenge (HKLM-x32\...\1001 Minigolf Challenge) (Version: 1.0 - SelectSoft)

AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)

Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)

Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ArcSoft Panorama Maker 5 (HKLM-x32\...\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}) (Version: 5.0.1.25 - ArcSoft)

AVG PC TuneUp 2014 (en-US) (x32 Version: 14.0.1001.295 - AVG) Hidden

AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.295 - AVG)

AVG PC TuneUp 2014 (x32 Version: 14.0.1001.295 - AVG) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)

Citrix Receiver (Enterprise) (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 13.4.0.25 - Citrix Systems, Inc.)

Citrix Receiver (HDX Flash Redirection) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden

Citrix Receiver(Aero) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(DV) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(PNA) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(SSON) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Citrix Receiver(USB) (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)

Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)

CopyTrans Suite Remove Only (HKCU\...\CopyTrans Suite) (Version: 2.27 - WindSolutions)

Cozi (HKLM-x32\...\{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}) (Version: 1.0.4323.24051 - Cozi Group, Inc.)

CutePDF Writer 2.9 (HKLM\...\CutePDF Writer Installation) (Version:  2.9 - CutePDF.com)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)

Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version:  - Dell)

Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.51 - Dell)

Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)

Dell Driver Download Manager (HKCU\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)

Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)

Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)

Dell MusicStage (HKLM-x32\...\{F336F89D-8C5A-432C-8EA9-DA19377AD591}) (Version: 1.4.162.0 - Fingertapps)

Dell PhotoStage (HKLM-x32\...\{0D98F04D-11A1-4B64-A406-43292B9EEE90}) (Version: 1.5.0.1 - ArcSoft)

Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.66 - ArcSoft)

Dell Stage (HKLM-x32\...\{D770F4B4-C422-45D9-8CEE-1B4C66E68CA8}) (Version: 1.4.173.0 - Fingertapps)

Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)

Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.1.1303 - CyberLink Corp.)

Dell VideoStage (x32 Version: 1.1.1.1303 - CyberLink Corp.) Hidden

Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)

DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)

Duplicate Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 4.2.1.0 - Ashisoft)

eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.)

Elevated Installer (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 10.0 (build 10.014) - FirstClass Division, Open Text Corporation.)

Free RAR Extract Frog (HKLM-x32\...\Free RAR Extract Frog) (Version: 4.70 - Philipp Winterberg)

GameFly Download Manager (HKCU\...\7998bdbe8c95db7f) (Version: 1.0.0.90 - GameFly)

Garmin City Navigator North America NT 2013.10 Update (HKLM-x32\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{13F054F3-0B07-4D15-9E80-C55B496AB557}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{550331CC-C34B-494F-BCDA-37CE4EF6E924}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}) (Version: 2.1.13 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden

Garmin Update Service (x32 Version: 2.1.13 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)

HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)

HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

IHA_MessageCenter (HKLM-x32\...\{53C49C8D-DFB2-42B9-A7EF-0F9CA386CC13}) (Version: 1.8.17 - Verizon)

Intel PROSet Wireless (Version:  - ) Hidden

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)

Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)

Intel® Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)

Intel® Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)

Internet Explorer (x32 Version: 8 - Microsoft Corporation) Hidden

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 4.2.9.15649 - LeapFrog)

LeapFrog Connect (x32 Version: 4.2.9.15649 - LeapFrog) Hidden

LeapFrog LeapPad Explorer Plugin (x32 Version: 4.2.11.15696 - LeapFrog) Hidden

Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)

Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)

Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.4.6422.14 - PC-Doctor, Inc.)

Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)

Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.6.0 - Nikon)

NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)

NVIDIA Control Panel 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden

NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)

NVIDIA HD Audio Driver 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden

NVIDIA Optimus 1.15.2 (Version: 1.15.2 - NVIDIA Corporation) Hidden

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden

NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden

Online Plug-in (x32 Version: 13.4.0.25 - Citrix Systems, Inc.) Hidden

PhotoShowExpress (x32 Version: 2.0.028 - Sonic Solutions) Hidden

Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.4.7 - Nikon)

Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)

QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)

RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6267 - Realtek Semiconductor Corp.)

Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )

Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)

Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden

Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden

Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.8.57.4 - Roxio)

Roxio Burn (x32 Version: 1.8 - Roxio) Hidden

Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.40.0 - Roxio)

Roxio Creator Starter (x32 Version: 1.0.311 - Roxio) Hidden

Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden

Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden

Roxio File Backup (Version: 1.3.2 - Roxio) Hidden

Safari (HKLM-x32\...\{FA4C2D53-205F-4245-9717-F3761154824D}) (Version: 5.34.57.2 - Apple Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Skype™ 6.1 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.1.129 - Skype Technologies S.A.)

Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden

SpeedCheck (HKLM-x32\...\DisplayManager) (Version: 1.2.8.11 - Information Display Co.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)

Tiffany Screens 2.5.1 (HKLM-x32\...\Tiffany Screens_is1) (Version:  - )

TiVo Desktop 2.8.3 (HKLM-x32\...\{4E839090-3B68-436A-B3CF-A2A08C38DD26}) (Version: 2.8.412.370 - TiVo Inc.)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553065) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)

Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)

ViewNX 2 (HKLM-x32\...\{E64C137C-D0B7-467A-B47F-460AAB30F0A3}) (Version: 2.6.0 - Nikon)

Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)

Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)

Vz In-Home Agent (HKLM-x32\...\VzInHomeAgent) (Version: 9.0.55.0 - Verizon)

Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)

 

==================== Restore Points  =========================

 

07-02-2014 03:57:45 Installed Intel® PROSet/Wireless WiFi Software

09-02-2014 15:14:24 Windows Update

09-02-2014 21:58:09 Installed AVG PC TuneUp 2014

13-02-2014 10:24:13 Windows Update

13-02-2014 12:22:47 Windows Update

13-02-2014 13:04:44 Windows Update

24-02-2014 03:43:00 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2013-08-03 16:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {18C327B8-CDAB-4FB0-9FAE-09E6E1A84738} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16] (Google Inc.)

Task: {1908858B-182C-4BF3-B6A2-9E120238FA60} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2013-09-05] (PC-Doctor, Inc.)

Task: {1A25A9F6-E360-4469-AFD9-E0D06E526C71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-05-16] (Google Inc.)

Task: {39666C47-6DCB-47C5-9513-65AA4682FFFD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002UA => C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11] (Google Inc.)

Task: {56ED6D28-7EF2-4DB6-B5F4-DC77A64D89C8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-12-18] (AVG)

Task: {58796AC9-5320-4E94-B8D4-F616B3AA5C59} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2013-12-06] (PC-Doctor, Inc.)

Task: {7975499C-49A9-4E20-8183-BFD625E437E7} - System32\Tasks\Google Updater and Installer => C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11] (Google Inc.)

Task: {848F8233-E705-43C5-8019-542C32D6AA66} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

Task: {8CD9403E-A63C-48F9-919C-976D44B580F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)

Task: {A145ADE2-815B-4ECB-A195-EA857B9264C5} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION

Task: {AF273C69-BFD0-4336-AEF7-67AE7260B828} - System32\Tasks\ArcSoft Connect Daemon => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27] (ArcSoft Inc.)

Task: {BC5D363D-7EC0-4EE7-B9E1-5FFDDE1DCE3B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)

Task: {BF8963D3-561D-4849-B9BD-6CD0A00683D8} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe

Task: {BFB23024-407D-4D6D-972F-DA01B2926CFD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002Core => C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-11] (Google Inc.)

Task: {DB0FCB91-C5AC-45FE-A515-C8274EC634EE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EC642C0C-7C2A-46F0-AE61-41763072B4BE} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On terry Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe

Task: {FF8CDF50-5481-4067-817B-16CFEA0D7D81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-23] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002Core.job => C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002UA.job => C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-02-18 12:24 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2012-09-29 08:01 - 2012-09-12 14:33 - 00087152 _____ () C:\Windows\System32\cpwmon64.dll

2013-12-18 09:38 - 2013-12-18 09:38 - 00742200 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll

2011-03-19 13:51 - 2011-01-13 13:39 - 00783680 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

2011-03-19 15:48 - 2010-11-29 07:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2011-03-19 13:35 - 2010-12-17 10:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00128320 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll

2011-03-19 13:51 - 2011-01-13 13:36 - 01123648 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00079168 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00234816 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00075072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00111936 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll

2011-03-19 13:51 - 2011-01-13 13:37 - 00121152 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll

2013-05-18 23:58 - 2012-12-09 20:46 - 00600868 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll

2010-05-17 21:54 - 2010-05-17 21:54 - 00716800 _____ () C:\Program Files (x86)\TiVo\Desktop\LOUDMOUTH.DLL

2003-01-30 06:04 - 2003-01-30 06:04 - 00618496 _____ () C:\Program Files (x86)\TiVo\Desktop\STLPMT45.DLL

