Jump to content

Need help with LV Maintenance malware


Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Please download RKill from here: http://www.bleepingcomputer.com/download/rkill/

 

There are three buttons to choose from with different names on, select the first one and save it to your desktop.

 

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log,

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin...

 

Let me see those logs...

 

Kevin

Link to post
Share on other sites

Thanks for your help, Kevin!

Here is the RKill log

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 03/16/2014 11:52:47 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Active Proxy Server Detected
 
 * Proxy Disabled.
 * ProxyOverride value deleted.
 * ProxyServer value deleted.
 * AutoConfigURL value deleted.
 * Proxy settings were backed up to Registry file.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Backup Registry file created at:
 C:\Users\Windows7\Desktop\rkill\rkill-03-16-2014-11-52-53.reg
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 03/16/2014 11:54:50 AM
Execution time: 0 hours(s), 2 minute(s), and 3 seconds(s)
 
Scanning with malware bytes now, will post when finished.
-Alex
Link to post
Share on other sites

Malwarebytes quick scan log

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.16.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Windows7 :: WINDOWS7-PC [administrator]
 
3/16/2014 11:58:53 AM
mbam-log-2014-03-16 (11-58-53).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 266578
Time elapsed: 8 minute(s), 59 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

FRST logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Windows7 (administrator) on WINDOWS7-PC on 16-03-2014 12:12:38
Running from C:\Users\Windows7\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(ContentExplorer) C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LBTWiz.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\system32\consent.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Avid Technology, Inc.) C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [bluetooth Connection Assistant] - LBTWIZ.EXE -silent
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-10-17] (NVIDIA Corporation)
HKLM\...\Run: [shadowPlay] - C:\Windows\system32\nvspcap64.dll [1063200 2013-10-17] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-07] (AVAST Software)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [Google Update] - C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-28] (Google Inc.)
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [QuickScanner] - C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [ContentExplorer] - C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe [443152 2014-03-03] (ContentExplorer)
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [LVMaintenance] - C:\Users\Windows7\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: G - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {19249079-faa5-11e1-a247-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {2ca60528-8526-11e3-b66d-001ec9567ba0} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {7b757d2a-8014-11e1-a30b-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {dc476382-5853-11e2-a6e8-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {f6033999-8d1b-11e2-88a0-001ec9567ba0} - F:\TL-Bootstrap.exe
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:55092;https=127.0.0.1:55092
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC0F73FA6AAC5CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=513
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&affID=119776&babsrc=SP_ss&mntrId=5847001E4CCC9666
SearchScopes: HKCU - {6D84FB6D-4DA5-42E7-9D4C-1D465325BA0B} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
SearchScopes: HKCU - {78DFEACC-11D3-4AD4-8296-90C3DC806D6A} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=5CE476D6-9AF1-4EFD-830D-00773A85A8C1&apn_sauid=9A1B9EAB-4FEB-4476-B952-2F69119E3946
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
Tcpip\Parameters: [DhcpNameServer] 76.14.0.8 76.14.0.9 76.14.96.14
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Windows7\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Extension: GoPhotoIt - C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\profiles\extensions\gophoto@gophoto.it.xpi [2012-07-31]
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Google Update) - C:\Users\Windows7\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Next BART) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjcmjlimnlfgakomlhhhbpooidhcfge [2012-03-11]
CHR Extension: (Audiotool) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk [2012-03-11]
CHR Extension: (YouTube) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]
CHR Extension: (http://soundcloud.com/you/sets) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlifnialbodhopmdagpppeegneabnah [2013-03-19]
CHR Extension: (Google Search) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-28]
CHR Extension: (Alex Bacey) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo [2012-01-01]
CHR Extension: (AdBlock) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-07-22]
CHR Extension: (avast! Online Security) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-08]
CHR Extension: (http://sfbay.craigslist.org/) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnhcodhbkmcnigfjgnlbbkplbimdpgn [2012-01-05]
CHR Extension: (Alarm Clock Radio) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi [2012-01-02]
CHR Extension: (Google Maps) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2012-03-11]
CHR Extension: (https://www.dropbox.com/home) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnpalcochkcnfmmkpebfcjiajjcefbe [2013-03-19]
CHR Extension: (Google Wallet) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-28]
CHR HKCU\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Windows7\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Windows7\AppData\Local\Temp\ccex.crx [2011-12-13]
CHR HKLM-x32\...\Chrome\Extension: [gclijllifhfpomppedeljakfegbcpojn] - C:\Users\Windows7\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx [2012-07-24]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-07]
CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx [2014-03-07]
CHR StartMenuInternet: Google Chrome - C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-07] (AVAST Software)
S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools\digisptiservice64.exe [190464 2013-09-12] (Avid Technology, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-15] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15122208 2013-10-17] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-09-29] ()
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-07] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-03-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-03-07] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-03-07] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-07] ()
R3 DGUSBAP; C:\Windows\System32\DRIVERS\dgmbx2.sys [192528 2010-06-22] (Avid Technology, Inc.)
R3 iLokDrvr; C:\Windows\System32\DRIVERS\iLokDrvr.sys [25808 2013-04-11] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBX2DFU; C:\Windows\System32\DRIVERS\dgmbx2fu.sys [31120 2010-06-22] (Avid Technology, Inc.)
S3 MBX2MIDK; C:\Windows\System32\drivers\mbx2midk.sys [32400 2008-12-04] (Digidesign, A Division of Avid Technology, Inc.)
R3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [57408 2012-08-29] (MusicLab, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-27] (NVIDIA Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
U3 swmidi; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-16 12:12 - 2014-03-16 12:12 - 00000000 ____D () C:\Users\Windows7\Desktop\FRST-OlderVersion
2014-03-16 12:11 - 2014-03-16 12:11 - 02157056 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64 (1).exe
2014-03-16 11:52 - 2014-03-16 11:52 - 00000000 ____D () C:\Users\Windows7\Desktop\rkill
2014-03-16 11:44 - 2014-03-16 11:45 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Windows7\Downloads\rkill.com
2014-03-15 19:22 - 2014-03-15 19:22 - 00020246 _____ () C:\Users\Windows7\Desktop\dds.txt
2014-03-15 19:22 - 2014-03-15 19:22 - 00012312 _____ () C:\Users\Windows7\Desktop\attach.txt
2014-03-15 19:18 - 2014-03-15 19:18 - 00688992 ____R (Swearware) C:\Users\Windows7\Downloads\dds.scr
2014-03-15 19:05 - 2014-03-15 19:05 - 00000000 ____D () C:\Users\Windows7\AppData\Local\PaceAP
2014-03-15 17:49 - 2014-03-15 17:50 - 00053305 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-03-15 17:46 - 2014-03-15 17:46 - 02157056 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64.exe
2014-03-15 17:34 - 2014-03-15 17:34 - 04110135 _____ () C:\Users\Windows7\Downloads\tdsskiller (1).zip
2014-03-15 17:34 - 2014-03-15 17:34 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\57518854.sys
2014-03-13 12:05 - 2014-03-16 11:54 - 00002644 _____ () C:\Users\Windows7\Desktop\Rkill.txt
2014-03-13 12:04 - 2014-03-13 12:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Windows7\Downloads\iExplore.exe
2014-03-13 12:01 - 2014-03-13 12:01 - 04110135 _____ () C:\Users\Windows7\Downloads\tdsskiller.zip
2014-03-13 12:00 - 2014-03-13 12:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Windows7\Desktop\iexplorer.exe
2014-03-12 23:15 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 23:15 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 23:15 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 23:15 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 23:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 23:14 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 23:14 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 23:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 23:14 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 23:14 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 23:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 23:14 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 23:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 23:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 23:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 23:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 23:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 23:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 23:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 23:14 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 23:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 23:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 23:14 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 23:14 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 23:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 23:14 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 23:14 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 23:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 23:14 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 23:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 23:14 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 23:14 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 23:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 23:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 23:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 23:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 23:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 23:14 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 23:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 23:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 23:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 23:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 23:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 23:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 23:14 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 23:14 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 23:13 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 23:13 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:33 - 2014-03-15 18:36 - 00000000 ____D () C:\Users\Windows7\Desktop\Sequostati
2014-03-12 14:47 - 2014-03-15 17:59 - 00000000 ____D () C:\Users\Windows7\Desktop\Symbiotic
2014-03-09 00:03 - 2014-03-09 00:03 - 00036186 _____ () C:\Users\Windows7\Desktop\Addition.txt
2014-03-09 00:02 - 2014-03-16 12:12 - 00022727 _____ () C:\Users\Windows7\Desktop\FRST.txt
2014-03-09 00:02 - 2014-03-16 12:12 - 00000000 ____D () C:\FRST
2014-03-09 00:01 - 2014-03-16 12:12 - 02157056 _____ (Farbar) C:\Users\Windows7\Desktop\FRST64.exe
2014-03-08 21:15 - 2014-03-08 21:15 - 00000000 ____D () C:\Users\Windows7\Documents\AVS4YOU
2014-03-08 18:38 - 2014-03-08 23:42 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\LVMaintenance
2014-03-07 20:53 - 2014-03-16 11:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-07 20:53 - 2014-03-07 20:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:53 - 2014-03-07 20:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\AVAST Software
2014-03-07 20:53 - 2014-03-07 20:52 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-07 20:53 - 2014-03-07 20:52 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-07 20:53 - 2014-03-07 20:52 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-07 20:52 - 2014-03-07 20:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-07 20:52 - 2014-03-07 20:52 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-07 20:50 - 2014-03-07 20:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-07 20:49 - 2014-03-07 20:50 - 87640360 _____ (AVAST Software) C:\Users\Windows7\Downloads\avast_free_antivirus_setup.exe
2014-03-07 19:02 - 2014-03-07 19:02 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 19:02 - 2014-03-07 19:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 19:02 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-07 19:01 - 2014-03-07 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Windows7\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-05 15:55 - 2014-03-05 15:55 - 00000000 ____D () C:\Users\Windows7\AppData\Local\iConvertor
2014-03-05 15:44 - 2014-03-05 15:44 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\systweak
2014-03-05 15:44 - 2012-01-20 15:14 - 00018816 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-03-05 15:43 - 2014-03-05 15:43 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\ContentExplorer
2014-03-03 17:35 - 2014-03-03 17:36 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 17:35 - 2014-03-03 17:36 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 17:35 - 2014-03-03 17:36 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 17:35 - 2014-03-03 17:35 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 17:30 - 2014-03-03 17:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-27 19:49 - 2014-02-27 19:51 - 00000000 ____D () C:\b762cb65fc9ef65bd7588685611ea492
2014-02-27 12:05 - 2014-02-27 12:05 - 00147112 _____ () C:\Users\Windows7\Desktop\Inherit_Fixation 112813.gp5
2014-02-27 12:05 - 2014-02-27 12:05 - 00000219 _____ () C:\Users\Windows7\Desktop\Left 4 Dead 2.url
2014-02-27 03:05 - 2014-02-27 03:05 - 00000000 ____D () C:\a39c3d9609bd0ec23ba4f3a2
2014-02-26 14:11 - 2014-02-26 14:13 - 00000000 ____D () C:\5ccba043a8bafa7e65cce5f179
2014-02-26 13:35 - 2014-02-26 13:36 - 00000000 ____D () C:\0375be4dd0189d1491c3c7cf
2014-02-25 13:42 - 2014-02-25 13:43 - 00289928 _____ () C:\Windows\Minidump\022514-45349-01.dmp
2014-02-20 21:40 - 2014-02-24 14:31 - 00019380 _____ () C:\Users\Windows7\Desktop\022014.gpx
2014-02-20 09:55 - 2014-02-20 09:56 - 00291304 _____ () C:\Windows\Minidump\022014-31215-01.dmp
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-18 15:57 - 2014-02-18 15:59 - 00001068 _____ () C:\Users\Windows7\Desktop\bass.mid
2014-02-16 23:10 - 2014-02-16 23:31 - 00016664 _____ () C:\Users\Windows7\Desktop\021614.gpx
 
