Jump to content

Recommended Posts

Here  is a copy of

  • DDS.txt
  • Attach.txt

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.45.2
Run by Montana at 2:30:58 on 2014-03-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.3699 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Montana\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\Windows Manager\winmgr.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\Notepad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>
uWindows: Load = C:\Windows\System32\Microsoft.com
mWinlogon: Userinit = userinit.exe
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Akamai NetSession Interface] "C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [HP Officejet Pro 8500 A910 (NET)] "C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe" -deviceID "CN18OCQ03P:NW" -scfn "HP Officejet Pro 8500 A910 (NET)" -AutoStart 1
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Google Update] "C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [zzsuel.exe] C:\Users\Montana\AppData\Roaming\vxsula\\zzsuel.exe
uRun: [] C:\Users\Montana\AppData\Roaming\sulade\\
uRun: [puawud.exe] C:\Users\Montana\AppData\Roaming\sulade\puawud.exe
uRun: [czfkxa.exe] C:\Users\Montana\AppData\Roaming\sulade\\czfkxa.exe
uRun: [zraqui.exe] C:\Users\Montana\AppData\Roaming\fkaqih\zraqui.exe
uRun: [pulabu.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\pulabu.exe
uRun: [ihjaok.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\ihjaok.exe
uRun: [zzhzaw.exe] C:\Users\Montana\AppData\Roaming\aslade\\zzhzaw.exe
uRun: [kewnow.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\kewnow.exe
uRun: [bucztr.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\bucztr.exe
uRun: [xazzpu.exe] C:\Users\Montana\AppData\Roaming\sulade\\xazzpu.exe
uRun: [kenuow.exe] C:\Users\Montana\AppData\Roaming\vxsula\\kenuow.exe
uRun: [uijauo.exe] C:\Users\Montana\AppData\Roaming\sulade\\uijauo.exe
uRun: [fkrxzz.exe] C:\Users\Montana\AppData\Roaming\vxsula\\fkrxzz.exe
uRun: [vxzzep.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\vxzzep.exe
uRun: [czkoxa.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\czkoxa.exe
uRun: [gfrzzz.exe] C:\Users\Montana\AppData\Roaming\sulade\\gfrzzz.exe
uRun: [hzsuke.exe] C:\Users\Montana\AppData\Roaming\sulade\\hzsuke.exe
uRun: [xgrzhz.exe] C:\Users\Montana\AppData\Roaming\sulade\\xgrzhz.exe
uRun: [eplabu.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\eplabu.exe
uRun: [elnuwc.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\elnuwc.exe
uRun: [hzaske.exe] C:\Users\Montana\AppData\Roaming\sulade\\hzaske.exe
uRun: [korxzz.exe] C:\Users\Montana\AppData\Roaming\sulade\\korxzz.exe
uRun: [trxaas.exe] C:\Users\Montana\AppData\Roaming\fkaqih\\trxaas.exe
uRunOnce: [WindowsUpdate] "C:\Program Files (x86)\Windows Manager\winmgr.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
StartupFolder: C:\Users\Montana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Montana\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Montana\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\2454C4C414C49414E445736343 : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\368696C696073307073327 : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\548686169723 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\548686169723D25535 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\5486861697D25535 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{020D9F5E-5DC5-4823-9FC4-0700AA0052D5}\6494242554F405736343 : DHCPNameServer = 192.168.2.1 142.166.166.166
TCP: Interfaces\{C56C0892-C468-4C59-B927-DA6B766D6A15} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D948CD20-96ED-4C2F-95DF-6AC5407F2A9A} : DHCPNameServer = 8.8.8.8 8.8.4.4
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
IFEO: AvastSvc.exe - C:\Windows\System32\Microsoft.com
IFEO: AvastUI.exe - C:\Windows\System32\Microsoft.com
IFEO: avcenter.exe - C:\Windows\System32\Microsoft.com
IFEO: avconfig.exe - C:\Windows\System32\Microsoft.com
IFEO: avgcsrvx.exe - C:\Windows\System32\Microsoft.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [bLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-IFEO: AvastSvc.exe - C:\Windows\System32\Microsoft.com
x64-IFEO: AvastUI.exe - C:\Windows\System32\Microsoft.com
x64-IFEO: avcenter.exe - C:\Windows\System32\Microsoft.com
x64-IFEO: avconfig.exe - C:\Windows\System32\Microsoft.com
x64-IFEO: avgcsrvx.exe - C:\Windows\System32\Microsoft.com
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\


FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Users\Montana\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins\npSlingPlayer.dll
FF - plugin: C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2013-2-10 1263200]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-2-12 283200]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-2-10 89600]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2013-2-10 3246040]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-27 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-27 1104208]
R2 MSSQL$KBMSS;SQL Server (KBMSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 134944]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2013-2-10 145448]
R2 SentinelKeysServer;Sentinel Keys Server;C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-7-11 328992]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2013-2-10 285280]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-27 1304912]
R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-11-30 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2012-2-13 95232]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2012-2-13 747008]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2012-3-21 60928]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-2-10 342528]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DptSecServiceWinService;DptSecSystem;C:\Program Files (x86)\D.P.Technology\Security\DPTechnology.SecService.exe [2011-7-13 65024]
S2 multikey;Virtual USB MultiKey;C:\Windows\System32\drivers\multikey.sys [2013-2-11 67584]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-10-20 1431888]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-16 111616]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\System32\drivers\mcvidrv_x64.sys [2013-2-24 44928]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\System32\drivers\mcaudrv_x64.sys [2013-1-31 28160]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
S3 PcaSp60;Rawether NDIS 6.X SPR Protocol Driver;C:\Windows\System32\drivers\PcaSp60.sys [2013-4-15 38912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-10 19456]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\System32\drivers\SNTUSB64.SYS [2008-7-11 58664]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-2-26 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-10 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-10 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]
.
=============== Created Last 30 ================
.
2014-03-04 07:27:05    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malwaresszzz
2014-03-04 07:23:09    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-03-04 07:23:09    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-03-04 07:23:09    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malwaress
2014-03-04 06:33:28    --------    d-----w-    C:\Users\Montana\AppData\Roaming\SUPERAntiSpyware.com
2014-03-04 06:33:28    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-03-04 06:30:31    5694464    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-03-04 06:30:30    6574592    ----a-w-    C:\Windows\System32\mstscax.dll
2014-03-02 14:48:21    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-02 14:41:19    53103728    --sha-r-    C:\Windows\SysWow64\Microsoft.com
2014-03-02 14:41:13    --------    d-sh--w-    C:\Program Files (x86)\Windows Manager
2014-03-01 18:22:31    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{77282632-CBC0-4716-978C-85F5B717AF98}\gapaengine.dll
2014-03-01 18:22:21    10536864    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F1114EB-5C5D-434D-867D-8D25B68325E3}\mpengine.dll
2014-02-26 23:41:59    855552    ----a-w-    C:\Windows\SysWow64\rdvidcrl.dll
2014-02-26 23:41:58    1057280    ----a-w-    C:\Windows\System32\rdvidcrl.dll
2014-02-26 23:37:46    792576    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2014-02-26 23:37:46    1030144    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-02-26 23:30:25    75376    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2014-02-26 23:30:25    272496    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-26 23:30:25    2106216    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2014-02-26 23:30:25    20080    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2014-02-26 23:30:23    117360    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2014-02-26 23:30:22    307824    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2014-02-26 23:30:22    275568    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2014-02-26 23:30:21    647280    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2014-02-26 23:30:21    53360    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2014-02-26 23:30:21    3494512    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2014-02-26 23:30:21    118896    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2014-02-26 22:55:31    --------    d--h--w-    C:\$WINDOWS.~BT
2014-02-26 22:46:58    1031560    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AC74C4F-E994-4502-B40A-49FB499F19C3}\gapaengine.dll
2014-02-26 22:46:28    10536864    ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 21:19:46    --------    d-----w-    C:\Users\Montana\AppData\Roaming\DataWork
2014-02-24 01:13:01    --------    d--h--r-    C:\ESD
2014-02-23 23:13:36    --------    d-----w-    C:\Users\Montana\AppData\Roaming\Logs
2014-02-23 23:11:52    129536    ----a-w-    C:\Users\Montana\AppData\Roaming\jhProtominer.exe
2014-02-16 15:18:19    548864    ----a-w-    C:\Windows\System32\vbscript.dll
2014-02-16 15:18:19    454656    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-02-16 15:15:59    2565120    ----a-w-    C:\Windows\System32\d3d10warp.dll
.
==================== Find3M  ====================
.
2014-02-27 00:54:15    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-27 00:54:15    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-06 11:30:46    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37    5768704    ----a-w-    C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32    2041856    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36    4244480    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2014-02-06 09:09:30    1964032    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-01-19 07:33:29    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2014-01-10 16:30:38    0    ----a-w-    C:\Windows\SysWow64\FAP16D.tmp
2014-01-09 17:07:36    0    ----a-w-    C:\Windows\SysWow64\FAP7D06.tmp
2014-01-09 17:07:33    0    ----a-w-    C:\Windows\SysWow64\FAP6EF0.tmp
2014-01-09 17:00:31    0    ----a-w-    C:\Windows\SysWow64\FAPFE03.tmp
2014-01-09 17:00:30    0    ----a-w-    C:\Windows\SysWow64\FAPFC4C.tmp
2014-01-09 16:56:36    0    ----a-w-    C:\Windows\SysWow64\FAP6893.tmp
2014-01-09 16:56:34    0    ----a-w-    C:\Windows\SysWow64\FAP626A.tmp
2014-01-09 16:56:33    0    ----a-w-    C:\Windows\SysWow64\FAP5FF8.tmp
2014-01-09 16:56:33    0    ----a-w-    C:\Windows\SysWow64\FAP5FB7.tmp
2014-01-09 16:56:32    0    ----a-w-    C:\Windows\SysWow64\FAP58C3.tmp
2014-01-09 16:56:30    0    ----a-w-    C:\Windows\SysWow64\FAP5104.tmp
2014-01-09 16:52:19    0    ----a-w-    C:\Windows\SysWow64\FAP7F04.tmp
2014-01-09 16:52:13    0    ----a-w-    C:\Windows\SysWow64\FAP6625.tmp
2014-01-09 16:52:12    0    ----a-w-    C:\Windows\SysWow64\FAP6384.tmp
2014-01-09 16:52:11    0    ----a-w-    C:\Windows\SysWow64\FAP5F8C.tmp
2014-01-09 16:52:09    0    ----a-w-    C:\Windows\SysWow64\FAP5898.tmp
2014-01-09 16:52:09    0    ----a-w-    C:\Windows\SysWow64\FAP5693.tmp
2014-01-09 16:52:05    0    ----a-w-    C:\Windows\SysWow64\FAP486E.tmp
2014-01-09 16:52:04    0    ----a-w-    C:\Windows\SysWow64\FAP4189.tmp
2014-01-09 16:51:44    0    ----a-w-    C:\Windows\SysWow64\FAPF413.tmp
2014-01-09 16:39:49    0    ----a-w-    C:\Windows\SysWow64\FAPCAF.tmp
2014-01-09 16:37:43    0    ----a-w-    C:\Windows\SysWow64\FAP1EB7.tmp
2013-12-24 23:09:41    1987584    ----a-w-    C:\Windows\SysWow64\d3d10warp.dll
2013-12-06 02:30:08    2048    ----a-w-    C:\Windows\System32\msxml3r.dll
2013-12-06 02:30:08    1882112    ----a-w-    C:\Windows\System32\msxml3.dll
2013-12-06 02:02:08    2048    ----a-w-    C:\Windows\SysWow64\msxml3r.dll
2013-12-06 02:02:08    1237504    ----a-w-    C:\Windows\SysWow64\msxml3.dll
.
============= FINISH:  2:31:06.40 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/10/2013 12:06:33 PM
System Uptime: 3/4/2014 2:24:30 AM (0 hours ago)
.
Motherboard: Dell Inc. |  | 034W60
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 44.278 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_VID&0002000A_PID&0000\8&32EEB8B6&0&04180F40A98F_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_VID&0002000A_PID&0000\8&32EEB8B6&0&04180F40A98F_C00000000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Realtek PCIe FE Family Controller
Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_04B01028&REV_05\01000000364CE00000
Manufacturer: Realtek
Name: Realtek PCIe FE Family Controller
PNP Device ID: PCI\VEN_10EC&DEV_8136&SUBSYS_04B01028&REV_05\01000000364CE00000
Service: RTL8167
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04B01028&REV_05\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_04B01028&REV_05\3&11583659&0&FB
Service:
.
Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Virtual USB MultiKey
Device ID: ROOT\SYSTEM\0001
Manufacturer: (Standard system devices)
Name: Virtual USB MultiKey
PNP Device ID: ROOT\SYSTEM\0001
Service: multikey
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_VID&0001000F_PID&1200\8&32EEB8B6&0&BCF5AC48F755_C00000000
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{FBE4BE12-374A-486B-A473-24E39408A24D}_VID&0001000F_PID&1200\8&32EEB8B6&0&BCF5AC48F755_C00000000
Service:
.
==== System Restore Points ===================
.
RP170: 2/23/2014 6:24:18 PM - Windows Update
RP171: 2/26/2014 5:05:04 PM - Restore Operation
RP172: 2/26/2014 5:46:03 PM - Windows Update
RP173: 2/26/2014 6:37:58 PM - Windows Update
RP174: 3/4/2014 1:30:39 AM - Windows Update
.
==== Image File Execution Options =============
.
IFEO: AvastSvc.exe - C:\Windows\system32\Microsoft.com
IFEO: AvastUI.exe - C:\Windows\system32\Microsoft.com
IFEO: avcenter.exe - C:\Windows\system32\Microsoft.com
IFEO: avconfig.exe - C:\Windows\system32\Microsoft.com
IFEO: avgcsrvx.exe - C:\Windows\system32\Microsoft.com
IFEO: avgidsagent.exe - C:\Windows\system32\Microsoft.com
IFEO: avgnt.exe - C:\Windows\system32\Microsoft.com
IFEO: avgrsx.exe - C:\Windows\system32\Microsoft.com
IFEO: avguard.exe - C:\Windows\system32\Microsoft.com
IFEO: avgui.exe - C:\Windows\system32\Microsoft.com
IFEO: avgwdsvc.exe - C:\Windows\system32\Microsoft.com
IFEO: avp.exe - C:\Windows\system32\Microsoft.com
IFEO: avscan.exe - C:\Windows\system32\Microsoft.com
IFEO: bdagent.exe - C:\Windows\system32\Microsoft.com
IFEO: BTHSSecurityMgr.exe - C:\Windows\system32\Microsoft.com
IFEO: ccuac.exe - C:\Windows\system32\Microsoft.com
IFEO: ComboFix.exe - C:\Windows\system32\Microsoft.com
IFEO: egui.exe - C:\Windows\system32\Microsoft.com
IFEO: hijackthis.exe - C:\Windows\system32\Microsoft.com
IFEO: instup.exe - C:\Windows\system32\Microsoft.com
IFEO: keyscrambler.exe - C:\Windows\system32\Microsoft.com
IFEO: mbam.exe - C:\Windows\system32\Microsoft.com
IFEO: mbamgui.exe - C:\Windows\system32\Microsoft.com
IFEO: mbampt.exe - C:\Windows\system32\Microsoft.com
IFEO: mbamscheduler.exe - C:\Windows\system32\Microsoft.com
IFEO: mbamservice.exe - C:\Windows\system32\Microsoft.com
IFEO: MpCmdRun.exe - C:\Windows\system32\Microsoft.com
IFEO: MSASCui.exe - C:\Windows\system32\Microsoft.com
IFEO: MsMpEng.exe - C:\Windows\system32\Microsoft.com
IFEO: msseces.exe - C:\Windows\system32\Microsoft.com
IFEO: NisSrv.exe - C:\Windows\system32\Microsoft.com
IFEO: rstrui.exe - C:\Windows\system32\Microsoft.com
IFEO: spybotsd.exe - C:\Windows\system32\Microsoft.com
IFEO: wireshark.exe - C:\Windows\system32\Microsoft.com
IFEO: zlclient.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: AvastSvc.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: AvastUI.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avcenter.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avconfig.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgcsrvx.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgidsagent.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgnt.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgrsx.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avguard.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgui.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avgwdsvc.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avp.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: avscan.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: bdagent.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: BTHSSecurityMgr.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: ccuac.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: ComboFix.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: egui.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: hijackthis.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: instup.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: keyscrambler.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: mbam.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: mbamgui.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: mbampt.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: mbamscheduler.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: mbamservice.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: MpCmdRun.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: MSASCui.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: MsMpEng.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: msseces.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: NisSrv.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: rstrui.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: spybotsd.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: wireshark.exe - C:\Windows\system32\Microsoft.com
x64-IFEO: zlclient.exe - C:\Windows\system32\Microsoft.com
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acronis True Image Home 2011
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
Akamai NetSession Interface
ASUS RT-AC66U Wireless Router Utilities
Bluetooth Software Update Tool
CCleaner
ChromecastApp
Citrix Authentication Manager
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver Updater
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Resource CD
Dell System Detect
Dell Touchpad
DP Technology Security Manager
Dropbox
ESPRIT
Google Chrome
Google Gmail Notifier
Google Talk Plugin
HP Officejet Pro 8500 A910 Basic Device Software
IDT Audio
ImgBurn
Intel PROSet Wireless
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Update Manager
Intel® SSD Toolbox
Java 7 Update 25 (64-bit)
Java 7 Update 45
Java Auto Updater
KONICA MINOLTA PagePro 1350W
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Mouse and Keyboard Center
Microsoft Office 2003 Web Components
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (KBMSS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
NewsLeecher v4.0 Final
Online Plug-in
Realtek Ethernet Controller Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Self-service Plug-in
Sentinel Protection Installer 7.5.0
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
System Requirements Lab for Intel
TorGuard 4.0.3
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VBAIntMSMSetup
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - Chinese (Simplified)
Visual Basic for Applications ® Core - Chinese (Traditional)
Visual Basic for Applications ® Core - English
Visual Basic for Applications ® Core - French
Visual Basic for Applications ® Core - German
Visual Basic for Applications ® Core - Italian
Visual Basic for Applications ® Core - Japanese
Visual Basic for Applications ® Core - Korean
Visual Basic for Applications ® Core - Portuguese (Brazil)
Visual Basic for Applications ® Core - Spanish
Visual Basic for Applications ® Core - Swedish
Windows Mobile Device Center
.
==== Event Viewer Messages From Past Week ========
.
3/4/2014 2:24:39 AM, Error: Service Control Manager [7000]  - The Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service service failed to start due to the following error:  Access is denied.
3/4/2014 2:24:38 AM, Error: Service Control Manager [7000]  - The Virtual USB MultiKey service failed to start due to the following error:  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
3/4/2014 2:24:37 AM, Error: Service Control Manager [7000]  - The Microsoft Antimalware Service service failed to start due to the following error:  The system cannot find the file specified.
3/4/2014 2:11:15 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:06:42 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Device Monitor with arguments "" in order to run the server: {DABF28BE-F6B4-4E40-8F40-C4FB26F3116C}
3/4/2014 2:04:54 AM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:03:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
3/4/2014 2:03:13 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
3/4/2014 2:03:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/4/2014 2:03:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/4/2014 2:03:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/4/2014 2:03:07 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/4/2014 2:03:06 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2014 2:03:01 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/4/2014 2:03:01 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service Bluetooth Media Service with arguments "" in order to run the server: {9AC233E9-AC75-4DB5-85C4-DAB13A484FEA}
3/4/2014 2:02:54 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
3/4/2014 2:02:54 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
3/2/2014 9:41:19 AM, Error: Service Control Manager [7031]  - The Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/1/2014 1:11:34 PM, Error: Disk [11]  - The driver detected a controller error on \Device\Harddisk2\DR3.
2/26/2014 7:28:48 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume OS.
2/26/2014 7:28:47 PM, Error: Microsoft-Windows-BitLocker-Driver [24620]  - Encrypted volume check: Volume information on  cannot be read.
2/26/2014 6:42:13 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume I:.
2/26/2014 5:35:18 PM, Error: Microsoft Antimalware [2004]  - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.      Signatures Attempted: Current      Error Code: 0x80070002      Error description: The system cannot find the file specified.       Signature version: 0.0.0.0;0.0.0.0      Engine version: 0.0.0.0
2/26/2014 5:05:46 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.167.465.0      Update Source: Microsoft Update Server      Update Stage: Download      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10302.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/26/2014 5:05:46 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.167.465.0      Update Source: Microsoft Update Server      Update Stage: Download      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10302.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/26/2014 4:23:46 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
2/26/2014 4:23:14 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
2/26/2014 4:14:41 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
2/26/2014 4:14:37 PM, Error: Service Control Manager [7022]  - The Security Center service hung on starting.
2/26/2014 4:12:32 PM, Error: Service Control Manager [7022]  - The PnP-X IP Bus Enumerator service hung on starting.
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Malwarebytes does show as installed in the programs list, try as follows:

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log..

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Post those logs in next reply..

 

Kevin

Link to post
Share on other sites

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/04/2014 11:03:49 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 03/04/2014 11:04:03 AM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

--------------------

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Montana :: MONTANA-PC [administrator]

Protection: Disabled

3/4/2014 11:09:12 AM
mbam-log-2014-03-04 (11-09-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217385
Time elapsed: 2 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\$Recycle.Bin\S-1-5-21-1542471222-1100759984-2066533377-1000\$RIUOUTV.exe (PUP.Optional.ToolBarInstaller.A) -> Quarantined and deleted successfully.
C:\Users\Montana\AppData\Local\Temp\jhProtominer.exe (PUP.Riskware.Bitminer) -> Quarantined and deleted successfully.
C:\Users\Montana\Dropbox\!RnE - 2012.10.14 10.34.19 - VanDyke SecureCRT x64 v6 2 3 313 Incl Patch And Keymaker-AGAiN.rar (Trojan.Downloader) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2014
Ran by Montana (administrator) on MONTANA-PC on 04-03-2014 11:17:49
Running from C:\Users\Montana\Desktop\Firefox Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe
(Dropbox, Inc.) C:\Users\Montana\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicatorCom.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPNetworkCommunicator.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Users\Montana\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [bLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation)
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11407120 2012-03-27] (Intel Corporation)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Acronis Scheduler2 Service] - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [394832 2011-09-22] (Acronis)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] - C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [sAOB Monitor] - C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2536760 2011-09-22] (Acronis)
HKLM-x32\...\Run: [TrueImageMonitor.exe] - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5550984 2011-09-22] (Acronis)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CitrixReceiver] - "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] - C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Montana\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3674320 2013-01-08] (DT Soft Ltd)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [HP Officejet Pro 8500 A910 (NET)] - C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [Google Update] - C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-11-03] (Google Inc.)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zzsuel.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\zzsuel.exe [76228112 2014-01-23] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [] - C:\Users\Montana\AppData\Roaming\sulade\\ [0 ] ()
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [puawud.exe] - C:\Users\Montana\AppData\Roaming\sulade\puawud.exe [75990792 2014-01-19] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [czfkxa.exe] - C:\Users\Montana\AppData\Roaming\sulade\\czfkxa.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zraqui.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\zraqui.exe [76228112 2014-01-23] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [pulabu.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\pulabu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [ihjaok.exe] - C:\Users\Montana\AppData\Roaming\sulade\\ihjaok.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zzhzaw.exe] - C:\Users\Montana\AppData\Roaming\aslade\\zzhzaw.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [kewnow.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\kewnow.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [bucztr.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\bucztr.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [xazzpu.exe] - C:\Users\Montana\AppData\Roaming\sulade\\xazzpu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [kenuow.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\kenuow.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [uijauo.exe] - C:\Users\Montana\AppData\Roaming\sulade\\uijauo.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [fkrxzz.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\fkrxzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [vxzzep.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\vxzzep.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [czkoxa.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\czkoxa.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [gfrzzz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\gfrzzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [hzsuke.exe] - C:\Users\Montana\AppData\Roaming\sulade\\hzsuke.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [xgrzhz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\xgrzhz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [eplabu.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\eplabu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [elnuwc.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\elnuwc.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [hzaske.exe] - C:\Users\Montana\AppData\Roaming\sulade\\hzaske.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [korxzz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\korxzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [trxaas.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\trxaas.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [aspuwn.exe] - C:\Users\Montana\AppData\Roaming\sulade\\aspuwn.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [rzxaas.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\rzxaas.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zvhzwe.exe] - C:\Users\Montana\AppData\Roaming\sulade\\zvhzwe.exe
IFEO\BTHSSecurityMgr.exe: [Debugger] C:\Windows\system32\Microsoft.com
IFEO\NisSrv.exe: [Debugger] C:\Windows\system32\Microsoft.com
Startup: C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Montana\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8500 A910 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8500 A910\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4E75529A1E23CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default
FF Homepage: https://www.google.ca/

FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Montana\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Montana\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Montana\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Montana\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Montana\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Montana\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\searchplugins\search-the-web.xml
FF Extension: WebSlingPlayer - C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2013-04-28]
FF Extension: Media Hint - C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\Extensions\mediahint@jetpack.xpi [2013-05-20]
FF Extension: Airmiles Toolbar - C:\Users\Montana\AppData\Roaming\Mozilla\Firefox\Profiles\vbc5sexp.default\Extensions\{a0ba5d09-d5f8-94b4-1180-be3ee0f1bc1e}.xpi [2013-11-29]

Chrome:
=======
CHR Extension: (No Name) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-03]
CHR Extension: (Google Cast) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-11-03]
CHR Extension: (Google Wallet) - C:\Users\Montana\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-03]

==================== Services (Whitelisted) =================

S2 BTHSSecurityMgr; C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [134928 2011-06-03] ()
S2 DptSecServiceWinService; C:\Program Files (x86)\D.P.Technology\Security\DPTechnology.SecService.exe [65024 2011-07-13] (DP Technology Corporation, CA, USA.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R2 MSSQL$KBMSS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [328992 2008-07-11] (SafeNet, Inc.)
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [226592 2008-07-11] (SafeNet, Inc)

==================== Drivers (Whitelisted) ====================

S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-12] (DT Soft Ltd)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-10] (ManyCam LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 multikey; C:\Windows\System32\DRIVERS\multikey.sys [67584 2013-02-11] (Chingachguk & Denger2k (Elite & SP edition))
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2008-07-11] (SafeNet, Inc.)
S3 SNTUSB64; C:\Windows\System32\DRIVERS\SNTUSB64.SYS [58664 2008-07-11] (SafeNet, Inc.)
S3 XRNBO; c:\windows\SysWOW64\drivers\XRNBO.sys [177152 2013-02-10] ()
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\WNt500x64\Sandra.sys [X]
S1 SASDIFSV; \??\C:\Users\Montana\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Montana\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-04 11:17 - 2014-03-04 11:17 - 00000000 ____D () C:\FRST
2014-03-04 11:08 - 2014-03-04 11:08 - 00001134 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 11:08 - 2014-03-04 11:08 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Malwarebytes
2014-03-04 11:06 - 2014-03-04 11:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz
2014-03-04 11:06 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 10:53 - 2014-03-04 11:04 - 00002388 _____ () C:\Users\Montana\Desktop\Rkill.txt
2014-03-04 03:07 - 2014-03-04 03:07 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-04 02:55 - 2014-03-04 03:00 - 00000000 ____D () C:\Users\Montana\Desktop\mbar
2014-03-04 02:27 - 2014-03-04 02:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malwaresszzz
2014-03-04 02:23 - 2014-03-04 02:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 01:33 - 2014-03-04 01:33 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\SUPERAntiSpyware.com
2014-03-04 01:33 - 2014-03-04 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-04 01:30 - 2014-01-08 21:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-04 01:30 - 2014-01-03 17:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-02 09:49 - 2014-03-04 02:28 - 00000000 ____D () C:\Users\Montana\Desktop\rkill
2014-03-02 09:49 - 2014-03-02 09:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Montana\Desktop\rkill.exe
2014-03-02 09:41 - 2014-03-04 03:01 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-02-26 18:42 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-02-26 18:42 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-02-26 18:42 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-02-26 18:42 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-02-26 18:42 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-02-26 18:42 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-02-26 18:42 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-02-26 18:42 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-02-26 18:42 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-02-26 18:42 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-02-26 18:42 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-02-26 18:42 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-02-26 18:42 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-02-26 18:42 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-02-26 18:41 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-02-26 18:41 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-02-26 18:38 - 2014-03-04 01:45 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-26 18:37 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-02-26 18:37 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-02-26 18:29 - 2014-02-26 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-26 17:55 - 2014-02-26 17:56 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-02-26 17:55 - 2014-02-26 17:55 - 00001386 _____ () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001384 _____ () C:\Users\Montana\Desktop\Install Windows.lnk
2014-02-26 16:19 - 2014-02-26 17:07 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\DataWork
2014-02-24 18:20 - 2014-03-04 01:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-02-23 20:13 - 2014-02-23 20:13 - 00000000 __RHD () C:\ESD
2014-02-23 18:12 - 2014-02-26 17:03 - 00005949 _____ () C:\Users\Montana\AppData\Roaming\srvc
2014-02-17 11:10 - 2014-02-17 11:10 - 00027136 _____ () C:\Users\Montana\Desktop\PerformanceWorldEntrants_tonybertuzzi.xls
2014-02-16 10:18 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 10:18 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-16 10:17 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-16 10:17 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-16 10:17 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-16 10:17 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-16 10:17 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-16 10:17 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-16 10:17 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-16 10:17 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-16 10:17 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-16 10:17 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-16 10:17 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-16 10:17 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-16 10:17 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-16 10:17 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-16 10:17 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-16 10:17 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-16 10:17 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-16 10:17 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-16 10:17 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-16 10:17 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-16 10:17 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-16 10:17 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-16 10:17 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-16 10:17 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-16 10:17 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-16 10:17 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-16 10:17 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-16 10:17 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-16 10:17 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-16 10:17 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-16 10:17 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-16 10:17 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-16 10:17 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-16 10:17 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-16 10:17 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-16 10:17 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-16 10:17 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-16 10:17 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-16 10:17 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-16 10:15 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-16 10:15 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 10:15 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-16 10:15 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 10:15 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 10:15 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 10:15 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-16 10:15 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-16 10:15 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 10:15 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 10:15 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 10:15 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 10:15 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 10:15 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 10:15 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 10:15 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 10:15 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-16 10:15 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-16 10:15 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-16 10:15 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-16 10:15 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-16 10:15 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-16 10:15 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-16 10:15 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-16 10:15 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-16 10:15 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-16 10:15 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-16 10:15 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-09 13:42 - 2014-03-04 11:15 - 00051510 _____ () C:\Windows\PFRO.log