2010-08-24 16:34 - 2010-08-24 16:34 - 00259584 _____ () C:\Program Files (x86)\TiVo\Desktop\ID3LIB.DLL

2010-05-17 21:56 - 2010-05-17 21:56 - 00684032 _____ () C:\Program Files (x86)\TiVo\Desktop\libeay32.dll

2010-05-17 21:56 - 2010-05-17 21:56 - 00155648 _____ () C:\Program Files (x86)\TiVo\Desktop\ssleay32.dll

2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll

2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll

2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\terry\AppData\Roaming\Dropbox\bin\libcef.dll

2014-02-23 23:03 - 2014-02-19 20:02 - 00051016 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll

2014-02-23 23:03 - 2014-02-19 20:02 - 00716616 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\libglesv2.dll

2014-02-23 23:03 - 2014-02-19 20:02 - 00100168 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\libegl.dll

2014-02-23 23:03 - 2014-02-19 20:03 - 04060488 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll

2014-02-23 23:03 - 2014-02-19 20:03 - 00394568 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll

2014-02-23 23:03 - 2014-02-19 20:02 - 01647432 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll

2014-02-23 23:03 - 2014-02-19 20:03 - 13632840 _____ () C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

 

==================== Disabled items from MSCONFIG ==============

 

MSCONFIG\Services: 0292771304566161mcinstcleanup => 2

MSCONFIG\Services: AERTFilters => 2

MSCONFIG\Services: EvtEng => 2

MSCONFIG\Services: GoToAssist => 3

MSCONFIG\Services: LMS => 2

MSCONFIG\Services: McAWFwk => 3

MSCONFIG\Services: McMPFSvc => 2

MSCONFIG\Services: mcmscsvc => 2

MSCONFIG\Services: McNaiAnn => 2

MSCONFIG\Services: McNASvc => 2

MSCONFIG\Services: McODS => 3

MSCONFIG\Services: McProxy => 2

MSCONFIG\Services: mfefire => 2

MSCONFIG\Services: MSK80Service => 2

MSCONFIG\Services: MyWiFiDHCPDNS => 3

MSCONFIG\Services: NOBU => 2

MSCONFIG\Services: NVSvc => 2

MSCONFIG\Services: nvUpdatusService => 2

MSCONFIG\Services: RegSrvc => 2

MSCONFIG\Services: RoxMediaDB12OEM => 3

MSCONFIG\Services: RoxWatch12 => 2

MSCONFIG\Services: SftService => 2

MSCONFIG\Services: Stereo Service => 2

MSCONFIG\Services: stllssvr => 3

MSCONFIG\Services: TurboBoost => 3

MSCONFIG\Services: UNS => 2

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft Virtual WiFi Miniport Adapter

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft Virtual WiFi Miniport Adapter #2

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/27/2014 05:54:02 PM) (Source: TivoTransfer) (User: )

Description: TiVoTransfer already run!

 

Error: (02/27/2014 03:57:02 PM) (Source: Application Error) (User: )

Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f

Exception code: 0x40000015

Fault offset: 0x000000000002a84e

Faulting process id: 0xfd8

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15569

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/27/2014 10:52:02 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/27/2014 10:52:02 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/26/2014 09:07:17 PM) (Source: Application Error) (User: )

Description: Faulting application name: explorer.exe, version: 6.1.7601.17567, time stamp: 0x4d672ee4

Faulting module name: RPCRT4.dll, version: 6.1.7601.18205, time stamp: 0x51dba4dc

Exception code: 0xc0000005

Fault offset: 0x0000000000024d8f

Faulting process id: 0xcc8

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

 

Error: (02/26/2014 09:03:24 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (02/26/2014 09:03:24 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

 

System errors:

=============

Error: (02/27/2014 01:38:33 PM) (Source: Service Control Manager) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TuneUp.UtilitiesSvc service.

 

Error: (02/27/2014 01:38:01 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

Error: (02/24/2014 11:10:22 PM) (Source: DCOM) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

 

Error: (02/23/2014 10:41:55 PM) (Source: Service Control Manager) (User: )

Description: The NVIDIA Update Service Daemon service hung on starting.

 

Error: (02/13/2014 05:47:38 AM) (Source: DCOM) (User: )

Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

 

Error: (02/09/2014 05:02:01 PM) (Source: DCOM) (User: )

Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

 

Error: (02/06/2014 10:59:38 PM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: 

%%2

 

Error: (02/06/2014 10:59:37 PM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: 

%%2

 

Error: (02/06/2014 10:59:37 PM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: 

%%2

 

Error: (02/06/2014 10:59:36 PM) (Source: Service Control Manager) (User: )

Description: The Intel® PROSet/Wireless Registry Service service failed to start due to the following error: 

%%2

 

 

Microsoft Office Sessions:

=========================

Error: (02/27/2014 05:54:02 PM) (Source: TivoTransfer)(User: )

Description: TiVoTransfer already run!