==================== One Month Modified Files and Folders =======
 
2014-03-16 12:12 - 2014-03-16 12:12 - 00000000 ____D () C:\Users\Windows7\Desktop\FRST-OlderVersion
2014-03-16 12:12 - 2014-03-09 00:02 - 00022727 _____ () C:\Users\Windows7\Desktop\FRST.txt
2014-03-16 12:12 - 2014-03-09 00:02 - 00000000 ____D () C:\FRST
2014-03-16 12:12 - 2014-03-09 00:01 - 02157056 _____ (Farbar) C:\Users\Windows7\Desktop\FRST64.exe
2014-03-16 12:11 - 2014-03-16 12:11 - 02157056 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64 (1).exe
2014-03-16 12:06 - 2013-10-06 22:07 - 00000000 ____D () C:\Users\Public\Pro Tools
2014-03-16 12:05 - 2014-01-21 15:57 - 00028594 _____ () C:\Windows\mlkumidi.log
2014-03-16 11:54 - 2014-03-13 12:05 - 00002644 _____ () C:\Users\Windows7\Desktop\Rkill.txt
2014-03-16 11:52 - 2014-03-16 11:52 - 00000000 ____D () C:\Users\Windows7\Desktop\rkill
2014-03-16 11:49 - 2009-07-13 22:13 - 00779306 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-16 11:45 - 2014-03-16 11:44 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Windows7\Downloads\rkill.com
2014-03-16 11:45 - 2011-12-28 14:25 - 01063684 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 11:44 - 2011-12-28 16:02 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\uTorrent
2014-03-16 11:42 - 2011-12-28 15:58 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000UA.job
2014-03-16 11:38 - 2014-01-23 11:21 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-16 11:37 - 2009-07-13 21:45 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:37 - 2009-07-13 21:45 - 00013776 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 11:32 - 2012-02-11 11:28 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-16 11:31 - 2014-03-07 20:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-03-16 11:30 - 2014-01-23 11:21 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 11:30 - 2013-10-06 21:00 - 00000000 ____D () C:\ProgramData\PACE
2014-03-16 11:30 - 2011-12-28 15:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-16 11:30 - 2009-07-13 22:08 - 00032530 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-16 11:30 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 11:30 - 2009-07-13 21:51 - 00208142 _____ () C:\Windows\setupact.log
2014-03-15 19:30 - 2013-02-27 23:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-15 19:22 - 2014-03-15 19:22 - 00020246 _____ () C:\Users\Windows7\Desktop\dds.txt
2014-03-15 19:22 - 2014-03-15 19:22 - 00012312 _____ () C:\Users\Windows7\Desktop\attach.txt
2014-03-15 19:18 - 2014-03-15 19:18 - 00688992 ____R (Swearware) C:\Users\Windows7\Downloads\dds.scr
2014-03-15 19:05 - 2014-03-15 19:05 - 00000000 ____D () C:\Users\Windows7\AppData\Local\PaceAP
2014-03-15 18:36 - 2014-03-12 16:33 - 00000000 ____D () C:\Users\Windows7\Desktop\Sequostati
2014-03-15 17:59 - 2014-03-12 14:47 - 00000000 ____D () C:\Users\Windows7\Desktop\Symbiotic
2014-03-15 17:50 - 2014-03-15 17:49 - 00053305 _____ () C:\Users\Windows7\Downloads\FRST.txt
2014-03-15 17:46 - 2014-03-15 17:46 - 02157056 _____ (Farbar) C:\Users\Windows7\Downloads\FRST64.exe
2014-03-15 17:45 - 2011-12-28 16:00 - 00002382 _____ () C:\Users\Windows7\Desktop\Google Chrome.lnk
2014-03-15 17:34 - 2014-03-15 17:34 - 04110135 _____ () C:\Users\Windows7\Downloads\tdsskiller (1).zip
2014-03-15 17:34 - 2014-03-15 17:34 - 00208216 _____ (Kaspersky Lab, GERT) C:\Windows\system32\Drivers\57518854.sys
2014-03-13 12:04 - 2014-03-13 12:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Windows7\Downloads\iExplore.exe
2014-03-13 12:01 - 2014-03-13 12:01 - 04110135 _____ () C:\Users\Windows7\Downloads\tdsskiller.zip
2014-03-13 12:00 - 2014-03-13 12:00 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Windows7\Desktop\iexplorer.exe
2014-03-13 10:47 - 2009-07-13 21:45 - 00455776 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 10:46 - 2013-10-02 16:45 - 00000000 ____D () C:\Users\UpdatusUser.Windows7-PC
2014-03-13 01:01 - 2012-03-27 15:48 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-12 15:30 - 2013-02-27 23:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 15:30 - 2013-02-27 23:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 15:30 - 2013-02-27 23:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-09 00:18 - 2011-12-28 17:23 - 00736910 _____ () C:\Windows\PFRO.log
2014-03-09 00:03 - 2014-03-09 00:03 - 00036186 _____ () C:\Users\Windows7\Desktop\Addition.txt
2014-03-08 23:42 - 2014-03-08 18:38 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\LVMaintenance
2014-03-08 21:15 - 2014-03-08 21:15 - 00000000 ____D () C:\Users\Windows7\Documents\AVS4YOU
2014-03-08 21:14 - 2012-08-15 09:57 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\AVS4YOU
2014-03-07 23:42 - 2011-12-28 15:58 - 00000868 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000Core.job
2014-03-07 20:53 - 2014-03-07 20:53 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-03-07 20:53 - 2014-03-07 20:53 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\AVAST Software
2014-03-07 20:52 - 2014-03-07 20:53 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-03-07 20:52 - 2014-03-07 20:53 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-03-07 20:52 - 2014-03-07 20:53 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-03-07 20:52 - 2014-03-07 20:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-03-07 20:52 - 2014-03-07 20:52 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-07 20:50 - 2014-03-07 20:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-07 20:50 - 2014-03-07 20:49 - 87640360 _____ (AVAST Software) C:\Users\Windows7\Downloads\avast_free_antivirus_setup.exe
2014-03-07 19:02 - 2014-03-07 19:02 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-07 19:02 - 2014-03-07 19:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-07 19:01 - 2014-03-07 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Windows7\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-06 16:19 - 2012-05-21 11:16 - 00000000 ____D () C:\Users\Windows7\Desktop\School
2014-03-06 14:45 - 2011-12-28 16:08 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\vlc
2014-03-05 15:55 - 2014-03-05 15:55 - 00000000 ____D () C:\Users\Windows7\AppData\Local\iConvertor
2014-03-05 15:44 - 2014-03-05 15:44 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\systweak
2014-03-05 15:44 - 2012-08-16 13:21 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-03-05 15:44 - 2012-08-15 09:55 - 00000000 ____D () C:\Program Files (x86)\AVS4YOU
2014-03-05 15:44 - 2011-12-28 15:57 - 00116368 _____ () C:\Users\Windows7\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-05 15:43 - 2014-03-05 15:43 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\ContentExplorer
2014-03-04 16:30 - 2013-06-04 10:11 - 00000016 _____ () C:\Users\Windows7\AppData\Roaming\msregsvv.dll
2014-03-04 16:30 - 2013-06-04 10:11 - 00000016 _____ () C:\ProgramData\autobk.inc
2014-03-03 17:36 - 2014-03-03 17:35 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-03 17:36 - 2014-03-03 17:35 - 00000000 ____D () C:\Program Files\iTunes
2014-03-03 17:36 - 2014-03-03 17:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-03 17:36 - 2012-09-11 20:24 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-03 17:35 - 2014-03-03 17:35 - 00000000 ____D () C:\Program Files\iPod
2014-03-03 17:31 - 2012-06-15 12:05 - 00000000 ____D () C:\ProgramData\Apple
2014-03-03 17:30 - 2014-03-03 17:30 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-28 23:05 - 2014-03-12 23:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 23:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 23:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 23:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 23:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 23:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 23:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 23:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 23:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 23:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 23:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 23:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 23:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 23:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 23:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 23:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 23:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 23:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 23:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 23:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 23:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 23:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 23:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 23:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 23:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 23:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 23:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 23:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 23:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 23:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 23:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 23:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 23:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 23:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-12 23:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 23:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 23:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 23:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 23:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-27 19:51 - 2014-02-27 19:49 - 00000000 ____D () C:\b762cb65fc9ef65bd7588685611ea492
2014-02-27 16:13 - 2012-03-11 22:47 - 01079296 ___SH () C:\Users\Windows7\Desktop\Thumbs.db
2014-02-27 12:05 - 2014-02-27 12:05 - 00147112 _____ () C:\Users\Windows7\Desktop\Inherit_Fixation 112813.gp5
2014-02-27 12:05 - 2014-02-27 12:05 - 00000219 _____ () C:\Users\Windows7\Desktop\Left 4 Dead 2.url
2014-02-27 12:05 - 2013-11-29 01:47 - 00144806 _____ () C:\Users\Windows7\Desktop\Inherit_Fixation 112813.gpx
2014-02-27 03:05 - 2014-02-27 03:05 - 00000000 ____D () C:\a39c3d9609bd0ec23ba4f3a2
2014-02-26 14:13 - 2014-02-26 14:11 - 00000000 ____D () C:\5ccba043a8bafa7e65cce5f179
2014-02-26 13:36 - 2014-02-26 13:35 - 00000000 ____D () C:\0375be4dd0189d1491c3c7cf
2014-02-25 13:43 - 2014-02-25 13:42 - 00289928 _____ () C:\Windows\Minidump\022514-45349-01.dmp
2014-02-25 13:42 - 2011-12-28 14:45 - 614924873 _____ () C:\Windows\MEMORY.DMP
2014-02-25 13:42 - 2011-12-28 14:45 - 00000000 ____D () C:\Windows\Minidump
2014-02-24 14:31 - 2014-02-20 21:40 - 00019380 _____ () C:\Users\Windows7\Desktop\022014.gpx
2014-02-20 23:29 - 2013-10-06 20:16 - 00000000 ____D () C:\Users\Windows7\AppData\Roaming\Download Manager
2014-02-20 09:56 - 2014-02-20 09:55 - 00291304 _____ () C:\Windows\Minidump\022014-31215-01.dmp
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-02-19 10:39 - 2014-02-19 10:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\Google
2014-02-19 10:39 - 2014-01-23 11:22 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-02-19 10:39 - 2014-01-23 11:22 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-02-18 15:59 - 2014-02-18 15:57 - 00001068 _____ () C:\Users\Windows7\Desktop\bass.mid
2014-02-16 23:31 - 2014-02-16 23:10 - 00016664 _____ () C:\Users\Windows7\Desktop\021614.gpx
2014-02-15 10:03 - 2013-08-14 16:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-15 10:01 - 2012-01-01 16:36 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
Some content of TEMP:
====================
C:\Users\Windows7\AppData\Local\Temp\DeleteInstall.exe
C:\Users\Windows7\AppData\Local\Temp\installerdll157529.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll185453.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll399222.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll401047.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll411936.dll
C:\Users\Windows7\AppData\Local\Temp\JavaIC.dll
C:\Users\Windows7\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\L6GPInst.dll
C:\Users\Windows7\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Windows7\AppData\Local\Temp\msscct32.dll
C:\Users\Windows7\AppData\Local\Temp\mssinstaller.exe
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Windows7\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe
C:\Users\Windows7\AppData\Local\Temp\OriginLauncher399222.exe
C:\Users\Windows7\AppData\Local\Temp\ose00000.exe
C:\Users\Windows7\AppData\Local\Temp\rootsupd.exe
C:\Users\Windows7\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Windows7\AppData\Local\Temp\Setup.exe
C:\Users\Windows7\AppData\Local\Temp\SHSetup.exe
C:\Users\Windows7\AppData\Local\Temp\sonarinst.exe
C:\Users\Windows7\AppData\Local\Temp\switchsetup.exe
C:\Users\Windows7\AppData\Local\Temp\tbNCH_.dll
C:\Users\Windows7\AppData\Local\Temp\tbuTo0.dll
C:\Users\Windows7\AppData\Local\Temp\uninst.exe
C:\Users\Windows7\AppData\Local\Temp\uninst1.exe
C:\Users\Windows7\AppData\Local\Temp\utt8029.tmp.exe
C:\Users\Windows7\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Windows7\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Windows7\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Windows7\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Windows7\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Windows7\AppData\Local\Temp\winzipdusetup.exe
C:\Users\Windows7\AppData\Local\Temp\YontooSetup-Silent.exe
C:\Users\Windows7\AppData\Local\Temp\_is4F47.exe
C:\Users\Windows7\AppData\Local\Temp\_is6348.exe
C:\Users\Windows7\AppData\Local\Temp\{F19F7819-D9D0-4097-80D2-5B2E254E0B1C}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
C:\Users\Windows7\AppData\Local\Temp\~SpUnin~.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-12 15:48
 
==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Ther are two security systems running with  anti-virus components, Avast and Microsoft Security Essentials. That is not good and will cause issues for your system, one of those should be UNinstalled asap...