==================== One Month Modified Files and Folders =======

2014-03-04 11:17 - 2014-03-04 11:17 - 00000000 ____D () C:\FRST
2014-03-04 11:15 - 2014-02-09 13:42 - 00051510 _____ () C:\Windows\PFRO.log
2014-03-04 11:15 - 2014-01-29 18:10 - 00001736 _____ () C:\Windows\setupact.log
2014-03-04 11:15 - 2013-03-03 12:42 - 00000000 ___RD () C:\Users\Montana\Dropbox
2014-03-04 11:15 - 2013-03-03 12:40 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Dropbox
2014-03-04 11:15 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-04 11:14 - 2013-02-10 12:06 - 01847797 _____ () C:\Windows\WindowsUpdate.log
2014-03-04 11:09 - 2009-07-13 23:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-04 11:09 - 2009-07-13 23:45 - 00022752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-04 11:08 - 2014-03-04 11:08 - 00001134 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-04 11:08 - 2014-03-04 11:08 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Malwarebytes
2014-03-04 11:08 - 2014-03-04 11:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malwarezzz
2014-03-04 11:06 - 2009-07-14 00:13 - 00852012 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 11:04 - 2014-03-04 10:53 - 00002388 _____ () C:\Users\Montana\Desktop\Rkill.txt
2014-03-04 10:56 - 2013-11-03 10:18 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000Core.job
2014-03-04 10:54 - 2013-02-16 17:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-04 10:50 - 2013-11-03 10:18 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000UA.job
2014-03-04 07:55 - 2013-11-08 18:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-04 03:31 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-03-04 03:23 - 2013-11-03 10:19 - 00002380 _____ () C:\Users\Montana\Desktop\Google Chrome.lnk
2014-03-04 03:07 - 2014-03-04 03:07 - 00005175 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-03-04 03:07 - 2013-07-04 21:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-03-04 03:01 - 2014-03-02 09:41 - 00000000 __SHD () C:\Program Files (x86)\Windows Manager
2014-03-04 03:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\TAPI
2014-03-04 03:00 - 2014-03-04 02:55 - 00000000 ____D () C:\Users\Montana\Desktop\mbar
2014-03-04 02:28 - 2014-03-02 09:49 - 00000000 ____D () C:\Users\Montana\Desktop\rkill
2014-03-04 02:27 - 2014-03-04 02:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malwaresszzz
2014-03-04 02:23 - 2014-03-04 02:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-04 01:49 - 2013-05-20 12:13 - 00596480 ___SH () C:\Users\Montana\Desktop\Thumbs.db
2014-03-04 01:45 - 2014-02-26 18:38 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-04 01:45 - 2014-02-24 18:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-04 01:33 - 2014-03-04 01:33 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\SUPERAntiSpyware.com
2014-03-04 01:33 - 2014-03-04 01:33 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-03-04 01:30 - 2014-01-28 19:55 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\fkaqih
2014-03-04 01:30 - 2014-01-28 19:54 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\sulade
2014-03-02 09:49 - 2014-03-02 09:49 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Montana\Desktop\rkill.exe
2014-02-26 19:54 - 2013-02-16 17:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-26 19:54 - 2013-02-10 14:35 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-26 19:54 - 2013-02-10 14:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-26 19:16 - 2013-02-10 14:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-26 18:30 - 2014-02-26 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-26 17:56 - 2014-02-26 17:55 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-02-26 17:55 - 2014-02-26 17:55 - 00001386 _____ () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Install Windows.lnk
2014-02-26 17:55 - 2014-02-26 17:55 - 00001384 _____ () C:\Users\Montana\Desktop\Install Windows.lnk
2014-02-26 17:35 - 2013-02-10 12:06 - 00000000 ____D () C:\Users\Montana
2014-02-26 17:07 - 2014-02-26 16:19 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\DataWork
2014-02-26 17:07 - 2013-11-03 10:19 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-02-26 17:07 - 2013-02-12 20:49 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\DAEMON Tools Lite
2014-02-26 17:07 - 2013-02-12 20:48 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-02-26 17:07 - 2013-02-10 18:20 - 00000000 ____D () C:\Windows\SysWOW64\{3B74FE60-433B-4771-8D3F-7CEC1E59057B}
2014-02-26 17:07 - 2013-02-10 14:41 - 00000000 __RHD () C:\MSOCache
2014-02-26 17:07 - 2013-02-10 14:35 - 00000000 ____D () C:\Windows\system32\Macromed
2014-02-26 17:07 - 2013-02-10 13:08 - 00000000 ____D () C:\Users\Montana\AppData\Local\Akamai
2014-02-26 17:07 - 2013-02-10 12:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-02-26 17:07 - 2013-02-10 12:06 - 00000000 ___RD () C:\Users\Montana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-26 17:07 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-02-26 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-02-26 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\schemas
2014-02-26 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-02-26 17:07 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-02-26 17:03 - 2014-02-23 18:12 - 00005949 _____ () C:\Users\Montana\AppData\Roaming\srvc
2014-02-23 20:13 - 2014-02-23 20:13 - 00000000 __RHD () C:\ESD
2014-02-21 20:39 - 2013-02-20 18:23 - 00000000 ____D () C:\Users\Montana\Desktop\Printer Share
2014-02-17 11:10 - 2014-02-17 11:10 - 00027136 _____ () C:\Users\Montana\Desktop\PerformanceWorldEntrants_tonybertuzzi.xls
2014-02-16 10:34 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-16 10:30 - 2013-02-10 14:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-16 10:29 - 2013-08-20 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 10:22 - 2013-02-10 18:18 - 00844626 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-16 10:19 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-16 10:16 - 2013-11-03 10:18 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000UA
2014-02-16 10:16 - 2013-11-03 10:18 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000Core
2014-02-09 13:44 - 2013-02-10 14:10 - 00000000 ____D () C:\Users\Montana\AppData\Roaming\Mozilla
2014-02-07 12:48 - 2013-02-10 20:20 - 00001869 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-02-06 07:16 - 2014-02-16 10:17 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 06:30 - 2014-02-16 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 06:30 - 2014-02-16 10:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 06:12 - 2014-02-16 10:17 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 06:07 - 2014-02-16 10:17 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 06:06 - 2014-02-16 10:17 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 05:57 - 2014-02-16 10:17 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 05:56 - 2014-02-16 10:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 05:52 - 2014-02-16 10:17 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 05:49 - 2014-02-16 10:17 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 05:48 - 2014-02-16 10:17 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 05:48 - 2014-02-16 10:17 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 05:38 - 2014-02-16 10:17 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-06 05:32 - 2014-02-16 10:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 05:20 - 2014-02-16 10:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-06 05:17 - 2014-02-16 10:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 05:11 - 2014-02-16 10:17 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 05:01 - 2014-02-16 10:17 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-06 05:00 - 2014-02-16 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-06 04:57 - 2014-02-16 10:17 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-06 04:57 - 2014-02-16 10:17 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 04:52 - 2014-02-16 10:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-06 04:52 - 2014-02-16 10:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-06 04:50 - 2014-02-16 10:17 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 04:49 - 2014-02-16 10:17 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-06 04:47 - 2014-02-16 10:17 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-06 04:46 - 2014-02-16 10:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-06 04:25 - 2014-02-16 10:17 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-06 04:25 - 2014-02-16 10:17 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-06 04:24 - 2014-02-16 10:17 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 04:22 - 2014-02-16 10:17 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 04:13 - 2014-02-16 10:17 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-06 04:09 - 2014-02-16 10:17 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-06 04:03 - 2014-02-16 10:17 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-06 03:55 - 2014-02-16 10:17 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 03:41 - 2014-02-16 10:17 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-06 03:40 - 2014-02-16 10:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-06 03:36 - 2014-02-16 10:17 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-06 03:34 - 2014-02-16 10:17 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-04 19:09 - 2013-02-10 12:38 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-02 22:49 - 2013-02-12 18:24 - 00000000 ____D () C:\Users\Montana\AppData\Local\Adobe

Files to move or delete:
====================
C:\Users\Montana\Alps_Touchpad_W8_X01_A00_Setup-CM1M8_ZPE.exe
C:\Users\Montana\Audio_IDT_W8_X02_A00_Setup-CGH70_ZPE.exe
C:\Users\Montana\CardRead_Realtek_W8_X00_A00_Setup-CFP4Y_ZPE.exe
C:\Users\Montana\LOM_Realtek_W8_X00_A00_Setup-NRF40_ZPE.exe
C:\Users\Montana\N5110A11.EXE
C:\Users\Montana\Video_Intel_W84_X01_A00_Setup-6NJX6_ZPE.exe


Some content of TEMP:
====================
C:\Users\Montana\AppData\Local\Temp\ca_A8FC.tmp.dll
C:\Users\Montana\AppData\Local\Temp\ca_EE64.tmp.dll
C:\Users\Montana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-04 03:24