 

Error: (02/27/2014 03:57:02 PM) (Source: Application Error)(User: )

Description: explorer.exe6.1.7601.175674d672ee4msvcrt.dll7.0.7601.177444eeb033f40000015000000000002a84efd801cf33da32d14cacC:\Windows\explorer.exeC:\Windows\system32\msvcrt.dllb4582f9e-9ff1-11e3-9ac2-14feb59cf1df

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15569

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15569

 

Error: (02/27/2014 01:38:56 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (02/27/2014 10:52:02 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

 

Error: (02/27/2014 10:52:02 AM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

 

Error: (02/26/2014 09:07:17 PM) (Source: Application Error)(User: )

Description: explorer.exe6.1.7601.175674d672ee4RPCRT4.dll6.1.7601.1820551dba4dcc00000050000000000024d8fcc801cf335b94cb523aC:\Windows\explorer.exeC:\Windows\system32\RPCRT4.dlle173c04c-9f53-11e3-92fe-14feb59cf1df

 

Error: (02/26/2014 09:03:24 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

 

Error: (02/26/2014 09:03:24 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Cozi Express\CoziExpress.exe

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-08-03 17:58:30.153

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-08-03 17:58:30.044

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 21:48:32.414

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 21:48:32.055

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 21:48:31.696

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 21:48:31.322

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 16:44:10.111

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-05-17 16:44:10.002

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 06:57:04.458

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-01-30 06:57:04.198

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 34%

Total physical RAM: 8086.17 MB

Available physical RAM: 5329.28 MB

Total Pagefile: 16170.52 MB

Available Pagefile: 13287.48 MB

Total Virtual: 8192 MB

Available Virtual: 8191.81 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:683.89 GB) (Free:295.01 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 07F2837E)

Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=684 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02

Ran by terry (administrator) on TERRY-PC on 27-02-2014 18:20:45

Running from C:\Users\terry\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe

(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe

(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe

(TiVo Inc.) C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Dropbox, Inc.) C:\Users\terry\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Dell) C:\Users\terry\AppData\Local\Apps\2.0\J33ACND0.85H\2BBR2OTH.12H\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Users\terry\AppData\Local\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6561384 2010-12-14] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2186856 2010-12-10] (Realtek Semiconductor)

HKLM\...\Run: [FreeFallProtection] - C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()

HKLM\...\Run: [intelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [DellStage] - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [] - [X]

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)

HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] - "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [560128 2011-05-02] (Dell)

HKLM-x32\...\RunOnce: [Launcher] - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [WinPatrol] - C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [423144 2013-04-26] (BillP Studios)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [TivoServer] - C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe [2264336 2010-08-24] (TiVo Inc.)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [TivoTransfer] - C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe [608528 2010-08-24] (TiVo Inc.)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [TivoNotify] - C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe [437520 2010-08-24] (TiVo Inc.)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [TranscodingService] - C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe [856336 2010-08-24] (TiVo Inc.)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [DellSystemDetect] - C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

HKU\S-1-5-21-1880721975-2681396882-3100980296-1002\...\Run: [Google Update] - C:\Users\terry\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-05-11] (Google Inc.)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)

AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)

AppInit_DLLs-x32:  C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)

Startup: C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\terry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.boston.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - {48326F44-6A58-4A97-A695-9F7261E8D205} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20110939,17118,0,18,0

SearchScopes: HKCU - {7A49BD31-DC85-440E-A98C-766494A8CCC1} URL = 

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)

Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File

Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======

CHR Plugin: (Shockwave Flash) - C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\terry\AppData\Local\Google\Chrome\Application\33.0.1750.117\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File

CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Citrix ICA Client) - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)

CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll No File

CHR Plugin: (Java Deployment Toolkit 6.0.390.4) - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File

CHR Extension: (Google Wallet) - C:\Users\terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR HKLM-x32\...\Chrome\Extension: [aaaappmhgaaggeoepicjahnbofmjacog] - C:\Users\terry\AppData\Local\APN\GoogleCRXs\aaaappmhgaaggeoepicjahnbofmjacog_7.15.4.0.crx [2013-08-30]

 

==================== Services (Whitelisted) =================

 

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)

R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-01-30] (SurfRight B.V.)