 

Next,

 

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save the zip file to your Desktop.

Double click zip file and extract to your  Desktop:

 

 

Zoekd.jpg

 

 

you will now have 3 versions of the tool on the Desktop:

 

 

%7Boption%7Dhttp://i121.photobucket.com/albums/o239/kevinf80/Zoek%20Scanner/Zoeke.jpg[/img]

 

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]

 

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:

 

 

Zoekb.jpg

 

 

Copy and paste the following script from the code box and paste into the field.

standardsearch;autoruns;autoclean;emptyclsid;emptyalltemp;installedprogs;

Select the "Run Script" tab. The following window will open:

 

 

 

Zoekc.jpg

 

 

 

Please be patient and do not use the PC when the scan is in progress.

 

When complete you maybe asked to re-boot your PC, if so please do

 

Zoekf.jpg

 

Post the produced logs in your next reply…..

 

Kevin

fixlist.txt

Link to post
Share on other sites

Here's the Fixlog from FRST

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Windows7 at 2014-03-16 13:54:04 Run:1
Running from C:\Users\Windows7\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\Run: [LVMaintenance] - C:\Users\Windows7\AppData\Roaming\LVMaintenance\LVMaintenance.exe [76560 2014-02-14] ()
C:\Users\Windows7\AppData\Roaming\LVMaintenance
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: G - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {19249079-faa5-11e1-a247-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {2ca60528-8526-11e3-b66d-001ec9567ba0} - G:\MotorolaDeviceManagerSetup.exe -a
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {7b757d2a-8014-11e1-a30b-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {dc476382-5853-11e2-a6e8-001ec9567ba0} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\...\MountPoints2: {f6033999-8d1b-11e2-88a0-001ec9567ba0} - F:\TL-Bootstrap.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:55092;https=127.0.0.1:55092
URLSearchHook: HKCU - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKCU - (No Name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801948
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S1 OMCI; \??\C:\Windows\SYSTEM32\DRIVERS\OMCI.SYS [X]
U3 swmidi; 
C:\Users\Windows7\AppData\Local\Temp\DeleteInstall.exe
C:\Users\Windows7\AppData\Local\Temp\installerdll157529.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll185453.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll399222.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll401047.dll
C:\Users\Windows7\AppData\Local\Temp\installerdll411936.dll
C:\Users\Windows7\AppData\Local\Temp\JavaIC.dll
C:\Users\Windows7\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Windows7\AppData\Local\Temp\L6GPInst.dll
C:\Users\Windows7\AppData\Local\Temp\LMkRstPt.exe
C:\Users\Windows7\AppData\Local\Temp\msscct32.dll
C:\Users\Windows7\AppData\Local\Temp\mssinstaller.exe
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Windows7\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe
C:\Users\Windows7\AppData\Local\Temp\OriginLauncher399222.exe
C:\Users\Windows7\AppData\Local\Temp\ose00000.exe
C:\Users\Windows7\AppData\Local\Temp\rootsupd.exe
C:\Users\Windows7\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Windows7\AppData\Local\Temp\Setup.exe
C:\Users\Windows7\AppData\Local\Temp\SHSetup.exe
C:\Users\Windows7\AppData\Local\Temp\sonarinst.exe
C:\Users\Windows7\AppData\Local\Temp\switchsetup.exe
C:\Users\Windows7\AppData\Local\Temp\tbNCH_.dll
C:\Users\Windows7\AppData\Local\Temp\tbuTo0.dll
C:\Users\Windows7\AppData\Local\Temp\uninst.exe
C:\Users\Windows7\AppData\Local\Temp\uninst1.exe
C:\Users\Windows7\AppData\Local\Temp\utt8029.tmp.exe
C:\Users\Windows7\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Windows7\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Windows7\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Windows7\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Windows7\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Windows7\AppData\Local\Temp\winzipdusetup.exe
C:\Users\Windows7\AppData\Local\Temp\YontooSetup-Silent.exe
C:\Users\Windows7\AppData\Local\Temp\_is4F47.exe
C:\Users\Windows7\AppData\Local\Temp\_is6348.exe
C:\Users\Windows7\AppData\Local\Temp\{F19F7819-D9D0-4097-80D2-5B2E254E0B1C}-24.0.1312.56_24.0.1312.52_chrome_updater.exe
C:\Users\Windows7\AppData\Local\Temp\~SpUnin~.exe
LK Maintenance (HKLM-x32\...\{4ACD145C-665E-40CC-89A0-A3213D761571}) (Version: 1.0 - LK Maintenance)
AlternateDataStreams: C:\ProgramData:A4A131BC88671A5C
AlternateDataStreams: C:\ProgramData:D92EE4B684C30166
AlternateDataStreams: C:\Users\All Users:A4A131BC88671A5C
AlternateDataStreams: C:\Users\All Users:D92EE4B684C30166
AlternateDataStreams: C:\ProgramData\Application Data:A4A131BC88671A5C
AlternateDataStreams: C:\ProgramData\Application Data:D92EE4B684C30166
AlternateDataStreams: C:\ProgramData\Microsoft:ELT1mv9k0TcbRSJyAC9YGG5
AlternateDataStreams: C:\ProgramData\Microsoft:iWCZzNzyrdSgU0IK3oi
AlternateDataStreams: C:\ProgramData\Microsoft:xTXQLXHkKCvYZiELz49iyS
AlternateDataStreams: C:\ProgramData\PACE:38A9F0E9ABF043CD
AlternateDataStreams: C:\Users\Windows7\Cookies:0272gDkcpiatKsWb46CneoZ
AlternateDataStreams: C:\Users\Windows7\Downloads\noname (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Windows7\Downloads\noname.eml:OECustomProperty
AlternateDataStreams: C:\Users\Windows7\AppData\Local\Temp:3cIw4MDwVRoJyshIq
AlternateDataStreams: C:\Users\Windows7\AppData\Local\Temporary Internet Files:cgJ1fPta82zZTu7TjY0BOfrWBI
AlternateDataStreams: C:\Users\Windows7\AppData\Local\Temporary Internet Files:KKvHtKMZqzN1v4UT4nD0WzIS
AlternateDataStreams: C:\Users\Windows7\AppData\Local\Temporary Internet Files:RFrr4W7AICVoqRjSBFQMbvNftWBTac
End
*****************
 
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\Software\Microsoft\Windows\CurrentVersion\Run\\LVMaintenance => Value deleted successfully.
C:\Users\Windows7\AppData\Roaming\LVMaintenance => Moved successfully.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-3617554679-211012756-3022158845-1000 => Key not found.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{19249079-faa5-11e1-a247-001ec9567ba0} => Key deleted successfully.
HKCR\CLSID\{19249079-faa5-11e1-a247-001ec9567ba0} => Key not found.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ca60528-8526-11e3-b66d-001ec9567ba0} => Key deleted successfully.
HKCR\CLSID\{2ca60528-8526-11e3-b66d-001ec9567ba0} => Key not found.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b757d2a-8014-11e1-a30b-001ec9567ba0} => Key deleted successfully.
HKCR\CLSID\{7b757d2a-8014-11e1-a30b-001ec9567ba0} => Key not found.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dc476382-5853-11e2-a6e8-001ec9567ba0} => Key deleted successfully.
HKCR\CLSID\{dc476382-5853-11e2-a6e8-001ec9567ba0} => Key not found.
HKU\S-1-5-21-3617554679-211012756-3022158845-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6033999-8d1b-11e2-88a0-001ec9567ba0} => Key deleted successfully.
HKCR\CLSID\{f6033999-8d1b-11e2-88a0-001ec9567ba0} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{78DFEACC-11D3-4AD4-8296-90C3DC806D6A} => Key deleted successfully.
HKCR\CLSID\{78DFEACC-11D3-4AD4-8296-90C3DC806D6A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
esgiguard => Service deleted successfully.
OMCI => Service deleted successfully.
swmidi => Service deleted successfully.
C:\Users\Windows7\AppData\Local\Temp\DeleteInstall.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\installerdll157529.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\installerdll185453.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\installerdll399222.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\installerdll401047.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\installerdll411936.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\JavaIC.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\L6GPInst.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\LMkRstPt.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\msscct32.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\mssinstaller.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\nvSCPAPISvr.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\nvStereoApiI64.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\OriginLauncher399222.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\rootsupd.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\Setup.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\SHSetup.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\sonarinst.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\switchsetup.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\tbNCH_.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\tbuTo0.dll => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\uninst.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\uninst1.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\utt8029.tmp.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\vcredist_x64.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\vcredist_x86.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\vlc-2.0.8-win32.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\vlc-2.1.2-win32.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\winzipdusetup.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\YontooSetup-Silent.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\_is4F47.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\_is6348.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\{F19F7819-D9D0-4097-80D2-5B2E254E0B1C}-24.0.1312.56_24.0.1312.52_chrome_updater.exe => Moved successfully.
C:\Users\Windows7\AppData\Local\Temp\~SpUnin~.exe => Moved successfully.
C:\ProgramData => ":A4A131BC88671A5C" ADS removed successfully.
C:\ProgramData => ":D92EE4B684C30166" ADS removed successfully.
"C:\Users\All Users" => ":A4A131BC88671A5C" ADS not found.
"C:\Users\All Users" => ":D92EE4B684C30166" ADS not found.
"C:\ProgramData\Application Data" => ":A4A131BC88671A5C" ADS not found.
"C:\ProgramData\Application Data" => ":D92EE4B684C30166" ADS not found.
C:\ProgramData\Microsoft => ":ELT1mv9k0TcbRSJyAC9YGG5" ADS removed successfully.
C:\ProgramData\Microsoft => ":iWCZzNzyrdSgU0IK3oi" ADS removed successfully.
C:\ProgramData\Microsoft => ":xTXQLXHkKCvYZiELz49iyS" ADS removed successfully.
C:\ProgramData\PACE => ":38A9F0E9ABF043CD" ADS removed successfully.
"C:\Users\Windows7\Cookies" => ":0272gDkcpiatKsWb46CneoZ" ADS not found.
C:\Users\Windows7\Downloads\noname (1).eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Windows7\Downloads\noname.eml => ":OECustomProperty" ADS removed successfully.
C:\Users\Windows7\AppData\Local\Temp => ":3cIw4MDwVRoJyshIq" ADS removed successfully.
"C:\Users\Windows7\AppData\Local\Temporary Internet Files" => ":cgJ1fPta82zZTu7TjY0BOfrWBI" ADS not found.
"C:\Users\Windows7\AppData\Local\Temporary Internet Files" => ":KKvHtKMZqzN1v4UT4nD0WzIS" ADS not found.
"C:\Users\Windows7\AppData\Local\Temporary Internet Files" => ":RFrr4W7AICVoqRjSBFQMbvNftWBTac" ADS not found.
 