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-03-2014
Ran by Montana at 2014-03-04 11:18:10
Running from C:\Users\Montana\Desktop\Firefox Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Acronis True Image Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
ASUS RT-AC66U Wireless Router Utilities (HKLM-x32\...\{266E41AB-D928-4AF2-A8E4-B24E31F5758C}) (Version: 4.2.6.0 - ASUS)
Bluetooth Software Update Tool (HKLM-x32\...\Bluetooth Software Update Tool) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 3.3.2.0 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
DP Technology Security Manager (HKLM-x32\...\{83566275-6E03-4DF3-B064-2AEA8668BF47}) (Version: 18.0.371 - DP Technology Corp.)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
ESPRIT (HKLM-x32\...\{82634ACF-E690-40D6-9EF8-F984DF43D6ED}) (Version: 19.0.1608 - DP Technology Corp.)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Gmail Notifier (HKLM-x32\...\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}) (Version:  - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
HP Officejet Pro 8500 A910 Basic Device Software (HKLM\...\{13BE337F-9557-416D-A696-F91A6807B170}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{3015F546-6C3E-4E6A-B564-BCDF88C0BA2A}) (Version: 2.1.1.0153 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{25FBDA9A-E868-4B3B-B9FF-D923818511A1}) (Version: 14.2.0000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.3.70 - Intel Corporation) Hidden
Intel® SSD Toolbox (HKLM-x32\...\{06D085C8-1F00-11B2-96A7-8f0CE39193ED}) (Version: 3.2.0.400 - Intel Corporation)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
KONICA MINOLTA PagePro 1350W (HKLM\...\KONICA MINOLTA PagePro 1350W) (Version:  - )
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (KBMSS) (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (x32 Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
NewsLeecher v4.0 Final (HKLM-x32\...\NewsLeecher_is1) (Version:  - )
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Sentinel Protection Installer 7.5.0 (HKLM-x32\...\{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}) (Version: 7.5.0 - SafeNet, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
System Requirements Lab for Intel (HKLM-x32\...\{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}) (Version: 4.5.13.0 - Husdawg, LLC)
TorGuard 4.0.3 (HKLM-x32\...\1277-7310-4370-8957) (Version: 4.0.3 - TorGuard)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
VBAIntMSMSetup (HKLM-x32\...\{ABBBAE74-401F-4ED6-B995-623C146C4FE3}) (Version: 1.0.0 - Default Company Name)
Visual Basic for Applications ® Core - Chinese (Simplified) (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Chinese (Traditional) (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - English (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - French (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - German (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Italian (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Japanese (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Korean (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Portuguese (Brazil) (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Spanish (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core - Swedish (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Visual Basic for Applications ® Core (x32 Version: 6.4.99.69 - Microsoft Corporation) Hidden
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)

==================== Restore Points  =========================

23-02-2014 23:24:18 Windows Update
26-02-2014 22:05:04 Restore Operation
26-02-2014 22:46:03 Windows Update
26-02-2014 23:37:58 Windows Update
04-03-2014 06:30:39 Windows Update
04-03-2014 08:00:29 Malwarebytes Anti-Rootkit Restore Point
04-03-2014 08:06:57 Installed Java 7 Update 51

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {25ABD558-BE24-4C57-8383-26022BF7EFF8} - System32\Tasks\{30213A35-E5D4-4858-BDF4-E387AEE25CAD} => C:\Users\Montana\Desktop\Newsgroup Downloads\alt.binaries.boneless\!RnE - 2014.01.28 19.46.54 - DIGITALTUTORS_GETTING_STARTED_IN_SOLIDWORKS_TUTORIAL-kEISO\DIGITALTUTORS_GETTING_STARTED_IN_SOLIDWORKS_TUTORIAL-kEISO.exe
Task: {25D12B1B-D278-44C5-8654-669AE9B064C1} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {310740CB-CE42-4E78-9E86-CCBB4A3AE006} - System32\Tasks\Intel_C_CVCV2515014Q120BGN => C:\Program Files (x86)\Intel\Intel® SSD Toolbox\Intel SSD Toolbox.exe [2013-12-17] (Intel)
Task: {3CE738C2-CE27-4A5B-958C-06A6FE41293D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000UA => C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {439E9D1D-4847-47A9-AED8-CC01691DA802} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000Core => C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe [2013-11-03] (Google Inc.)
Task: {472E3BCD-ED95-4063-9682-3631A70FCE66} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {54BFEA95-98DF-4066-B458-D720CB06EF48} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {69C3FC98-0932-4E85-B30B-58B4E70C7C0E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-26] (Adobe Systems Incorporated)
Task: {906BD864-D972-4FF1-AA6D-920C57F81F1B} - System32\Tasks\{2E5AC4CC-3C11-4DA6-A97C-01CCC84D0C70} => C:\Users\Montana\Desktop\Newsgroup Downloads\alt.binaries.boneless\!RnE - 2014.01.28 19.46.54 - DIGITALTUTORS_GETTING_STARTED_IN_SOLIDWORKS_TUTORIAL-kEISO\DIGITALTUTORS_GETTING_STARTED_IN_SOLIDWORKS_TUTORIAL-kEISO.exe
Task: {A5A8C7B8-9973-4008-9290-001ACAF71482} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {C7510073-42AA-4C0B-B7FF-59295AD08855} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {CC53141C-3234-4257-AD14-41EA847BC783} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {E0C358A6-81CD-42B6-A0B3-940B35C98378} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-07-03] (Intel Corporation)
Task: {EFD1CB60-3FAE-40D6-9124-55FBE715250F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000Core.job => C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542471222-1100759984-2066533377-1000UA.job => C:\Users\Montana\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-07-27 20:07 - 2011-07-27 20:07 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-02-10 12:17 - 2011-04-09 21:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Montana\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-26 18:29 - 2014-02-26 18:29 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Montana\Desktop\2013-11-24 14.29.43.jpg:com.dropbox.attributes

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2014 11:15:30 AM) (Source: DptSecServiceWinService) (User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 11:15:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 11:08:35 AM) (Source: MBAMService) (User: )
Description: MBAMService2014/03/04 11:08:32 -0500    MONTANA-PC    Montana    MESSAGE    Database refreshed successfully

Error: (03/04/2014 11:08:32 AM) (Source: MBAMService) (User: )
Description: MBAMService2014/03/04 11:08:29 -0500    MONTANA-PC    Montana    MESSAGE    Starting database refresh

Error: (03/04/2014 11:02:25 AM) (Source: DptSecServiceWinService) (User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 11:02:24 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 10:58:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.75.0.1, time stamp: 0x511f8eb2
Faulting module name: OLEAUT32.dll, version: 6.1.7601.17676, time stamp: 0x4e58702a
Exception code: 0xc0000005
Fault offset: 0x0001604c
Faulting process id: 0x1a88
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (03/04/2014 03:01:21 AM) (Source: DptSecServiceWinService) (User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 03:01:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 02:24:43 AM) (Source: DptSecServiceWinService) (User: )
Description: Service cannot be started. The handle is invalid


System errors:
=============
Error: (03/04/2014 11:16:25 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%2

Error: (03/04/2014 11:15:36 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%2

Error: (03/04/2014 11:15:35 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/04/2014 11:15:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Reason: %%892

Error: (03/04/2014 11:15:25 AM) (Source: Service Control Manager) (User: )
Description: The Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service service failed to start due to the following error:
%%5

Error: (03/04/2014 11:15:24 AM) (Source: Service Control Manager) (User: )
Description: The Virtual USB MultiKey service failed to start due to the following error:
%%577

Error: (03/04/2014 11:03:20 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%2

Error: (03/04/2014 11:02:31 AM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error:
%%2

Error: (03/04/2014 11:02:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (03/04/2014 11:02:31 AM) (Source: Microsoft Antimalware) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

    Feature: %%886

    Error Code: 0x80070002

    Error description: The system cannot find the file specified.