R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S4 TivoBeacon2; C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [1104656 2010-08-24] (TiVo Inc.)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2102072 2013-12-18] (AVG)

R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

 

==================== Drivers (Whitelisted) ====================

 

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-02-18] (AVG Technologies)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2013-12-18] (NVIDIA Corporation)

S3 NvStUSB; C:\Windows\system32\DRIVERS\nvstusb.sys [121960 2010-12-12] ()

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [14112 2013-12-16] (TuneUp Software)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 SWVNIC; system32\DRIVERS\swvnic.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-27 18:20 - 2014-02-27 18:21 - 00022066 _____ () C:\Users\terry\Downloads\FRST.txt

2014-02-27 18:16 - 2014-02-27 18:20 - 00000000 ____D () C:\FRST

2014-02-27 10:48 - 2014-02-27 10:48 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-27 10:45 - 2014-02-27 10:46 - 02155520 _____ (Farbar) C:\Users\terry\Downloads\FRST64.exe

2014-02-27 10:44 - 2014-02-27 10:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\terry\Downloads\mbam-consumer.exe

2014-02-26 22:07 - 2014-02-26 22:08 - 00028328 _____ () C:\Users\terry\Desktop\dds.txt

2014-02-26 22:07 - 2014-02-26 22:08 - 00010255 _____ () C:\Users\terry\Desktop\attach.txt

2014-02-26 22:05 - 2014-02-26 22:23 - 519215012 _____ () C:\Users\terry\Downloads\56_021714_sld033_43.rar

2014-02-23 23:52 - 2014-02-23 23:52 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-13 20:13 - 2014-02-13 20:31 - 00000000 ____D () C:\Users\terry\Desktop\02132014 nikon

2014-02-13 07:27 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-02-13 07:27 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-02-13 07:24 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-13 07:24 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-13 07:24 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-13 07:24 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-13 07:24 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-13 07:24 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-13 07:24 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-13 07:24 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-13 07:24 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-13 07:24 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-13 07:24 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-13 07:24 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-13 07:24 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-13 07:24 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-13 07:24 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-13 07:24 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-13 07:24 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-13 07:24 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-13 07:24 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-13 07:24 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-13 07:24 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-13 07:24 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-13 07:24 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-13 07:24 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-13 07:24 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-13 07:24 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-13 07:24 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-13 07:24 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-13 07:24 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-13 07:24 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-13 07:24 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-13 07:24 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-13 07:24 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-13 07:24 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-13 07:24 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-13 07:24 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-13 07:24 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-13 07:24 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-13 07:24 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-13 05:22 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls

2014-02-13 05:22 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls

2014-02-13 05:22 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-02-13 05:22 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2014-02-13 05:22 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-02-13 05:22 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2014-02-13 05:21 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll

2014-02-13 05:21 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll

2014-02-13 05:21 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll

2014-02-13 05:21 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll

2014-02-13 05:21 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll

2014-02-13 05:21 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll

2014-02-13 05:21 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll

2014-02-13 05:21 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe

2014-02-13 05:21 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe

2014-02-13 05:21 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe

2014-02-13 05:21 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe

2014-02-13 05:21 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll

2014-02-13 05:21 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll

2014-02-13 05:21 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll

2014-02-13 05:21 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll

2014-02-13 05:21 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll

2014-02-13 05:21 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe

2014-02-13 05:21 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe

2014-02-13 05:21 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe

2014-02-13 05:21 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe

2014-02-13 05:21 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll

2014-02-13 05:21 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

2014-02-11 06:46 - 2014-02-11 06:46 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-02-09 16:59 - 2014-02-09 16:59 - 00002231 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2014-02-09 16:59 - 2014-02-09 16:59 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2014-02-09 16:59 - 2013-12-18 09:38 - 00040248 _____ (AVG) C:\Windows\system32\TURegOpt.exe

2014-02-09 16:59 - 2013-12-18 09:38 - 00029496 _____ (AVG) C:\Windows\system32\authuitu.dll

2014-02-09 16:59 - 2013-12-18 09:38 - 00025400 _____ (AVG) C:\Windows\SysWOW64\authuitu.dll

2014-02-09 16:56 - 2014-02-09 17:10 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-02-06 23:01 - 2014-02-06 23:01 - 00009018 _____ () C:\Windows\DPINST.LOG

2014-02-06 23:01 - 2014-02-06 23:01 - 00000000 ____D () C:\ProgramData\Intel

2014-02-06 23:00 - 2014-02-06 23:00 - 00000000 ____D () C:\Program Files (x86)\Cisco