==== End of Fixlog ====
Link to post
Share on other sites

And here's the log for Zoek

 

 
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Windows7 on Sun 03/16/2014 at 14:05:32.81.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows7\Desktop\zoek.com    [scan all users] [script inserted] 
 
===== Runcheck 14:08:49.74 =====
 
--- Create Environment Variables 14:08:51.29 
--- Create System Restore Point 14:09:36.84 
--- Checking Input 14:09:47.49 
--- AU AppData Check 14:09:51.94 
--- Remove From Windows Installer 14:09:56.54 
--- IE Startpage Check 14:11:11.51 
--- Program Files DB Check 14:11:34.42 
--- C:\Users\Default\AppData\Roaming DB Check 14:12:15.85 
--- C:\Users\Default User\AppData\Roaming DB Check 14:12:15.85 
--- C:\Users\UpdatusUser\AppData\Roaming DB Check 14:12:15.85 
--- C:\Users\UpdatusUser.Windows7-PC\AppData\Roaming DB Check 14:12:15.85 
--- C:\Users\Windows7\AppData\Roaming DB Check 14:12:15.85 
--- C:\Windows\SysNative\config\systemprofile\AppData\Roaming DB Check 14:12:15.85 
--- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 14:12:15.85 
--- C:\Windows\serviceprofiles\networkservice\AppData\Roaming DB Check 14:12:15.85 
--- C:\Windows\serviceprofiles\Localservice\AppData\Roaming DB Check 14:12:15.85 
--- C:\Users\Windows7 DB Check 14:14:33.21 
Link to post
Share on other sites

Sorry about that and the delay, just got back from work. Here is the full Zoek-results log

 

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Windows7 on Sun 03/16/2014 at 14:05:32.81.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Windows7\Desktop\zoek.com    [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
3/16/2014 2:09:45 PM Zoek.exe System Restore Point Created Succesfully.
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-3617554679-211012756-3022158845-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-3617554679-211012756-3022158845-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6D84FB6D-4DA5-42E7-9D4C-1D465325BA0B} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Installed Programs ======================
 
Adobe AIR  
Adobe Flash Player 12 Plugin  
Adobe Reader X (10.1.9)  
AmpliTube 3 version 3.11.1  
AmpliTube Metal  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
avast Free Antivirus  
Avid DX 64 Bit Driver  
Avid Effects  
Avid HD Driver (x64)  
Avid Pro Tools  
Avid Virtual Instruments  
AVS Audio Converter version 7  
AVS Update Manager 1.0  
AVS Video Editor 6.5  
AVS4YOU Software Navigator 1.4  
Battlefield 3T  
Battlelog Web Plugins  
BBE D82 Sonic Maximizer VST RTAS v2.0  
Bonjour  
Borderlands 2  
ContentExplorer  
Custom Shop version 1.3.0  
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition  
Dell Resource CD  
Drumtracker  
eReg  
ESN Sonar  
EZplayer pro  
EZXMetalHeads  
EZXMetalMachine  
FirstRowSportApp  
GeForce Experience NvStream Client Components  
Google Chrome  
Google Drive  
Google Update Helper  
Guitar Pro 6  
IK Multimedia Authorization Manager version 1.0.9  
Interlok driver setup x64  
iTunes  
Java 7 Update 51  
Java Auto Updater  
Java 6 Update 37  
Left 4 Dead 2  
Library of the Extreme  
Library of the Extreme II  
Line 6 Uninstaller  
LK Maintenance  
Logitech SetPoint 6.32  
Malwarebytes Anti-Malware version 1.75.0.1300  
Massey Plugins Demos [Remove only]  
McAfee Security Scan Plus  
MeldaProduction MFreeEffectsBundle64 6  
MeldaProduction MMultiBandConvolution64 6  
MelodyneEssential 1.8  
Microsoft .NET Framework 4 Client Profile  
Microsoft .NET Framework 4 Extended  
Microsoft Application Error Reporting  
Microsoft Office Access MUI (English) 2010  
Microsoft Office Access Setup Metadata MUI (English) 2010  
Microsoft Office Excel MUI (English) 2010  
Microsoft Office Groove MUI (English) 2010  
Microsoft Office InfoPath MUI (English) 2010  
Microsoft Office Office 64-bit Components 2010  
Microsoft Office OneNote MUI (English) 2010  
Microsoft Office Outlook MUI (English) 2010  
Microsoft Office PowerPoint MUI (English) 2010  
Microsoft Office Professional Plus 2010  
Microsoft Office Proof (English) 2010  
Microsoft Office Proof (French) 2010  
Microsoft Office Proof (Spanish) 2010  
Microsoft Office Proofing (English) 2010  
Microsoft Office Publisher MUI (English) 2010  
Microsoft Office Shared 64-bit MUI (English) 2010  
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010  
Microsoft Office Shared MUI (English) 2010  
Microsoft Office Shared Setup Metadata MUI (English) 2010  
Microsoft Office Word MUI (English) 2010  
Microsoft Security Client  
Microsoft Security Essentials  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2005 Redistributable (x64)  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106  
mkv2vob  
MusicLab RealGuitar  
MusicLab Virtual MIDI Driver  
Native Instruments Battery 3  
NVIDIA 3D Vision Controller Driver 326.01  
NVIDIA 3D Vision Driver 327.23  
NVIDIA Control Panel 327.23  
NVIDIA GeForce Experience 1.7  
NVIDIA Graphics Driver 327.23  
NVIDIA HD Audio Driver 1.3.26.4  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA PhysX  
NVIDIA PhysX System Software 9.13.0725  
NVIDIA ShadowPlay 9.3.16  
NVIDIA Stereoscopic 3D Driver  
NVIDIA Update 9.3.16  
NVIDIA Update Components  
NVIDIA Virtual Audio 1.2.9  
Origin  
PACE License Support Win64  
QuickTime 7  
Reason 4.0.1  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)  
Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)  
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)  
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)  
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)  
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)  
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)  
Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)  
SHIELD Streaming  
Steam  
StreamTorrent 1.0  
Superior Drummer 64-bit  
Superior Drummer Installer  
System Requirements Lab CYRI  
Timed Shutdown  
Toontrack solo  
Torpedo PI-FREE 2.0.14  
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)  
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)  
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)  
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)  
Update for Microsoft .NET Framework 4 Extended (KB2468871)  
Update for Microsoft .NET Framework 4 Extended (KB2533523)  
Update for Microsoft .NET Framework 4 Extended (KB2600217)  
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)  
Update for Microsoft Office 2010 (KB2494150)  
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition  
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition  
Ventrilo Client for Windows x64  
VLC media player 2.0.8  
Vst To Rtas Adapter V2.11  
Waves Complete V9r14  
Windows Mobile Device Updater Component  
WinRAR 4.11 (64-bit)  
Zune  
Zune Language Pack (CHS)  
Zune Language Pack (CHT)  
Zune Language Pack (CSY)  
Zune Language Pack (DAN)  
Zune Language Pack (DEU)  
Zune Language Pack (ELL)  
Zune Language Pack (ESP)  
Zune Language Pack (FIN)  
Zune Language Pack (FRA)  
Zune Language Pack (HUN)  
Zune Language Pack (IND)  
Zune Language Pack (ITA)  
Zune Language Pack (JPN)  
Zune Language Pack (KOR)  
Zune Language Pack (MSL)  
Zune Language Pack (NLD)  
Zune Language Pack (NOR)  
Zune Language Pack (PLK)  
Zune Language Pack (PTB)  
Zune Language Pack (PTG)  
Zune Language Pack (RUS)  
Zune Language Pack (SVE)  
 
==== Running Processes ======================
 
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\AVAST Software\Avast\Setup\Instup.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Windows7\AppData\Local\Google\Chrome\Application\chrome.exe
 
==== Deleting Services ======================
 
 
==== FireFox Fix ======================
 
ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\0
 
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20140316_0220_.backup
 
ProfilePath: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\[opt]rs0
 
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ---- 
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\FirstRowSportApp.com deleted
C:\PROGRA~2\NCH Software\Components\NCHToolbars deleted
C:\PROGRA~2\Conduit deleted
C:\Users\Windows7\AppData\Roaming\msregsvv.dll deleted
C:\Users\Windows7\AppData\Roaming\Babylon deleted
C:\Users\Windows7\AppData\Roaming\systweak deleted
C:\PROGRA~3\Ask deleted
C:\PROGRA~3\Tarma Installer deleted
C:\PROGRA~3\Babylon deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Windows7\AppData\Local\CRE deleted
C:\Users\Windows7\AppData\Local\Conduit deleted
C:\Windows\SysNative\roboot64.exe deleted
C:\Users\Windows7\Downloads\mfreeeffectsbundle64_6_00_setup (1).exe deleted
C:\Users\Windows7\Downloads\mfreeeffectsbundle64_6_00_setup (2).exe deleted
C:\Users\Windows7\Downloads\mfreeeffectsbundle64_6_00_setup.exe deleted
C:\Users\Windows7\AppData\LocalLow\Delta deleted
C:\Users\Windows7\AppData\LocalLow\Conduit deleted
C:\end deleted
C:\Windows\SysWow64\searchplugins deleted
C:\Windows\SysWow64\Extensions deleted
"C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\freehdsport@freehdsport.tv.xpi" deleted
 
==== System Specs ======================
 
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 6142 MB
CPU Info: Intel® Core2 Quad  CPU   Q9450  @ 2.66GHz
CPU Speed: 2709.8 MHz
Sound Card: Line 1/2 (Digidesign Mbox 2 Min | 
Display Adapters: NVIDIA GeForce GTX 560  | NVIDIA GeForce GTX 560  | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | 
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Bluetooth Device (Personal Area Network) | NVIDIA nForce Networking Controller
CD / DVD Drives: 2x (D: | E: | ) D: PLDS    DVD+-RW DH-16A6S | E: PBDS    CDRWDVD DH-48C2S
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  698.5GB
Hard Disks - Free: C:  365.1GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 07/15/08 | DELL   - 42302e31
Time Zone: Pacific Standard Time
Motherboard *: Dell Inc 0PP150
Country: United States 
Language: ENU 
 