    Reason: %%892


Microsoft Office Sessions:
=========================
Error: (03/04/2014 11:15:30 AM) (Source: DptSecServiceWinService)(User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 11:15:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 11:08:35 AM) (Source: MBAMService)(User: )
Description: MBAMService2014/03/04 11:08:32 -0500    MONTANA-PC    Montana    MESSAGE    Database refreshed successfully

Error: (03/04/2014 11:08:32 AM) (Source: MBAMService)(User: )
Description: MBAMService2014/03/04 11:08:29 -0500    MONTANA-PC    Montana    MESSAGE    Starting database refresh

Error: (03/04/2014 11:02:25 AM) (Source: DptSecServiceWinService)(User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 11:02:24 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 10:58:44 AM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2OLEAUT32.dll6.1.7601.176764e58702ac00000050001604c1a8801cf37c265fde07fC:\Program Files (x86)\Malwarebytes' Anti-Malwaress\mbam.exeC:\Windows\syswow64\OLEAUT32.dlldca33526-a3b5-11e3-98d9-ac728987bd41

Error: (03/04/2014 03:01:21 AM) (Source: DptSecServiceWinService)(User: )
Description: Service cannot be started. The handle is invalid

Error: (03/04/2014 03:01:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/04/2014 02:24:43 AM) (Source: DptSecServiceWinService)(User: )
Description: Service cannot be started. The handle is invalid


CodeIntegrity Errors:
===================================
  Date: 2014-03-04 11:15:24.864
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:15:24.801
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:15:21.492
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:15:21.445
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:02:19.987
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:02:19.909
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:02:16.523
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 11:02:16.476
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 03:01:15.849
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-03-04 03:01:15.771
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\multikey.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 6051.18 MB
Available physical RAM: 3490.69 MB
Total Pagefile: 12100.54 MB
Available Pagefile: 9550.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.69 GB) (Free:43.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: A6E38FC7)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Post those logs, let me know if any remaining issues or concerns....

 

Kevin..

 

 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014
Ran by Montana at 2014-03-05 00:54:12 Run:1
Running from C:\Users\Montana\Desktop\Firefox Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zzsuel.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\zzsuel.exe [76228112 2014-01-23] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [] - C:\Users\Montana\AppData\Roaming\sulade\\ [0 ] ()
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [puawud.exe] - C:\Users\Montana\AppData\Roaming\sulade\puawud.exe [75990792 2014-01-19] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [czfkxa.exe] - C:\Users\Montana\AppData\Roaming\sulade\\czfkxa.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zraqui.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\zraqui.exe [76228112 2014-01-23] (Nikyts software)
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [pulabu.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\pulabu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [ihjaok.exe] - C:\Users\Montana\AppData\Roaming\sulade\\ihjaok.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zzhzaw.exe] - C:\Users\Montana\AppData\Roaming\aslade\\zzhzaw.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [kewnow.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\kewnow.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [bucztr.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\bucztr.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [xazzpu.exe] - C:\Users\Montana\AppData\Roaming\sulade\\xazzpu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [kenuow.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\kenuow.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [uijauo.exe] - C:\Users\Montana\AppData\Roaming\sulade\\uijauo.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [fkrxzz.exe] - C:\Users\Montana\AppData\Roaming\vxsula\\fkrxzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [vxzzep.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\vxzzep.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [czkoxa.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\czkoxa.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [gfrzzz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\gfrzzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [hzsuke.exe] - C:\Users\Montana\AppData\Roaming\sulade\\hzsuke.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [xgrzhz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\xgrzhz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [eplabu.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\eplabu.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [elnuwc.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\elnuwc.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [hzaske.exe] - C:\Users\Montana\AppData\Roaming\sulade\\hzaske.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [korxzz.exe] - C:\Users\Montana\AppData\Roaming\sulade\\korxzz.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [trxaas.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\trxaas.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [aspuwn.exe] - C:\Users\Montana\AppData\Roaming\sulade\\aspuwn.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [rzxaas.exe] - C:\Users\Montana\AppData\Roaming\fkaqih\\rzxaas.exe
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\...\Run: [zvhzwe.exe] - C:\Users\Montana\AppData\Roaming\sulade\\zvhzwe.exe
C:\Users\Montana\AppData\Roaming\vxsula
C:\Users\Montana\AppData\Roaming\sulade
C:\Users\Montana\AppData\Roaming\fkaqih
C:\Users\Montana\AppData\Roaming\aslade
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
C:\Users\Montana\Alps_Touchpad_W8_X01_A00_Setup-CM1M8_ZPE.exe
C:\Users\Montana\Audio_IDT_W8_X02_A00_Setup-CGH70_ZPE.exe
C:\Users\Montana\CardRead_Realtek_W8_X00_A00_Setup-CFP4Y_ZPE.exe
C:\Users\Montana\LOM_Realtek_W8_X00_A00_Setup-NRF40_ZPE.exe
C:\Users\Montana\N5110A11.EXE
C:\Users\Montana\Video_Intel_W84_X01_A00_Setup-6NJX6_ZPE.exe
C:\Users\Montana\AppData\Local\Temp\ca_A8FC.tmp.dll
C:\Users\Montana\AppData\Local\Temp\ca_EE64.tmp.dll
C:\Users\Montana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
AlternateDataStreams: C:\Users\Montana\Desktop\2013-11-24 14.29.43.jpg:com.dropbox.attributes
End
*****************

HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zzsuel.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\puawud.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\czfkxa.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zraqui.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\pulabu.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ihjaok.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zzhzaw.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\kewnow.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\bucztr.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\xazzpu.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\kenuow.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\uijauo.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fkrxzz.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\vxzzep.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\czkoxa.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\gfrzzz.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\hzsuke.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\xgrzhz.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\eplabu.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\elnuwc.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\hzaske.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\korxzz.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\trxaas.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\aspuwn.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\rzxaas.exe => Value deleted successfully.
HKU\S-1-5-21-1542471222-1100759984-2066533377-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zvhzwe.exe => Value deleted successfully.
C:\Users\Montana\AppData\Roaming\vxsula => Moved successfully.
C:\Users\Montana\AppData\Roaming\sulade => Moved successfully.
C:\Users\Montana\AppData\Roaming\fkaqih => Moved successfully.
C:\Users\Montana\AppData\Roaming\aslade => Moved successfully.
HKCR\PROTOCOLS\Filter\application/x-ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica; charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=euc-jp => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=ISO-8859-1 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS936 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS949 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=MS950 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF-8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\application/x-ica;charset=UTF8 => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
HKCR\PROTOCOLS\Filter\ica => Key deleted successfully.
HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC} => Key not found.
C:\Users\Montana\Alps_Touchpad_W8_X01_A00_Setup-CM1M8_ZPE.exe => Moved successfully.
C:\Users\Montana\Audio_IDT_W8_X02_A00_Setup-CGH70_ZPE.exe => Moved successfully.
C:\Users\Montana\CardRead_Realtek_W8_X00_A00_Setup-CFP4Y_ZPE.exe => Moved successfully.
C:\Users\Montana\LOM_Realtek_W8_X00_A00_Setup-NRF40_ZPE.exe => Moved successfully.
C:\Users\Montana\N5110A11.EXE => Moved successfully.
C:\Users\Montana\Video_Intel_W84_X01_A00_Setup-6NJX6_ZPE.exe => Moved successfully.
C:\Users\Montana\AppData\Local\Temp\ca_A8FC.tmp.dll => Moved successfully.
C:\Users\Montana\AppData\Local\Temp\ca_EE64.tmp.dll => Moved successfully.
C:\Users\Montana\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Montana\Desktop\2013-11-24 14.29.43.jpg => ":com.dropbox.attributes" ADS removed successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Montana :: MONTANA-PC [administrator]