2014-02-06 21:03 - 2014-02-06 21:04 - 94040584 _____ () C:\Users\terry\Desktop\Network_Intel_WLAN_W784_A02_Setup-37PPD_ZPE.exe

2014-02-05 18:30 - 2014-02-05 18:30 - 00000000 ____D () C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2014-02-05 18:11 - 2014-02-05 18:11 - 00431696 _____ () C:\Users\terry\Downloads\DellSystemDetect.exe

2014-02-05 10:10 - 2014-02-05 10:14 - 669173640 _____ (Microsoft Corporation) C:\Users\terry\Downloads\officesp2010-kb2687455-fullfile-x86-en-us.exe

2014-02-05 09:40 - 2014-02-05 09:40 - 28551744 _____ (Citrix Systems, Inc.) C:\Users\terry\Downloads\CitrixReceiverEnterprise (4).exe

2014-02-02 08:20 - 2014-02-02 08:20 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-02-02 08:20 - 2014-02-02 08:20 - 00000000 ____D () C:\Windows\system32\NV

 

==================== One Month Modified Files and Folders =======

 

2014-02-27 18:21 - 2014-02-27 18:20 - 00022066 _____ () C:\Users\terry\Downloads\FRST.txt

2014-02-27 18:20 - 2014-02-27 18:16 - 00000000 ____D () C:\FRST

2014-02-27 18:01 - 2011-05-11 11:10 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002UA.job

2014-02-27 17:55 - 2009-07-14 00:10 - 01369110 _____ () C:\Windows\WindowsUpdate.log

2014-02-27 17:54 - 2013-06-04 20:22 - 00000000 ___RD () C:\Users\terry\Dropbox

2014-02-27 17:54 - 2013-06-04 19:32 - 00000000 ____D () C:\Users\terry\AppData\Roaming\Dropbox

2014-02-27 17:54 - 2012-05-16 08:47 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-27 17:54 - 2011-05-04 22:57 - 00000000 ____D () C:\Users\terry\AppData\Local\Deployment

2014-02-27 17:54 - 2011-05-01 20:35 - 00000000 ____D () C:\Users\terry\AppData\Local\SoftThinks

2014-02-27 17:52 - 2012-07-17 20:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-27 17:49 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-27 17:49 - 2009-07-13 23:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-27 17:46 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-02-27 17:41 - 2013-05-18 18:54 - 00016622 _____ () C:\Windows\setupact.log

2014-02-27 17:41 - 2013-02-18 12:24 - 00000000 ____D () C:\ProgramData\NVIDIA

2014-02-27 17:41 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-27 15:37 - 2012-05-16 08:47 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-27 11:35 - 2013-05-18 22:56 - 00276130 _____ () C:\Windows\PFRO.log

2014-02-27 10:48 - 2014-02-27 10:48 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-02-27 10:48 - 2013-04-27 15:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-27 10:47 - 2014-02-27 10:44 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\terry\Downloads\mbam-consumer.exe

2014-02-27 10:46 - 2014-02-27 10:45 - 02155520 _____ (Farbar) C:\Users\terry\Downloads\FRST64.exe

2014-02-26 23:01 - 2011-05-11 11:10 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002Core.job

2014-02-26 22:23 - 2014-02-26 22:05 - 519215012 _____ () C:\Users\terry\Downloads\56_021714_sld033_43.rar

2014-02-26 22:08 - 2014-02-26 22:07 - 00028328 _____ () C:\Users\terry\Desktop\dds.txt

2014-02-26 22:08 - 2014-02-26 22:07 - 00010255 _____ () C:\Users\terry\Desktop\attach.txt

2014-02-24 14:40 - 2014-01-25 08:48 - 00000000 ____D () C:\Users\terry\Desktop\2013 Tax

2014-02-23 23:52 - 2014-02-23 23:52 - 17858952 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

2014-02-23 23:52 - 2012-07-17 20:00 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-23 23:52 - 2012-04-10 21:52 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-23 23:52 - 2011-06-02 19:29 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-23 23:03 - 2011-05-11 11:11 - 00002372 _____ () C:\Users\terry\Desktop\Google Chrome.lnk

2014-02-23 22:56 - 2011-05-11 11:10 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002UA

2014-02-23 22:56 - 2011-05-11 11:10 - 00003482 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1880721975-2681396882-3100980296-1002Core

2014-02-13 20:31 - 2014-02-13 20:13 - 00000000 ____D () C:\Users\terry\Desktop\02132014 nikon