==== System Specs (Software) ======================
 
Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Default Browser: Google Chrome 33.0.1750.154
Internet Explorer Version: 11.0.9600.16521 
Google Chrome version: 33.0.1750.154
Adobe Reader version: 10.1.9.22
Sun Java version: 1.7.0_51 (32-bit) 
Flash Player version: 12.0.0.77
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
2014-03-08 03:52:46 0245D0889C3443F5DC9194558583FE59 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Windows7\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-03-13 06:15:04 4F8CCD3E7D9F17A7C60FA0AE2466CACF 381440 ----a-w- C:\Windows\SysWOW64\wer.dll
2014-03-13 06:14:59 8B521873651E62EF5868DC7B339959DB 32768 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2014-03-13 06:14:58 BD5E6C894130E7BB7ECE9A0925383068 2168320 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2014-03-13 06:14:58 A045DAE4D242A9A50FF6902774C55BE0 524288 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 06:14:58 7EDA015D4E74177A1B187326EDB14670 51200 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 06:14:58 0FF358906F2333B26267BC0064DC02C4 1156096 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2014-03-13 06:14:57 70462E0A4E293FC80620AB945D8A59BB 17074688 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-03-13 06:14:56 B0CBC5A7D9278DCD5B230E1E50CCA5F6 61952 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2014-03-13 06:14:55 E23497E11866154A97BA9877656113FE 1964032 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 06:14:55 2CF6CF90BF7FE0E616C363343FFA686B 553472 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 06:14:55 1CEE521E90703BB8A01211C77747E727 43008 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 06:14:54 E84073A2F2D3A9448CA02F48B0360490 440832 ----a-w- C:\Windows\SysWOW64\ieui.dll
2014-03-13 06:14:54 4831AA1A6A112ACCEE240C9D5FA2108B 11266048 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2014-03-13 06:14:53 5C207FABA707CE496E1E0A304925D1E5 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 06:14:52 FC46FE32B043CA7251B1D707B91BA6A7 4244480 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2014-03-13 06:14:52 C8DBE0B5297FD85D7311E4791103517B 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 06:14:51 B61F47EB8CACBE09C8117E4FF7D9656D 164864 ----a-w- C:\Windows\SysWOW64\msrating.dll
2014-03-13 06:14:51 AAFEAB4FC9D70253F8C7E353E879E8A2 1820160 ----a-w- C:\Windows\SysWOW64\wininet.dll
2014-03-13 06:14:51 4605E0295C8E742B28FD63D255322795 703488 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 06:14:00 B0BE998802DEDEE1FD8F5E5F9F207A30 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2014-03-13 06:13:57 A054EA8FBE16D4D34F06D81A4F0088E2 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-13 06:15:06 04F82965C09CBDF646B487E145060301 228864 ----a-w- C:\Windows\Sysnative\wwansvc.dll
2014-03-13 06:15:04 1075AB2C077B415760C0E948856B5126 484864 ----a-w- C:\Windows\Sysnative\wer.dll
2014-03-13 06:15:01 E918C0DE5CF2AE6BEDBF387C09627D93 3156480 ----a-w- C:\Windows\Sysnative\win32k.sys
2014-03-13 06:14:59 76862AAF77C049EC20217FDC209F7F13 2765824 ----a-w- C:\Windows\Sysnative\iertutil.dll
2014-03-13 06:14:59 10B2786774CC43D835FE8303D1970874 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll
2014-03-13 06:14:56 F6BA9A0266DA93AFB8EA9BA12BF81367 33792 ----a-w- C:\Windows\Sysnative\iernonce.dll
2014-03-13 06:14:56 0A5996995F33967A46E3D5A3D9F1433D 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2014-03-13 06:14:55 BA0A21F761CE5001DF712C51BF11F953 1393664 ----a-w- C:\Windows\Sysnative\urlmon.dll
2014-03-13 06:14:55 8BA97E7747A53F80873431178889911A 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll
2014-03-13 06:14:54 E6ACA421DA3E50D7F0A31228F0C547B0 627200 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2014-03-13 06:14:53 D378AB3C9178424588B55AC7B652D7F9 218624 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2014-03-13 06:14:53 8EA01E83528503D312224FC63D40BC2B 66048 ----a-w- C:\Windows\Sysnative\iesetup.dll
2014-03-13 06:14:52 B3DFA392735A5FBE2896BAB67950123A 2041856 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2014-03-13 06:14:51 A0B690402E33DC9C78F22CB41F4FDC09 111616 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe
2014-03-13 06:14:51 4F131DB206096854505AFEDD2153FD83 53760 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2014-03-13 06:14:50 9C5ADB26632D46919ABB231CF7DE98B9 13051904 ----a-w- C:\Windows\Sysnative\ieframe.dll
2014-03-13 06:14:50 422106B7565350885D0930DFA5BA21A1 574976 ----a-w- C:\Windows\Sysnative\ieui.dll
2014-03-13 06:14:49 D3CAA61DE060BC74B4EFC638679DFE7A 139264 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2014-03-13 06:14:49 CF1C73DE1FADE3D3C44FCAF254F57DB2 5768704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2014-03-13 06:14:49 8D46ACDFA065C423BED405702F075B54 708608 ----a-w- C:\Windows\Sysnative\jscript9diag.dll
2014-03-13 06:14:48 DF79CE9B950C62677D232154E93A81C7 2334208 ----a-w- C:\Windows\Sysnative\wininet.dll
2014-03-13 06:14:48 48ED94DA88F65684B28FCD87C01288A7 817664 ----a-w- C:\Windows\Sysnative\ieapfltr.dll
2014-03-13 06:14:47 E97FFE2D37F01DD8B52BE81E1B91A7C0 940032 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2014-03-13 06:14:47 4E0709D9BB951AD1C22E4FF519B90839 23133696 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-03-13 06:14:47 262B8883ECFD0C7CB303B56F9D9F210E 195584 ----a-w- C:\Windows\Sysnative\msrating.dll
2014-03-13 06:14:00 2C619F6023E3F7A3ABF3475ED2223359 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2014-03-13 06:13:57 AFCA5C1ECEAF948FC815178BC077680E 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll
2014-03-08 03:53:00 28192A2A37F52EB97EBE14DEE0F2513B 334136 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-03-16 00:34:15 F146E2BA475893DD77B2370DC1211FC6 208216 ----a-w- C:\Windows\Sysnative\drivers\57518854.sys
2014-03-08 03:53:07 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-03-08 03:53:06 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-03-08 03:53:06 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-03-08 03:53:05 43599E630DFC30AD4E6A2B4B269EB1C0 1038072 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-03-08 03:53:04 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-03-08 03:53:04 0ACC3F49015E628590CA4372322EB46B 78648 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-03-08 03:53:03 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-03-08 02:02:06 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
====== C:\Windows\Tasks ======
2014-03-16 21:04:15 FF3A61F85A9F177557DFA602857CB920 3144 ----a-w- C:\Windows\Sysnative\Tasks\{28981A35-483C-42C4-964C-208D1EFDCD69}
2014-03-08 03:53:15 076380E64C222B46C917D5CEA4881521 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-04 00:35:27 -------- d-----w- C:\Program Files\iTunes
2014-03-04 00:35:27 -------- d-----w- C:\Program Files\iPod
======= C:\PROGRA~2 =====
2014-03-04 00:35:27 -------- d-----w- C:\PROGRA~2\iTunes
2014-03-04 00:30:01 -------- d-----w- C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\Windows7\AppData\Roaming ======
2014-03-16 02:05:11 -------- d-----w- C:\Users\Windows7\AppData\Local\PaceAP
2014-03-05 22:55:48 -------- d-----w- C:\Users\Windows7\AppData\Local\iConvertor
2014-03-05 22:43:00 -------- d-----w- C:\Users\Windows7\AppData\Roaming\ContentExplorer
2014-02-19 17:39:50 -------- d-----w- C:\Users\Default\AppData\Local\Google
2014-02-19 17:39:50 -------- d-----w- C:\Users\Default User\AppData\Local\Google
====== C:\Users\Windows7 ======
2014-03-16 19:11:13 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\Windows7\Downloads\FRST64 (1).exe
2014-03-16 18:44:59 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Windows7\Downloads\rkill.com
2014-03-16 00:46:19 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\Windows7\Downloads\FRST64.exe
2014-03-13 19:04:35 C038AC0153BFFE7F8778D404C0872317 1933048 ----a-w- C:\Users\Windows7\Downloads\iExplore.exe
2014-03-13 19:00:16 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Windows7\Desktop\iexplorer.exe
2014-03-09 07:01:50 6655936E40C43120145A11547734F01F 2157056 ----a-w- C:\Users\Windows7\Desktop\FRST64.exe
2014-03-08 03:53:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-03-08 03:49:01 99EC56CB45237A16F36AB97D40F4C73E 87640360 ----a-w- C:\Users\Windows7\Downloads\avast_free_antivirus_setup.exe
2014-03-08 02:01:04 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\Windows7\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-04 00:36:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-03-04 00:35:27 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-04 00:30:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
 
====== C: exe-files ==
2014-03-13 06:14:58 84BCBFB752B96543307E6602E669A95A 806104 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-03-13 06:14:56 3A3BEA53F039CE2E997A918E26E30B1D 808152 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-03-13 06:14:56 2A0FAE869BC99A460FEFD832F261DCC9 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-03-13 06:14:52 6254A3E46A65395BFFEB393938661738 482816 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2014-03-12 21:36:52 BE7A6841933DB297ACAC3BA1D2CD4A14 118448 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
2014-03-12 21:36:27 65410E56352BB5F26613DD4F616D6C8E 35984536 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
2014-03-12 21:36:26 B936F0F378B9A35489353E878154E899 1821192 ----a-w- C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Redist\vcredist_x86.exe
=== C: other files ==
2014-03-16 18:43:59 F5EF79DEE8BAB5C7AE6C0D084AA9E137 104 ----a-w- C:\Users\Windows7\AppData\Local\Temp\uttB348.tmp.bat
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-3617554679-211012756-3022158845-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"ContentExplorer"="C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
[HKEY_USERS\S-1-5-21-3617554679-211012756-3022158845-1006\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_USERS\S-1-5-21-3617554679-211012756-3022158845-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"RESTART_STICKY_NOTES"="C:\Windows\System32\StikyNot.exe"
"QuickScanner"="C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe"
"ContentExplorer"="C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent"
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"Nvtmru"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
 
==== Startup Folders ======================
 
2013-02-28 06:41:41 1931 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [03/12/2014 03:30 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/23/2014 11:21 AM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [01/23/2014 11:21 AM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000Core.job --a------ C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [12/28/2011 03:58 PM]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000UA.job --a------ C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe [12/28/2011 03:58 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000Core" [C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000UA" [C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions ======================
 
ExtDir: C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- GoPhotoIt - %ExtDir%\gophoto@gophoto.it.xpi
 
==== Firefox Plugins ======================
 
 
==== Deleted Firefox Extensions ======================
 
C:\Users\Windows7\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\gophoto@gophoto.it.xpi deleted
 
==== Chrome Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bejbohlohkkgompgecdcbbglkpjfjgdj - C:\Users\Windows7\AppData\Local\Temp\ccex.crx[12/13/2011 05:28 PM]
bmiabdepfhhiieiipmeecdmeljggmfee - No path found[]
bopakagnckmlgajfccecajhnimjiiedh - No path found[]
gclijllifhfpomppedeljakfegbcpojn - C:\Users\Windows7\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/07/2014 08:52 PM]
kkfggacklibaabdomphfdpcodjgihgon - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx[]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gclijllifhfpomppedeljakfegbcpojn - C:\Users\Windows7\AppData\Local\CRE\gclijllifhfpomppedeljakfegbcpojn.crx[]
 
Next BART - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\afjcmjlimnlfgakomlhhhbpooidhcfge
Audiotool - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkgoccjhfjgjedhkiefaclppgbmoobnk
YouTube - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
http //soundcloud.com/you/sets - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnlifnialbodhopmdagpppeegneabnah
Google Search - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Alex Bacey - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnknkgccldocdogpnhbaddbdhhjiindo
AdBlock - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom
avast Online Security - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki
http //sfbay.craigslist.org/ - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnhcodhbkmcnigfjgnlbbkplbimdpgn
Alarm Clock Radio - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\kipdhcpepbpjaoggihaloebfjfafagmi
Google Maps - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh
https //www.dropbox.com/home - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpnpalcochkcnfmmkpebfcjiajjcefbe
Google Wallet - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Windows7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== Chrome Fix ======================
 
C:\Users\Windows7\AppData\Local\Temp\ccex.crx deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\kkfggacklibaabdomphfdpcodjgihgon deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bejbohlohkkgompgecdcbbglkpjfjgdj deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\gclijllifhfpomppedeljakfegbcpojn deleted successfully
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Google Update] "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [QuickScanner] C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe
O4 - HKCU\..\Run: [ContentExplorer] "C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3617554679-211012756-3022158845-1006\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3617554679-211012756-3022158845-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
 
 
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: digiSPTIService64 - Avid Technology, Inc. - C:\Program Files\Avid\Pro Tools\digisptiservice64.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
==== Sysinternals Autoruns Log ======================
 
HKLM\System\CurrentControlSet\Services
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     11/21/2013 9:55 AM
   AdobeFlashPlayerUpdateSvc
     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     12.0.0.77
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     3/3/2014 2:44 PM
   Apple Mobile Device
     "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
     Provides the interface to Apple mobile devices.
     Apple Inc.
     17.327.4.24
     c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
     2/11/2014 6:26 AM
   avast! Antivirus
     "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
     Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
     AVAST Software
     9.0.2013.292
     c:\program files\avast software\avast\avastsvc.exe
     1/21/2014 10:13 AM
   Bonjour Service
     "C:\Program Files\Bonjour\mDNSResponder.exe"
     Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
     Apple Inc.
     3.0.0.10
     c:\program files\bonjour\mdnsresponder.exe
     8/30/2011 10:52 PM
   digiSPTIService64
     "C:\Program Files\Avid\Pro Tools\digisptiservice64.exe"
     Pro Tools CD Ripping Service using SPTI
     Avid Technology, Inc.
     11.0.2.626
     c:\program files\avid\pro tools\digisptiservice64.exe
     9/12/2013 12:11 AM
   gupdate
 
 
Link to post
Share on other sites

     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

     Google Inc.

     1.3.21.103

     c:\program files (x86)\google\update\googleupdate.exe

     2/15/2012 7:43 PM

   gupdatem

     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

     Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

     Google Inc.

     1.3.21.103

     c:\program files (x86)\google\update\googleupdate.exe

     2/15/2012 7:43 PM

   iPod Service

     "C:\Program Files\iPod\bin\iPodService.exe"

     iPod hardware management services

     Apple Inc.

     11.1.5.5

     c:\program files\ipod\bin\ipodservice.exe

     2/21/2014 4:20 AM

   LBTServ

     C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

     Logitech Bluetooth Service

     Logitech, Inc.

     5.33.14.0

     c:\program files\common files\logishrd\bluetooth\lbtserv.exe

     9/27/2011 11:57 AM

   MBAMScheduler

     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"

     Malwarebytes Anti-Malware scheduler

     Malwarebytes Corporation

     1.70.0.0

     c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe

     2/28/2013 1:38 PM

   MBAMService

     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"

     Malwarebytes Anti-Malware service

     Malwarebytes Corporation

     1.70.0.0

     c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe

     2/28/2013 1:38 PM

   McComponentHostService

     "C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe"

     McAfee Security Scan Component Host Service

     McAfee, Inc.