Protection: Disabled

3/5/2014 12:56:18 AM
mbam-log-2014-03-05 (00-56-18).txt

Scan type: Full scan (C:\|D:\|E:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 348481
Time elapsed: 19 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Montana\Desktop\Firefox Downloads\DTLite4461-0328.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Montana\Desktop\Firefox Downloads\SetupImgBurn_2.5.8.0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Montana on Wed 03/05/2014 at  1:29:20.26
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APNSetup_RASMANCS
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"



~~~ FireFox

Successfully deleted: [Folder] C:\Users\Montana\AppData\Roaming\mozilla\firefox\profiles\vbc5sexp.default\fctb
Successfully deleted the following from C:\Users\Montana\AppData\Roaming\mozilla\firefox\profiles\vbc5sexp.default\prefs.js

user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.AutoSearchEventData", "auto%20search");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.ClearCacheDate", 5);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.DNSCatch", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.DisplayEULA", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.DnsCatchEventData", "dns%20catch");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.EBOMode", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.EnableDCAData_xx", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.EnableDCA_xx", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.FirstLaunchShown", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.InstallDomain", "airmilesshops.ca");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.InstallType", "one_click");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.LoadLayoutDate.100577", 5);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.NewTabSearchEventData", "tab%20search");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.ShowDescriptiveText", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.ShowRecommendedOptions", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.StateReportDate", "1393914470746");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.TopRightSearchEventData", "top%20right%20search");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.airmiles_search.KeywordHistory", "BJE510XL%7Cjuicer%7C");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.beforeInstallSaved", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.beforeinstall.homepage", "chrome%3A//branding/locale/browserconfig.properties");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.beforeinstall.search", "Google");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.comp.affiliate.294.disabled", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.customNewTab", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.dcaDefaultMode", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.dcaShowInstallerPage", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.dcaShowSurvey", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.helpUsImprove", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.hideOthers", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.partnerauth", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.processAddrBar", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.remove_homepage", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.remove_search", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.restoreSearch", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.searchHistory", true);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.session", "B0DE8DC22524745A5D3AAA1117A7A3F668D74609C8DCD3FF277D9F0BA5F8F44F0E3BBDCC37A84BA456460CD429780D6DC9352FE39BCA69A
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.showFirstLaunchOptions", false);
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.tb_lang", "en");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.tool_id", "100577");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.user_id", "132466063");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.user_key", "1b02b50e453ca1707e2dc1dc75844c5cee29ee01");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.user_layouts", "100577");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.user_lnames", "Airmiles%20Toolbar");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
user_pref("freecausea0ba5d09d5f894b41180be3ee0f1bc1e.yahooSearch", true);

Emptied folder: C:\Users\Montana\AppData\Roaming\mozilla\firefox\profiles\vbc5sexp.default\minidumps [50 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/05/2014 at  1:34:38.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Thank you for the donation, much appreciated. By your reply I assume the issue is cleared? Please let me know.....

 

We still need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

 

Run Eset Online Scanner

 

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

 

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

 


Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

 

When the scan is complete

 


If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

 

If threats were found

 


click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

 

close program

 

copy and paste the report in next reply

 

Next,

 

Download Security Check by screen317 from either of the following:

 

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

 

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

Let me see those logs, also give an update on any remaining issues or concerns..

 

Kevin

Link to post
Share on other sites

C:\FRST\Quarantine\aslade05-03-2014_00-54-13\pulabu.exe    Win32/Vbolabot.A trojan
C:\FRST\Quarantine\fkaqih05-03-2014_00-54-13\zraqui.exe    Win32/Vbolabot.A trojan
C:\FRST\Quarantine\sulade05-03-2014_00-54-13\puawud.exe    Win32/Vbolabot.A trojan
C:\FRST\Quarantine\vxsula05-03-2014_00-54-13\zzsuel.exe    Win32/Vbolabot.A trojan
C:\Users\Montana\Desktop\Firefox Downloads\ccsetup404.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Montana\Desktop\Firefox Downloads\ccsetup406.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Montana\Desktop\Firefox Downloads\KeyFinderInstaller.exe    Win32/OpenCandy potentially unsafe application
C:\Users\Montana\Desktop\Firefox Downloads\ManyCamSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Montana\Desktop\Firefox Downloads\Shockwave_Installer_Slim.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Montana\Desktop\Newsgroup Downloads\alt.binaries.wares\Lynda.com.SolidWorks.2014.Essential.Training-QUASAR.exe    a variant of MSIL/Injector.CVE trojan
C:\Users\Montana\Documents\APNSetup.exe    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
C:\Windows\Installer\MSI474.tmp    a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
 

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.80  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 51  
  Adobe Flash Player 12.0.0.70 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.117  
 Google Chrome 33.0.1750.146  
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malwarezzz mbamscheduler.exe   
 Acronis TrueImageHome OnlineBackupStandalone TrueImageMonitor.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 22% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

OK.. worked after reboot.. Jeez .. I feel like this computer was crawling with diseases.. LOL.. hope its all cleaned up now :)

Link to post
Share on other sites

Download OTM from either of the following links and save to your Desktop: (If your security alerts to OTM, either accept the alert or turn off security to allow OTM to run)

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe  

Double click OTM.exe to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion.... If your security alerts to OTM either, accept the alert or turn off security until OTM completes...

  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy). Ensure to start with and include the colon before Files :Files

    :Filesipconfig /flushdns /cC:\Users\Montana\Desktop\Firefox Downloads\ccsetup404.exeC:\Users\Montana\Desktop\Firefox Downloads\ccsetup406.exeC:\Users\Montana\Desktop\Firefox Downloads\KeyFinderInstaller.exeC:\Users\Montana\Desktop\Firefox Downloads\ManyCamSetup.exeC:\Users\Montana\Desktop\Firefox Downloads\Shockwave_Installer_Slim.exeC:\Users\Montana\Desktop\Newsgroup Downloads\alt.binaries.wares\Lynda.com.SolidWorks.2014.Essential.Training-QUASAR.exeC:\Users\Montana\Documents\APNSetup.exeC:\Windows\Installer\MSI474.tmp:Commands[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red btnmoveit.png button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

 

Next,

 

Go here http://www.adobe.com/shockwave/welcome/ and have Adobe Flashplayer checked. Accept new version if required.

There maybe an offer of Google Chrome etc, untick those options if offered...

 

Post log from OTM, also let me know if any remaining issues or concerns. Is your hard drive standard or SSD?

 

Kevin

Link to post
Share on other sites

I have an SSD drive on this computer. and here is my log..   And.. heh.. I was using MSSE before. useless.. i've since upgraded to Avira free.. seems to be catching doing a decent job.. I was looking for a copy of my solidworks training binder on pdf.. looks like that file caused all this mess :(

Thanks,

Tony

 

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Montana\Desktop\cmd.bat deleted successfully.
C:\Users\Montana\Desktop\cmd.txt deleted successfully.
C:\Users\Montana\Desktop\Firefox Downloads\ccsetup404.exe moved successfully.
C:\Users\Montana\Desktop\Firefox Downloads\ccsetup406.exe moved successfully.
File/Folder C:\Users\Montana\Desktop\Firefox Downloads\KeyFinderInstaller.exe not found.
C:\Users\Montana\Desktop\Firefox Downloads\ManyCamSetup.exe moved successfully.
C:\Users\Montana\Desktop\Firefox Downloads\Shockwave_Installer_Slim.exe moved successfully.
C:\Users\Montana\Desktop\Newsgroup Downloads\alt.binaries.wares\Lynda.com.SolidWorks.2014.Essential.Training-QUASAR.exe moved successfully.
C:\Users\Montana\Documents\APNSetup.exe moved successfully.
C:\Windows\Installer\MSI474.tmp moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Montana
->Temp folder emptied: 98346858 bytes
->Temporary Internet Files folder emptied: 46859486 bytes
->Java cache emptied: 236047 bytes
->FireFox cache emptied: 29810420 bytes
->Google Chrome cache emptied: 6441553 bytes
->Flash cache emptied: 5121 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 385232584 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50461 bytes
RecycleBin emptied: 53760 bytes
 
Total Files Cleaned = 541.00 mb
 
 
OTM by OldTimer - Version 3.1.21.0 log created on 03072014_004714

Files moved on Reboot...
C:\Users\Montana\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll moved successfully.
C:\Users\Montana\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Montana\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\gnserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\spserv.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 

Link to post
Share on other sites

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Let me know if there are any remaining issues or concerns..

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.