2014-02-13 12:07 - 2013-05-22 12:03 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask

2014-02-13 10:25 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache

2014-02-13 08:08 - 2011-05-10 23:28 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-02-13 08:06 - 2009-07-13 21:34 - 00000510 _____ () C:\Windows\win.ini

2014-02-13 07:50 - 2013-08-04 09:25 - 00000000 ____D () C:\Windows\system32\MRT

2014-02-13 07:43 - 2011-05-01 20:52 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-02-13 07:33 - 2013-04-28 07:39 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI

2014-02-13 07:27 - 2011-03-19 13:51 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup

2014-02-13 05:26 - 2012-05-16 08:47 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-13 05:26 - 2012-05-16 08:47 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-11 06:46 - 2014-02-11 06:46 - 00002762 _____ () C:\Windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013

2014-02-10 19:53 - 2012-02-13 06:38 - 00000000 ____D () C:\Users\terry\Desktop\Kathleen

2014-02-09 17:10 - 2014-02-09 16:56 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}

2014-02-09 17:10 - 2013-02-18 07:44 - 00000000 __SHD () C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}

2014-02-09 17:10 - 2011-09-22 06:58 - 00000000 ____D () C:\Users\terry\AppData\Local\Downloaded Installations

2014-02-09 17:10 - 2011-05-14 17:29 - 00000000 ____D () C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}

2014-02-09 17:10 - 2011-05-10 23:28 - 00000000 ____D () C:\Users\terry\AppData\Local\Microsoft Help

2014-02-09 17:01 - 2013-02-18 07:44 - 00000000 ____D () C:\ProgramData\AVG

2014-02-09 16:59 - 2014-02-09 16:59 - 00002231 _____ () C:\Users\Public\Desktop\AVG 1-Click Maintenance.lnk

2014-02-09 16:59 - 2014-02-09 16:59 - 00002205 _____ () C:\Users\Public\Desktop\AVG PC TuneUp 2014.lnk

2014-02-09 16:58 - 2012-02-10 10:18 - 00000000 ____D () C:\Users\terry\AppData\Roaming\AVG

2014-02-09 16:58 - 2011-05-08 23:19 - 00000000 ____D () C:\Program Files (x86)\AVG

2014-02-06 23:02 - 2011-03-19 13:36 - 00000000 ____D () C:\Program Files\Intel

2014-02-06 23:01 - 2014-02-06 23:01 - 00009018 _____ () C:\Windows\DPINST.LOG

2014-02-06 23:01 - 2014-02-06 23:01 - 00000000 ____D () C:\ProgramData\Intel

2014-02-06 23:00 - 2014-02-06 23:00 - 00000000 ____D () C:\Program Files (x86)\Cisco

2014-02-06 23:00 - 2011-03-19 15:13 - 00000000 ____D () C:\Program Files (x86)\Intel

2014-02-06 21:04 - 2014-02-06 21:03 - 94040584 _____ () C:\Users\terry\Desktop\Network_Intel_WLAN_W784_A02_Setup-37PPD_ZPE.exe

2014-02-06 07:16 - 2014-02-13 07:24 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-02-06 06:30 - 2014-02-13 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-02-06 06:30 - 2014-02-13 07:24 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-02-06 06:12 - 2014-02-13 07:24 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-02-06 06:07 - 2014-02-13 07:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-02-06 06:06 - 2014-02-13 07:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-02-06 05:57 - 2014-02-13 07:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-02-06 05:56 - 2014-02-13 07:24 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-02-06 05:52 - 2014-02-13 07:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-02-06 05:49 - 2014-02-13 07:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-02-06 05:48 - 2014-02-13 07:24 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-02-06 05:48 - 2014-02-13 07:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-02-06 05:38 - 2014-02-13 07:24 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-02-06 05:32 - 2014-02-13 07:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-02-06 05:20 - 2014-02-13 07:24 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-02-06 05:17 - 2014-02-13 07:24 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-02-06 05:11 - 2014-02-13 07:24 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-02-06 05:01 - 2014-02-13 07:24 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-02-06 05:00 - 2014-02-13 07:24 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-02-06 04:57 - 2014-02-13 07:24 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-02-06 04:57 - 2014-02-13 07:24 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-02-06 04:52 - 2014-02-13 07:24 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-02-06 04:52 - 2014-02-13 07:24 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-02-06 04:50 - 2014-02-13 07:24 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-02-06 04:49 - 2014-02-13 07:24 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-02-06 04:47 - 2014-02-13 07:24 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-02-06 04:46 - 2014-02-13 07:24 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-02-06 04:25 - 2014-02-13 07:24 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-02-06 04:25 - 2014-02-13 07:24 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-02-06 04:24 - 2014-02-13 07:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-02-06 04:22 - 2014-02-13 07:24 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-02-06 04:13 - 2014-02-13 07:24 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-02-06 04:09 - 2014-02-13 07:24 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-02-06 04:03 - 2014-02-13 07:24 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-02-06 03:55 - 2014-02-13 07:24 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-02-06 03:41 - 2014-02-13 07:24 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-02-06 03:40 - 2014-02-13 07:24 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-02-06 03:36 - 2014-02-13 07:24 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-02-06 03:34 - 2014-02-13 07:24 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-02-05 18:30 - 2014-02-05 18:30 - 00000000 ____D () C:\Users\terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell

2014-02-05 18:11 - 2014-02-05 18:11 - 00431696 _____ () C:\Users\terry\Downloads\DellSystemDetect.exe

2014-02-05 10:14 - 2014-02-05 10:10 - 669173640 _____ (Microsoft Corporation) C:\Users\terry\Downloads\officesp2010-kb2687455-fullfile-x86-en-us.exe

2014-02-05 09:40 - 2014-02-05 09:40 - 28551744 _____ (Citrix Systems, Inc.) C:\Users\terry\Downloads\CitrixReceiverEnterprise (4).exe

2014-02-02 08:20 - 2014-02-02 08:20 - 00000000 ____D () C:\Windows\SysWOW64\NV

2014-02-02 08:20 - 2014-02-02 08:20 - 00000000 ____D () C:\Windows\system32\NV

2014-02-02 08:18 - 2013-02-18 12:22 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation

2014-02-02 08:17 - 2011-03-19 15:14 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation

2014-02-02 08:15 - 2011-03-19 15:14 - 00000000 ____D () C:\Program Files\NVIDIA Corporation

 

Files to move or delete:

====================

C:\ProgramData\PKP_DLeo.DAT

C:\ProgramData\PKP_DLes.DAT

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-02-08 10:06

 

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-02-2014 02

Ran by terry at 2014-02-28 18:03:56 Run:1

Running from C:\Users\terry\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Start

C:\ProgramData\PKP_DLeo.DAT

C:\ProgramData\PKP_DLes.DAT

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT

End

 

*****************

 

C:\ProgramData\PKP_DLeo.DAT => Moved successfully.

C:\ProgramData\PKP_DLes.DAT => Moved successfully.

C:\ProgramData\PKP_DLet.DAT => Moved successfully.

C:\ProgramData\PKP_DLev.DAT => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • In your next reply, post the following log files:
    • Malwarebytes' Anti-Malware log
    • ESET Online Scanner log
Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.27.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

terry :: TERRY-PC [administrator]

 

Protection: Enabled

 

2/27/2014 8:54:36 PM

mbam-log-2014-02-27 (20-54-36).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 520846

Time elapsed: 1 hour(s), 44 minute(s), 29 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 


C:\$RECYCLE.BIN\S-1-5-21-1880721975-2681396882-3100980296-1002\$RDRJNFT.exe probably a variant of Win32/Toolbar.SearchSuite.J potentially unwanted application deleted - quarantined

C:\$RECYCLE.BIN\S-1-5-21-1880721975-2681396882-3100980296-1002\$RGQ55YC.exe Win32/OutBrowse.J potentially unwanted application deleted - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\Backup\DSLUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application deleted - quarantined

C:\Users\terry\Downloads\ccsetup324 [1].exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted - quarantined

 

 

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.03.02.08

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16518

terry :: TERRY-PC [administrator]

 

Protection: Enabled

 

3/2/2014 12:37:15 PM

mbam-log-2014-03-02 (12-37-15).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 254164

Time elapsed: 7 minute(s), 29 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)
Link to post
Share on other sites

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.

Click the cog in the upper right corner:

AVPfront.gif

Select down to and including your main drive.

Once done please select the Automatic Scan tab and press Start Scan.

avpsettings.gif

Allow AVP to delete all infections found.

Once it has finished select the Report tab.

Select the Detected threats report from the left and press the Save button.

Save it to your Desktop and post the contents in your next reply.

Link to post
Share on other sites

Glad I could help! :)

Step 1

  • Download OTL to your desktop and run it.
  • Click on CleanUp button.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2

Please uninstall ESET Online Scanner and manually delete Kaspersky AVP .

Step 3

Some malware preventions:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.