     3.8.141.0

     c:\program files\mcafee security scan\3.8.141\mcchsvc.exe

     1/15/2014 5:36 PM

   NvStreamSvc

     "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe"

     Service for SHIELD Streaming

     NVIDIA Corporation

     1.6.34.0

     c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe

     10/17/2013 5:59 PM

   nvsvc

     "C:\Windows\system32\nvvsvc.exe"

     Provides system and desktop level support to the NVIDIA display driver

     NVIDIA Corporation

     8.17.13.2723

     c:\windows\system32\nvvsvc.exe

     9/12/2013 12:01 AM

   nvUpdatusService

     "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"

     NVIDIA Settings Update Manager service, used to check new updates from NVIDIA server.

     NVIDIA Corporation

     9.3.16.0

     c:\program files (x86)\nvidia corporation\nvidia update core\daemonu.exe

     10/16/2013 9:25 PM

   PaceLicenseDServices

     "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation

     Services for PACE Licensing Technology

     PACE Anti-Piracy, Inc.

     2.2.1.324

     c:\program files (x86)\common files\pace\services\licenseservices\ldsvc.exe

     8/15/2013 4:11 AM

   PnkBstrA

     C:\Windows\system32\PnkBstrA.exe

     PunkBuster Service Component [v1036] http://www.evenbalance.com

     c:\windows\syswow64\pnkbstra.exe

     12/19/2011 1:53 PM

   Steam Client Service

     "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService

     Steam Client Service monitors and updates Steam content

     Valve Corporation

     2.13.4.49

     c:\program files (x86)\common files\steam\steamservice.exe

     2/25/2014 2:44 PM

   Stereo Service

     "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"

     Provides system support for NVIDIA Stereoscopic 3D driver

     NVIDIA Corporation

     7.17.13.2723

     c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe

     9/11/2013 11:03 PM

 

HKLM\System\CurrentControlSet\Services

   adp94xx

     \SystemRoot\system32\DRIVERS\adp94xx.sys

     Adaptec Windows SAS/SATA Storport Driver

     Adaptec, Inc.

     1.6.6.4

     c:\windows\system32\drivers\adp94xx.sys

     12/5/2008 4:54 PM

   adpahci

     \SystemRoot\system32\DRIVERS\adpahci.sys

     Adaptec Windows SATA Storport Driver

     Adaptec, Inc.

     1.6.6.1

     c:\windows\system32\drivers\adpahci.sys

     5/1/2007 10:30 AM

   adpu320

     \SystemRoot\system32\DRIVERS\adpu320.sys

     Adaptec StorPort Ultra320 SCSI Driver (X64)

     Adaptec, Inc.

     7.2.0.0

     c:\windows\system32\drivers\adpu320.sys

     2/27/2007 5:04 PM

   aliide

     \SystemRoot\system32\drivers\aliide.sys

     ALi mini IDE Driver

     Acer Laboratories Inc.

     1.2.0.0

     c:\windows\system32\drivers\aliide.sys

     7/13/2009 4:19 PM

   amdsata

     \SystemRoot\system32\drivers\amdsata.sys

     AHCI 1.2 Device Driver

     Advanced Micro Devices

     1.1.2.5

     c:\windows\system32\drivers\amdsata.sys

     3/18/2010 5:45 PM

   amdsbs

     \SystemRoot\system32\DRIVERS\amdsbs.sys

     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform

     AMD Technologies Inc.

     3.6.1540.127

     c:\windows\system32\drivers\amdsbs.sys

     3/20/2009 11:36 AM

   amdxata

     system32\drivers\amdxata.sys

     Storage Filter Driver

     Advanced Micro Devices

     1.1.2.5

     c:\windows\system32\drivers\amdxata.sys

     3/19/2010 9:18 AM

   arc

     \SystemRoot\system32\DRIVERS\arc.sys

     Adaptec RAID Storport Driver

     Adaptec, Inc.

     5.2.0.10384

     c:\windows\system32\drivers\arc.sys

     5/24/2007 2:27 PM

   arcsas

     \SystemRoot\system32\DRIVERS\arcsas.sys

     Adaptec SAS RAID WS03 Driver

     Adaptec, Inc.

     5.2.0.16119

     c:\windows\system32\drivers\arcsas.sys

     1/14/2009 12:27 PM

   aswMonFlt

     \??\C:\Windows\system32\drivers\aswMonFlt.sys

     avast! mini-filter driver (aswMonFlt)

     AVAST Software

     9.0.2013.292

     c:\windows\system32\drivers\aswmonflt.sys

     1/21/2014 10:11 AM

   aswRdr

     \??\C:\Windows\system32\drivers\aswRdr2.sys

     avast! WFP Redirect driver

     AVAST Software

     9.0.2006.149

     c:\windows\system32\drivers\aswrdr2.sys

     10/11/2013 4:11 AM

   aswRvrt

     aswRvrt

     9.0.2004.130

     c:\windows\system32\drivers\aswrvrt.sys

     10/4/2013 12:48 AM

   aswSnx

     \??\C:\Windows\system32\drivers\aswSnx.sys

     avast! virtualization driver (aswSnx)

     AVAST Software

     9.0.2013.292

     c:\windows\system32\drivers\aswsnx.sys

     1/21/2014 10:11 AM

   aswSP

     \??\C:\Windows\system32\drivers\aswSP.sys

     avast! Self Protection

     AVAST Software

     9.0.2013.292

     c:\windows\system32\drivers\aswsp.sys

     1/21/2014 10:17 AM

   aswStm

     \??\C:\Windows\system32\drivers\aswStm.sys

     avast! StreamFilter Callout Driver

     AVAST Software

     9.0.2013.292

     c:\windows\system32\drivers\aswstm.sys

     1/21/2014 10:18 AM

   aswVmm

     aswVmm

     avast! VM Monitor

     9.0.2010.245

     c:\windows\system32\drivers\aswvmm.sys

     12/9/2013 12:04 AM

   b06bdrv

     \SystemRoot\system32\DRIVERS\bxvbda.sys

     Broadcom NetXtreme II GigE VBD

     Broadcom Corporation

     4.8.2.0

     c:\windows\system32\drivers\bxvbda.sys

     2/13/2009 3:18 PM

   b57nd60a

     system32\DRIVERS\b57nd60a.sys

     Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.

     Broadcom Corporation

     10.100.4.0

     c:\windows\system32\drivers\b57nd60a.sys

     4/26/2009 4:14 AM

   BrFiltLo

     \SystemRoot\system32\DRIVERS\BrFiltLo.sys

     Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver

     Brother Industries, Ltd.

     1.10.0.2

     c:\windows\system32\drivers\brfiltlo.sys

     8/6/2006 6:51 PM

   BrFiltUp

     \SystemRoot\system32\DRIVERS\BrFiltUp.sys

     Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver

     Brother Industries, Ltd.

     1.4.0.1

     c:\windows\system32\drivers\brfiltup.sys

     8/6/2006 6:51 PM

   Brserid

     \SystemRoot\System32\Drivers\Brserid.sys

     Brotehr Serial I/F Driver (WDM)

     Brother Industries Ltd.

     1.0.1.6

     c:\windows\system32\drivers\brserid.sys

     8/6/2006 6:51 PM

   BrSerWdm

     \SystemRoot\System32\Drivers\BrSerWdm.sys

     Brother Serial driver (WDM version)

     Brother Industries Ltd.

     1.0.0.20

     c:\windows\system32\drivers\brserwdm.sys

     8/6/2006 6:51 PM

   BrUsbMdm

     \SystemRoot\System32\Drivers\BrUsbMdm.sys

     Brother USB MDM Driver 

     Brother Industries Ltd.

     1.0.0.12

     c:\windows\system32\drivers\brusbmdm.sys

     8/6/2006 6:51 PM

   BrUsbSer

     \SystemRoot\System32\Drivers\BrUsbSer.sys

     Brother USB Serial Driver

     Brother Industries Ltd.

     1.0.1.3

     c:\windows\system32\drivers\brusbser.sys

     8/9/2006 5:11 AM

   cmdide

     \SystemRoot\system32\drivers\cmdide.sys

     CMD PCI IDE Bus Driver

     CMD Technology, Inc.

     2.0.7.0

     c:\windows\system32\drivers\cmdide.sys

     7/13/2009 4:19 PM

   dalwdmservice

     system32\drivers\dalwdm.sys

     64-bit Abstraction Layer Driver

     Digidesign, A Division of Avid Technology, Inc.

     8.0.0.314

     c:\windows\system32\drivers\dalwdm.sys

     12/4/2008 12:12 AM

   DGUSBAP

     system32\DRIVERS\dgmbx2.sys

     Digidesign USB Audio Driver (WDM)

     Avid Technology, Inc.

     8.0.4.351

     c:\windows\system32\drivers\dgmbx2.sys

     6/22/2010 6:16 PM

   DigiNet

     system32\DRIVERS\diginet.sys

     Digidesign Ethernet Support

     Avid Technology, Inc.

     11.0.2.626

     c:\windows\system32\drivers\diginet.sys

     9/12/2013 12:10 AM

   ebdrv

     \SystemRoot\system32\DRIVERS\evbda.sys

     Broadcom NetXtreme II 10 GigE VBD

     Broadcom Corporation

     4.8.13.0

     c:\windows\system32\drivers\evbda.sys

     12/31/2008 9:29 AM

   elxstor

     \SystemRoot\system32\DRIVERS\elxstor.sys

     Storport Miniport Driver for LightPulse HBAs

     Emulex

     7.2.10.211

     c:\windows\system32\drivers\elxstor.sys

     2/3/2009 3:52 PM

   GEARAspiWDM

     system32\DRIVERS\GEARAspiWDM.sys

     CD DVD Filter

     GEAR Software Inc.

     2.2.3.0

     c:\windows\system32\drivers\gearaspiwdm.sys

     5/3/2012 12:56 PM

   hcw85cir

     \SystemRoot\system32\drivers\hcw85cir.sys

     Hauppauge WinTV 885 Consumer IR Driver for eHome

     Hauppauge Computer Works, Inc.

     1.31.27127.0

     c:\windows\system32\drivers\hcw85cir.sys

     5/11/2009 1:26 AM

   HpSAMD

     \SystemRoot\system32\drivers\HpSAMD.sys

     Smart Array SAS/SATA Controller Media Driver

     Hewlett-Packard Company

     6.12.6.64

     c:\windows\system32\drivers\hpsamd.sys

     4/20/2010 11:32 AM

   iaStorV

     \SystemRoot\system32\drivers\iaStorV.sys

     Intel Matrix Storage Manager driver - x64

     Intel Corporation

     8.6.2.1014

     c:\windows\system32\drivers\iastorv.sys

     6/10/2010 5:46 PM

   iirsp

     \SystemRoot\system32\DRIVERS\iirsp.sys

     Intel/ICP Raid Storport Driver

     Intel Corp./ICP vortex GmbH

     5.4.22.0

     c:\windows\system32\drivers\iirsp.sys

     12/13/2005 2:47 PM

   iLokDrvr

     system32\DRIVERS\iLokDrvr.sys

     iLok Kernel Driver File

     6.1.0.0

     c:\windows\system32\drivers\ilokdrvr.sys

     11/7/2012 12:00 PM

   LHidFilt

     system32\DRIVERS\LHidFilt.Sys

     Logitech HID Filter Driver.

     Logitech, Inc.

     5.33.10.0

     c:\windows\system32\drivers\lhidfilt.sys

     9/1/2011 11:23 PM

   LMouFilt

     system32\DRIVERS\LMouFilt.Sys

     Logitech Mouse Filter Driver.

     Logitech, Inc.

     5.33.10.0

     c:\windows\system32\drivers\lmoufilt.sys

     9/1/2011 11:23 PM

   LSI_FC

     \SystemRoot\system32\DRIVERS\lsi_fc.sys

     LSI Fusion-MPT FC Driver (StorPort)

     LSI Corporation

     1.28.3.52

     c:\windows\system32\drivers\lsi_fc.sys

     12/9/2008 3:46 PM

   LSI_SAS

     \SystemRoot\system32\DRIVERS\lsi_sas.sys

     LSI Fusion-MPT SAS Driver (StorPort)

     LSI Corporation

     1.28.3.52

     c:\windows\system32\drivers\lsi_sas.sys

     5/18/2009 5:20 PM

   LSI_SAS2

     \SystemRoot\system32\DRIVERS\lsi_sas2.sys

     LSI SAS Gen2 Driver (StorPort)

     LSI Corporation

     2.0.2.71

     c:\windows\system32\drivers\lsi_sas2.sys

     5/18/2009 5:31 PM

   LSI_SCSI

     \SystemRoot\system32\DRIVERS\lsi_scsi.sys

     LSI Fusion-MPT SCSI Driver (StorPort)

     LSI Corporation

     1.28.3.67

     c:\windows\system32\drivers\lsi_scsi.sys

     4/16/2009 3:13 PM

   MBAMProtector

     \??\C:\Windows\system32\drivers\mbam.sys

     Malwarebytes Anti-Malware

     Malwarebytes Corporation

     1.60.2.0

     c:\windows\system32\drivers\mbam.sys

     2/28/2013 1:33 PM

   MBX2DFU

     SYSTEM32\DRIVERS\dgmbx2fu.sys

     Mbox 2 Firmware Driver

     Avid Technology, Inc.

     8.0.4.351

     c:\windows\system32\drivers\dgmbx2fu.sys

     6/22/2010 6:16 PM

   MBX2MIDK

     system32\drivers\mbx2midk.sys

     64-bit Mbox 2 MIDI Driver

     Digidesign, A Division of Avid Technology, Inc.

     8.0.0.314

     c:\windows\system32\drivers\mbx2midk.sys

     12/4/2008 12:11 AM

   megasas

     \SystemRoot\system32\DRIVERS\megasas.sys

     MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64

     LSI Corporation

     4.5.1.64

     c:\windows\system32\drivers\megasas.sys

     5/18/2009 6:09 PM

   MegaSR

     \SystemRoot\system32\DRIVERS\MegaSR.sys

     LSI MegaRAID Software RAID Driver

     LSI Corporation, Inc.

     13.5.409.2009

     c:\windows\system32\drivers\megasr.sys

     5/18/2009 6:25 PM

   mlkumidi

     system32\drivers\mlkumidi.sys

     MusicLab Virtual MIDI Device

     MusicLab, Inc.

     2.0.1.0

     c:\windows\system32\drivers\mlkumidi.sys

     8/29/2012 3:50 AM

   nfrd960

     \SystemRoot\system32\DRIVERS\nfrd960.sys

     IBM ServeRAID Controller Driver

     IBM Corporation

     7.10.0.0

     c:\windows\system32\drivers\nfrd960.sys

     6/6/2006 2:11 PM

   NVENETFD

     system32\DRIVERS\nvm62x64.sys

     NVIDIA MCP Networking Function Driver.

     NVIDIA Corporation

     1.0.1.210

     c:\windows\system32\drivers\nvm62x64.sys

     10/17/2008 2:01 PM

   NVHDA

     system32\drivers\nvhda64v.sys

     NVIDIA HDMI Audio Driver

     NVIDIA Corporation

     1.3.26.4

     c:\windows\system32\drivers\nvhda64v.sys

     6/16/2013 5:38 AM

   nvlddmkm

     system32\DRIVERS\nvlddmkm.sys

     NVIDIA Windows Kernel Mode Driver, Version 327.23 

     NVIDIA Corporation

     9.18.13.2723

     c:\windows\system32\drivers\nvlddmkm.sys

     9/11/2013 10:16 PM

   nvraid

     system32\drivers\nvraid.sys

     NVIDIAr nForce RAID Driver

     NVIDIA Corporation

     10.6.0.18

     c:\windows\system32\drivers\nvraid.sys

     3/19/2010 1:59 PM

   nvstor

     system32\drivers\nvstor.sys

     NVIDIAr nForce Sata Performance Driver

     NVIDIA Corporation

     10.6.0.18

     c:\windows\system32\drivers\nvstor.sys

     3/19/2010 1:45 PM

   nvvad_WaveExtensible

     system32\drivers\nvvad64v.sys

     NVIDIA Virtual Audio Driver

     NVIDIA Corporation

     1.2.9.0

     c:\windows\system32\drivers\nvvad64v.sys

     9/27/2013 1:25 PM

   ql2300

     \SystemRoot\system32\DRIVERS\ql2300.sys

     QLogic Fibre Channel Stor Miniport Driver

     QLogic Corporation

     9.1.8.6

     c:\windows\system32\drivers\ql2300.sys

     1/22/2009 4:05 PM

   ql40xx

     \SystemRoot\system32\DRIVERS\ql40xx.sys

     QLogic iSCSI Storport Miniport Driver

     QLogic Corporation

     2.1.3.20

     c:\windows\system32\drivers\ql40xx.sys

     5/18/2009 6:18 PM

   secdrv

     secdrv

     Macrovision SECURITY Driver

     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.

     4.3.86.0

     c:\windows\system32\drivers\secdrv.sys

     9/13/2006 6:18 AM

   SiSRaid2

     \SystemRoot\system32\DRIVERS\SiSRaid2.sys

     SiS RAID Stor Miniport Driver

     Silicon Integrated Systems Corp.

     5.1.1039.2600

     c:\windows\system32\drivers\sisraid2.sys

     9/24/2008 11:28 AM

   SiSRaid4

     \SystemRoot\system32\DRIVERS\sisraid4.sys

     SiS AHCI Stor-Miniport Driver

     Silicon Integrated Systems

     5.1.1039.3600

     c:\windows\system32\drivers\sisraid4.sys

     10/1/2008 2:56 PM

   stexstor

     \SystemRoot\system32\DRIVERS\stexstor.sys

     Promise  SuperTrak EX Series Driver for Windows 

     Promise Technology

     5.0.1.1

     c:\windows\system32\drivers\stexstor.sys

     2/17/2009 4:03 PM

   Tpkd

     Tpkd

     64bit Tpkd Device Driver

     PACE Anti-Piracy, Inc.

     5.9.10.3513

     c:\windows\system32\drivers\tpkd.sys

     4/11/2013 2:04 PM

   USBAAPL64

     System32\Drivers\usbaapl64.sys

     Apple Mobile Device USB Driver

     Apple, Inc.

     1.64.0.0

     c:\windows\system32\drivers\usbaapl64.sys

     11/27/2012 4:38 PM

   viaide

     \SystemRoot\system32\drivers\viaide.sys

     VIA Generic PCI IDE Bus Driver

     VIA Technologies, Inc.

     6.0.6000.170

     c:\windows\system32\drivers\viaide.sys

     7/13/2009 4:19 PM

   vsmraid

     \SystemRoot\system32\DRIVERS\vsmraid.sys

     VIA RAID DRIVER FOR AMD-X86-64

     VIA Technologies Inc.,Ltd

     6.0.6000.6210

     c:\windows\system32\drivers\vsmraid.sys

     1/30/2009 6:18 PM

   WDC_SAM

     system32\DRIVERS\wdcsam64.sys

     Manages WD external storage products.

     Western Digital Technologies

     1.0.7.2

     c:\windows\system32\drivers\wdcsam64.sys

     4/16/2008 1:39 AM

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

   LBTWlgn

     c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

     Logitech Bluetooth Service

     Logitech, Inc.

     5.33.14.0

     c:\program files\common files\logishrd\bluetooth\lbtwlgn.dll

     9/27/2011 11:57 AM

 

HKCU\Control Panel\Desktop\Scrnsave.exe

   C:\Windows\system32\FLASHI~1.SCR

     C:\Windows\system32\FLASHI~1.SCR

     File not found: C:\Windows\system32\FLASHI~1.SCR

     

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

   Epson Inbox Language Monitor01

     EP0SLM01.DLL

     Epson Printer Driver

     SEIKO EPSON CORPORATION

     1.0.0.0

     c:\windows\system32\ep0slm01.dll

     7/13/2009 6:29 PM

   PCL hpz3lw71

     hpz3lw71.dll

     LanguageMonitor

     Hewlett-Packard Corporation

     0.3.7071.0

     c:\windows\system32\hpz3lw71.dll

     7/13/2009 6:28 PM

 

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries

   mdnsNSP

     C:\Program Files (x86)\Bonjour\mdnsNSP.dll

     Bonjour Namespace Provider

     Apple Inc.

     3.0.0.10

     c:\program files (x86)\bonjour\mdnsnsp.dll

     8/30/2011 10:44 PM

 

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64

   mdnsNSP

     C:\Program Files\Bonjour\mdnsNSP.dll

     Bonjour Namespace Provider

     Apple Inc.

     3.0.0.10

     c:\program files\bonjour\mdnsnsp.dll

     8/30/2011 10:53 PM

 

HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms

   rdpclip

     rdpclip

     File not found: rdpclip

     

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

   EvtMgr6

     C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

     Logitech SetPoint Event Manager (UNICODE)

     Logitech, Inc.

     6.32.7.0

     c:\program files\logitech\setpointp\setpoint.exe

     10/7/2011 2:12 AM

   Bluetooth Connection Assistant

     LBTWIZ.EXE -silent

     Logitech Blutooth Wizard Host Process

     Logitech, Inc.

     5.33.14.0

     C:\Program Files\Logitech\SetPointP\LBTWiz.exe

     9/27/2011 11:57 AM

   Nvtmru

     "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

     NVIDIA NvTmru Application

     NVIDIA Corporation

     9.3.16.0

     c:\program files (x86)\nvidia corporation\nvidia update core\nvtmru.exe

     10/16/2013 9:23 PM

   ShadowPlay

     C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

     NVIDIA Capture Server Proxy

     NVIDIA Corporation

     9.3.16.0

     c:\windows\system32\nvspcap64.dll

     10/16/2013 9:27 PM

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run

   Adobe ARM

     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

     Adobe Reader and Acrobat Manager

     Adobe Systems Incorporated

     1.701.3.3014

     c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe

     11/21/2013 9:56 AM

   APSDaemon

     "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

     Apple Push

     Apple Inc.

     2.3.4.27

     c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe

     2/5/2014 10:09 PM

   SunJavaUpdateSched

     "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

     Java Update Scheduler

     Oracle Corporation

     2.1.9.8

     c:\program files (x86)\common files\java\java update\jusched.exe

     7/2/2013 9:16 AM

   QuickTime Task

     "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

     QuickTime Task

     Apple Inc.

     7.7.5.0

     c:\program files (x86)\quicktime\qttask.exe

     1/13/2014 6:15 PM

   iTunesHelper

     "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

     iTunesHelper

     Apple Inc.

     11.1.5.5

     c:\program files (x86)\itunes\ituneshelper.exe

     2/21/2014 4:19 AM

   AvastUI.exe

     "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

     avast! Antivirus

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\avastui.exe

     1/21/2014 10:17 AM

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

   McAfee Security Scan Plus.lnk

     C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

     McAfee Security Scanner Scheduler

     McAfee, Inc.

     3.8.141.0

     c:\program files\mcafee security scan\3.8.141\ssscheduler.exe

     1/15/2014 5:37 PM

 

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components

   Internet Explorer

     C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

     File not found: C:\Windows\system32\ie4uinit.exe

     

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

   Google Update

     "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c

     Google Installer

     Google Inc.

     1.2.183.21

     c:\users\windows7\appdata\local\google\update\googleupdate.exe

     3/8/2010 11:10 PM

   Steam

     "C:\Program Files (x86)\Steam\Steam.exe" -silent

     Steam Client Bootstrapper

     Valve Corporation

     2.13.4.49

     c:\program files (x86)\steam\steam.exe

     2/25/2014 2:45 PM

   QuickScanner

     C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe

     File not found: C:\Program Files (x86)\Defender Pro Quick Scanner\quickscan.exe

     

   ContentExplorer

     "C:\Users\Windows7\AppData\Roaming\ContentExplorer\ContentExplorer.exe"

     ContentExplorer

     ContentExplorer

     1.0.0.0

     c:\users\windows7\appdata\roaming\contentexplorer\contentexplorer.exe

     3/3/2014 2:56 AM

 

Task Scheduler

   \Adobe Flash Player Updater

     "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe" 

     Adober Flashr Player Update Service 12.0 r0

     Adobe Systems Incorporated

     12.0.0.77

     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe

     3/3/2014 2:44 PM

   \avast! Emergency Update

     "C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe" 

     avast! Emergency Update

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\avastemupdate.exe

     1/21/2014 10:09 AM

   \GoogleUpdateTaskMachineCore

     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c

     Google Installer

     Google Inc.

     1.3.21.103

     c:\program files (x86)\google\update\googleupdate.exe

     2/15/2012 7:43 PM

   \GoogleUpdateTaskMachineUA

     "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

     Google Installer

     Google Inc.

     1.3.21.103

     c:\program files (x86)\google\update\googleupdate.exe

     2/15/2012 7:43 PM

   \GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000Core

     "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /c

     Google Installer

     Google Inc.

     1.2.183.21

     c:\users\windows7\appdata\local\google\update\googleupdate.exe

     3/8/2010 11:10 PM

   \GoogleUpdateTaskUserS-1-5-21-3617554679-211012756-3022158845-1000UA

     "C:\Users\Windows7\AppData\Local\Google\Update\GoogleUpdate.exe" /ua /installsource scheduler

     Google Installer

     Google Inc.

     1.2.183.21

     c:\users\windows7\appdata\local\google\update\googleupdate.exe

     3/8/2010 11:10 PM

   \Apple\AppleSoftwareUpdate

     "C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -task

     Apple Software Update

     Apple Inc.

     2.1.3.127

     c:\program files (x86)\apple software update\softwareupdate.exe

     6/1/2011 5:46 PM

   \Microsoft\Windows\NetTrace\GatherNetworkInfo

     "%windir%\system32\gatherNetworkInfo.vbs" 

     c:\windows\system32\gathernetworkinfo.vbs

     6/10/2009 1:36 PM

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

   MSS+ Identifier

     HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

     Quick Browser Identifier for MSS+ Tool

     McAfee, Inc.

     3.8.141.0

     c:\program files\mcafee security scan\3.8.141\mcafeemss_ie.dll

     1/15/2014 5:29 PM

   Java Plug-In SSV Helper

     HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

     Java Platform SE binary

     Oracle Corporation

     10.51.2.13

     c:\program files (x86)\java\jre7\bin\ssv.dll

     12/18/2013 10:00 PM

   Java Plug-In 2 SSV Helper

     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

     Java Platform SE binary

     Oracle Corporation

     10.51.2.13

     c:\program files (x86)\java\jre7\bin\jp2ssv.dll

     12/18/2013 10:01 PM

 

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

   MSS+ Identifier

     HKCR\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}

     Quick Browser Identifier for MSS+ Tool

     McAfee, Inc.

     3.8.141.0

     c:\program files\mcafee security scan\3.8.141\mcafeemss_ie.dll

     1/15/2014 5:29 PM

   Java Plug-In SSV Helper

     HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

     Java Platform SE binary

     Oracle Corporation

     10.51.2.13

     c:\program files (x86)\java\jre7\bin\ssv.dll

     12/18/2013 10:00 PM

   Java Plug-In 2 SSV Helper

     HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}

     Java Platform SE binary

     Oracle Corporation

     10.51.2.13

     c:\program files (x86)\java\jre7\bin\jp2ssv.dll

     12/18/2013 10:01 PM

 

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers

   avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashsha64.dll

     1/21/2014 10:18 AM

   GDContextMenu

     HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}

     Google Drive shell extension

     Google

     1.0.0.1

     c:\program files (x86)\google\drive\contextmenu64.dll

     12/6/2013 4:46 PM

   WinRAR

     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers

   avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashshell.dll

     1/21/2014 10:09 AM

   WinRAR32

     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext32.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

   00avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashsha64.dll

     1/21/2014 10:18 AM

   MBAMShlExt

     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

     Malwarebytes Anti-Malware

     Malwarebytes Corporation

     1.70.0.0

     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll

     2/28/2013 1:39 PM

 

HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers

   00avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashshell.dll

     1/21/2014 10:09 AM

 

HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers

   GDContextMenu

     HKCR\CLSID\{BB02B294-8425-42E5-983F-41A1FA970CD6}

     Google Drive shell extension

     Google

     1.0.0.1

     c:\program files (x86)\google\drive\contextmenu64.dll

     12/6/2013 4:46 PM

   WinRAR

     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Wow6432Node\Classes\Directory\ShellEx\ContextMenuHandlers

   WinRAR32

     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext32.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Classes\Directory\Shellex\DragDropHandlers

   WinRAR

     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers

   WinRAR32

     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext32.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers

   NvCplDesktopContext

     HKCR\CLSID\{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}

     NVIDIA Display Shell Extension

     NVIDIA Corporation

     1.2.0.1

     c:\windows\system32\nvshext.dll

     9/12/2013 12:01 AM

 

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers

   PDF Shell Extension

     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}

     PDF Shell Extension

     Adobe Systems, Inc.

     10.1.9.22

     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll

     12/18/2013 10:07 AM

 

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers

   avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashsha64.dll

     1/21/2014 10:18 AM

   MBAMShlExt

     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}

     Malwarebytes Anti-Malware

     Malwarebytes Corporation

     1.70.0.0

     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll

     2/28/2013 1:39 PM

   WinRAR

     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers

   avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashshell.dll

     1/21/2014 10:09 AM

   WinRAR32

     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext32.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers

   WinRAR

     HKCR\CLSID\{B41DB860-64E4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers

   WinRAR32

     HKCR\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}

     4.11.0.0

     c:\program files\winrar\rarext32.dll

     2/17/2012 7:55 AM

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers

   00avast

     HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}

     avast! Shell Extension

     AVAST Software

     9.0.2013.292

     c:\program files\avast software\avast\ashsha64.dll

     1/21/2014 10:18 AM

   GDriveBlacklistedOverlay

     HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}

     Google Drive shell extension

     Google

     1.14.6059.644

     c:\program files (x86)\google\drive\googledrivesync64.dll

     1/30/2014 4:03 PM

   GDriveSharedEditOverlay

     HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}

     Google Drive shell extension

     Google

     1.14.6059.644

     c:\program files (x86)\google\drive\googledrivesync64.dll

     1/30/2014 4:03 PM

   GDriveSharedViewOverlay

     HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}

     Google Drive shell extension

     Google

     1.14.6059.644

     c:\program files (x86)\google\drive\googledrivesync64.dll

     1/30/2014 4:03 PM

   GDriveSyncedOverlay

     HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}

     Google Drive shell extension

     Google

     1.14.6059.644

     c:\program files (x86)\google\drive\googledrivesync64.dll

     1/30/2014 4:03 PM

   GDriveSyncingOverlay

     HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}

     Google Drive shell extension

     Google

     1.14.6059.644

     c:\program files (x86)\google\drive\googledrivesync64.dll

     1/30/2014 4:03 PM

 

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32

   msacm.l3acm

     C:\Windows\System32\l3codeca.acm

     MPEG Layer-3 Audio Codec for MSACM

     Fraunhofer Institut Integrierte Schaltungen IIS

     1.9.0.401

     c:\windows\system32\l3codeca.acm

     7/13/2009 6:28 PM

 

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32

   msacm.l3acm

     C:\Windows\SysWOW64\l3codeca.acm

     MPEG Layer-3 Audio Codec for MSACM

     Fraunhofer Institut Integrierte Schaltungen IIS

     1.9.0.401

     c:\windows\syswow64\l3codeca.acm

     7/13/2009 6:06 PM

   vidc.cvid

     iccvid.dll

     Cinepakr Codec

     Radius Inc.

     1.10.0.13

     c:\windows\syswow64\iccvid.dll

     11/20/2010 4:59 AM

 

HKLM\Software\Classes\Filter

   NI Battery 3

     HKCR\CLSID\{206A5BE9-0EB2-482A-B9D0-218C7A97CF05}

     Battery 3

     Native Instruments GmbH

     3.0.4.1

     c:\program files (x86)\native instruments\battery 3\dxi\battery 3 dxi.dll

     1/10/2008 6:14 AM

   MusicLab RealGuitar2

     HKCR\CLSID\{642DFD69-CCDB-42EA-9A00-8A8662B48AB3}

     RealStrat DXi Adapter

     MusicLab, Inc.

     2.2.1.5555

     c:\program files (x86)\musiclab\realguitar 3\realguitar.dxi

     10/28/2008 6:33 AM

 

HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance

   DVBuffers Filter

     HKCR\CLSID\{06C373C1-D83C-43E6-8BDB-081C93AA323B}

     c:\program files\avid\pro tools\video engine\dvbuffers.ax

     9/11/2013 1:19 PM

 

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance

   AVSMediaGrabber

     HKCR\CLSID\{11596B22-4A32-422D-9195-3947F4FEC334}

     AVSMediaGrabber4 DirectShow Filter

     Online Media Technologies Ltd.

     1.0.0.43

     c:\program files (x86)\common files\avsmedia\activex\avsmediagrabber4.ax

     7/10/2008 9:27 AM

   AVS Video Out

     HKCR\CLSID\{483017C8-0FC1-4227-A074-0DA969A7E100}

     AVSVideoOutFilter DirectShow Filter

     Online Media Technologies Ltd

     1.0.0.248

     c:\program files (x86)\common files\avsmedia\activex\avsvideooutfilter3.ax

     2/2/2011 2:23 AM

   Digiclock

     HKCR\CLSID\{50DA10A3-2A07-4A7D-B65B-4139EB55830B}

     DigiDesign Reference Clock

     Avid Technology, Inc.

     10.3.8.378

     c:\program files (x86)\avid\pro tools\digirefclock.dll

     12/17/2013 9:41 PM

   SyncReader

     HKCR\CLSID\{5A287243-DFE8-4E97-A318-8C40100B7B81}

     Digi SyncReader

     Avid Technology, Inc.

     10.3.8.378

     c:\program files (x86)\avid\pro tools\digisyncreader.dll

     12/17/2013 9:41 PM

 

==== Empty IE Cache ======================

 

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\UpdatusUser.Windows7-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Windows7\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Windows7\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

 

==== Empty FireFox Cache ======================

 

No FireFox Cache found

 

==== Empty Chrome Cache ======================

 

C:\Users\Windows7\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

 

==== Empty All Flash Cache ======================

 

Flash Cache Emptied Successfully

 

==== Empty All Java Cache ======================

 

Java Cache cleared successfully

 

==== C:\zoek_backup content ======================

 

C:\zoek_backup (files=78 folders=49 163649359 bytes)

 

==== Empty Temp Folders ======================

 

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\UpdatusUser.Windows7-PC\AppData\Local\Temp emptied successfully

C:\Users\Windows7\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

 

==== After Reboot ======================

 

==== Empty Temp Folders ======================

 

C:\Windows\Temp successfully emptied

C:\Users\Windows7\AppData\Local\Temp successfully emptied

 

==== Empty Recycle Bin ======================

 

C:\$RECYCLE.BIN successfully emptied

 

==== EOF on Mon 03/17/2014 at  0:48:14.22 ======================

Link to post
Share on other sites

LK Maintenance still shows in the installed programs list, can you Uninstall it? If any problems with the uninstall try this tool:

 

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

 

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

 

Run the tool, the main GUI will populate with installed programs list,

 

Left click on Program name to highlight that entry.

 

Select Action from the Menu bar, then Uninstall from there follow the prompts.

 

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option...

 

Let me know if the uninstall completes, also if any remaining issues or concerns...

 

Kevin...

Link to post
Share on other sites

Ok we check the registry make sure that nuisance is gone....

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLook_x64.exe      <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:regfindLK Maintenance*LK Maintenance*
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 14:40 on 17/03/2014 by Windows7

Administrator - Elevation successful

 

========== regfind ==========

 

Searching for "LK Maintenance"

No data found.

 

Searching for "*LK Maintenance*"

No data found.

 

-= EOF =-

Link to post
Share on other sites

We need to remove FRST,  first it is very important to deal with its own Quarantine folder by using FRST itself..

 

OK, we continue:

 

Delete any fixlist.txt file previously used, continue:

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

 

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). That will confirm the removal action, delete if successful.

 

Next,

 

Delete FRST.exe from your Desktop or the folder it was saved to, navigate to and delete its folder C:\FRST

 

Also navigate to and delete C:\zoek_backup folder

 

Next,

 

Download "Delfix by Xplode" and save it to your desktop.

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 


    Activate UAC
    Remove disinfection tools
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed.....

 

Let me know if any remaining issues or concerns.....

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Kevin.....

 

fixlist.txt

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.